The Latest / Data Security News

NASA Suffers Data Security Breach

February 18, 2016

A group of hackers were able to break into NASA’s network. The data security breach saw the hackers attempt to bring down a drone worth $222m. Other data, including flight videos and employee data was also compromised in the cyber attack.


The Hack

The hacking group, known as AnonSec, dumped over 250GB of data stolen from NASA. It included the names, email address and phone numbers of more than 2000 NASA employees, alongside flight logs and videos recorded by NASA aircrafts. Perhaps most alarmingly, AnonSec were able to alter the flight path of one of Global Hawk NASA drones before the ground crew were able to correct the flight path by accessing the drone through satellites.

Unbelievably, the Hacking group had been inside NASA and related systems since 2013 undetected – but after the flight drone incident, NASA became aware of the intrusion. Through some patches and password changes, the hackers were finally locked out the system.

It seems the hacking group’s motivation for the cyber attack was simply to prove that they could – the hacking equivalent of the question of why mountaineers climb Everest – “because it’s there” of course. Regarding altering the path of the hugely expensive drone, the group said:

“Several members were in disagreement on this because if it worked, we would be labelled terrorists for possibly crashing a $222.7m US drone… but we continued anyways.”

How did the hackers get inside NASA systems in the first place?

The group explained it managed to get into the system back in 2013 because of the previous knowledge of a hacker in the group. Administrator credentials in NASA computer systems had been left on default – so it took the group very little time to get a foothold in the system. From there, it was able to slowly increase its grip on the system over several months. More log-in credentials were discovered, internal systems mapped out, data stolen and then even the ability to alter NASA drone’s paths. AnonSec said:

“People might find this lack of security surprising but its [sic] pretty standard from our experience. Once you get past the main lines of defense, it’s pretty much smooth sailing propagating through a network as long as you can maintain access.”

Action needed

We hear about a successful attack into a government department or agency on an all too regular basis. NASA should be using systems that ensure only their authorized personnel are able to access their systems, even if they have prior knowledge of the network. Integrating strong Identity Management using biometrics would be one way in which this could be achieved. Let’s hope NASA have successfully tightened up its systems following the data security hack and no $222m drones are in danger anymore – the insurance premium on drones must be out of this solar system.