Published March 01, 2012
Chinese hackers gained control over NASA’s Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General.
That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.
Paul K. Martin, NASA's inspector general, put his conclusions bluntly.
"The attackers had full functional control over these networks," he wrote.
JPL is a jewel in NASA's space technology crown.
Beyond a wealth of exploration programs, such as the recent GRAIL mission to study the moon and the upcoming Mars Science Laboratory, JPL manages the Deep Space Network, a network of antenna complexes on several continents that monitors both outer space and planet Earth.
Martin released written testimony about the attacks in the report "NASA Cybersecurity: An Examination of the Agency’s Information Security," presented to the House Science, Space and Technology Committee investigations panel on Wednesday. It details a host of security lapses and breaches of protocol at the space agency.
"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems," his report states. "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit."
Other incidents "may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” he noted.
NASA offered a statement to FoxNews.com saying that there was never a threat to the International Space Station, but did not specifically address whether there was a threat to the Jet Propulsion Laboratory.
"NASA has made significant progress to better protect the agency's IT systems and is in the process of implementing the recommendations made by the NASA Inspector General in this area," Michael Cabbage, NASA spokesman said.
The office of the Inspector General declined to offer further details, telling FoxNews.com it could not comment on the ongoing investigation. A spokesman for the Jet Propulsion Laboratory did not respond to requests for more details about the incident.
It's not known how the number and scope of computer security breaches at NASA compare to other federal agencies because NASA's Office of the Inspector General is the only OIG that regularly conducts international network intrusion cases, Discovery News reported Thursday.
In another successful attack against a NASA agency detailed in the OIG report, intruders stole a laptop computer that contained algorithms used to command and control the International Space Station (ISS), detailed by Discovery News.
"Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million," Martin wrote.
NASA said it is aware of the problem and taking steps to improve its computer security programs.
"The NASA IT Security program is transforming and maturing," the agency's chief information officer Linda Cureton said in her written testimony to the same panel.
"NASA is increasing visibility and responsiveness through enhanced information security monitoring of NASA's systems across the agency," she said.