Story image

NASA got hacked (again)

20 Dec 2018

The US National Aeronautics and Space Administration (NASA) is one of 2018’s latest data breach casualties, according to media reports.

Website SpaceRef published a NASA internal company memo appearing to coming from Bob Gibbs, NASA’s assistant administrator in the Office of Chief Human Capital Officer.

The memo claims that criminals potentially gained access to NASA servers on October 23, 2018. The compromised servers stored personally identifiable information (PII) belonging to current and former NASA employees. That information included social security numbers and other data.

NASA Civil Service employees who were onboarded, separated from NASA, or transferred between locations from July 2006 to October 2018 may be affected.

The memo was sent to all NASA employees, regardless of whether they were affected by the breach. 

“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” the memo allegedly states.

NASA says that it took immediate action to secure servers and data as soon as it discovered the breach.

“NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents,” the memo states.

NASA’s leadership team stresses that it takes personal information protection and information security seriously.

“NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency,” the memo concludes.

While NASA has not yet released any public statements about the breach, the company is no stranger to being a target.

Back in 2016 hacking group AnonSec leaked almost 276GB of confidential NASA data. 

The group even went so far as trying to hack and crash a $222 million NASA drone into the Pacific Ocean. But before the group could crash the drone, NASA spotted the security anomaly and took manual control.

In 2013, an Italian hacker belonging to the ‘Master Italian Hackers Team’ gained access and ‘defaced’ a number of NASA Ames Research Center subdomains, as well as a slew of Italian government websites.  In October 2018, the 25-year-old hacker was sentenced. He was caught after allegedly boasting about the hacks online.

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”