Paul Martin, NASA’s inspector general has reported to Congress that NASA’s computer system has been successfully hacked 13 times within the last year. Martin reported that the more severe cases resulted in the hackers gaining “full functional control” of important systems. This is despite NASA’s attempt to improve cyber security by spending $58 million of its $1.5 billion budget on cyber security.

NASA’s security policies have come under heavy criticism within recent years and things haven’t got much better over the last two years as it has been revealed that they suffered 5,408 computer incidents in 2011 and 2012. This is undoubtedly a major concern for everyone associated with NASA as such incidents have resulted in malicious malware being installed or unauthorised access to their systems which could have had disastrous consequences.

Martin stated that “Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7m.”

One of the more concerning successful hacks that has taken place resulted in the hackers taking control of the systems at NASA’s Jet Propulsion Laboratory. NASA’s cyber security team managed to trace the IP addresses back to China. Another serious hack resulted in the hackers obtaining the credentials for 150 workers which could have resulted in critical data being stolen or deleted.

Martin commented on these events and declared “In FY 2011, NASA reported it was the victim of 47 APT attacks, 13 of which successfully compromised Agency computers. In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees – credentials that could have been used to gain unauthorised access to NASA systems. Our ongoing investigation of another such attack at JPL involving Chinese-based internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts.”

Despite NASA’s attempts to improve their cyber security by spending a vast amount of money and improving security loopholes that had been highlighted in security audits, the overall cyber security status isn’t at the level where it should be. Martin has identified that one of the more pressing security issues that needs to be addressed is the large amount of data that is kept on laptops unencrypted. Martin reported that only one percent of laptops/portable devices have been encrypted.

Martin stated “Until NASA fully implements an Agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft.”

There are still obvious major flaws with NASA’s current cyber security setup. With the vast amount of money that they have spent in an attempt to improve their cyber security, this demonstrates that they are striving to make improvements. However, they are badly lagging behind other government agencies at the moment and it will take time until their whole infrastructure becomes much more secure.

Linda Cureton, NASA’s Chief Information Officer stated “Since NASA’s infrastructure is worldwide; the agency is striving to achieve a risk-based balance between security, system operability, and user requirements. While demanding a culture of security awareness, NASA will continue to improve the defense of our IT security posture and build security into the System Development Life Cycle (SDLC) of our IT solutions and everyday work habits.”

A new series of attacks levelled at organisations in the public sector began last week, as reports of emails containing the malware program Bredolab came in.

Security expert Tony Millington said that although the use of Bredolab was not obviously significant in itself, the way in which the email campaign was run did raise some questions about the intentions of its instigators.

Mr Millington said that Bredolab was more usually distributed on a massive scale to as many email accounts as possible, relying on controlled botnets for the herculean campaign. However, in this instance, Bredolab has been sent to a select group of public sector organisations, suggesting that the criminals behind the attack are attempting to harvest data contained on specific systems.

Bredolab can be modified to use various forms of trickery to encourage the recipient of the email to run the attached executable. Once the process is begun, the malware is embedded on the user’s computer and it turns off the firewall, allowing the responsible parties access to the network and also giving them the chance to install many more malicious files as a result.

Mr Millington said that in this instance, Bredolab was being used to transfer data harvesting tools to the infected PCs and at the time of its appearance, these subsequent files were identifiable by only one or two of the major anti-virus vendors. As such, the potential for further infection and data theft was significant.

IT Security firms have been busy investigating the latest viral attacks via email and have established that the IP addresses from which the mail originates can be linked to several other spam campaigns which have been in operation in recent months. These IP addresses are believed to signify PCs connected in a large botnet, unbeknownst to their users.

According to Mr Millington, the emails sent in the latest batch are worded with innocuous subject lines, containing keywords such as ‘conference’ or ‘resume’ in order to dupe the recipient into activating the attached .zip file, which will usually have the same name.