News that doesn't receive the necessary attention.

Saturday, August 6, 2016

NASA so easy to hack, kids can do it. NASA was hacked 13 times in 2011 alone, was told in 2009 its computers needed encryption, but in Dec. 2012, still not encrypted. 48 NASA mobile devices without encryption lost or stolen from 4/09-4/11. In 2012 NASA chief said most computer attacks on NASA are 'by kids just trying to impress people'

March 2012 article-NASA computers hacked 13 times in 2011 alone:

3/2/2012, NASA says it was hacked 13 times last year,” Reuters

NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.”…


March 2012 article-NASA chief Bolden says he's "going to sign a directive" ordering NASA portable devices to use encryption. As of November 2012, still no encryption. "Bolden also said that most attacks are "by kids who are just trying to impress people.""

3/21/2012, "Hearing Notes: Charles Bolden Testifies on NASA's FY 2013 Budget,", Keith Cowing

"When (Rep.) Wolf mentioned the recent NASA IG report on computer security and the spate of incidents, Bolden said that he was going to sign a directive, and that all portable devices would use encryption. He said he should have known better and that it was his fault that this had not been implemented sooner. Bolden said that he had talked to his staff and that when compared to other agencies IT security that NASA was "woefully deficient". Bolden also said that most attacks are "by kids who are just trying to impress people." 

Bolden said that his IG had told him that it would be a simple matter for him to tell his staff to encrypt everything - but his staff is spread across NASA and each center has different requirements. When Rep. Wolf asked Bolden if he needed Congressional language to direct him Bolden said "OH, NO NO" and that he had enough direction already."...


November 2012: Still no encryption for NASA computers as promised in March 2012. Had been warned in 2009, did nothing. Between 4/2009 and 4/2011, 48 NASA devices--unencrypted-- were lost or stolen:

11/15/2012, NASA to encrypt data after its latest laptop loss,BBC

“US space agency NASA has ordered that the data on all its laptops must be encrypted, after losing another one of its portable computers. Until the process is complete, it has forbidden staff from removing Nasa-issued laptops containing sensitive information from its facilities.

The order follows the loss of a device containing “sensitive personally identifiable information”.  There have been several similar incidents over recent years.

NASA said the latest incident had occurred on 31 October, when a laptop and documents were stolen from a locked vehicle of one of its employees at Nasa headquarters in Washington DC. The machine was password protected, but the agency acknowledged that the information might still be accessible to hackers since it was not encrypted.
Encryption would have scrambled the data, requiring a complicated code to make it understandable again. As a result, Nasa has warned its workers to watch out for bogus messages.

“All employees should be aware of any phone calls, emails, and other communications from individuals claiming to be from Nasa or other official sources that ask for personal information or verification of it,” an agency-wide email published by news site Spaceref stated.

“Because of the amount of information that must be reviewed and validated electronically and manually, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted.”…

The Nasa Watch blog, which comments on affairs at the agency, had previously criticised it for a series of other data losses.

It noted that the organisation had been warned in 2009 that it was not taking enough steps to sufficiently protect information and had reported the loss or theft of 48 of its mobile computing devices between April 2009 and April 2011.

This is not the first time Nasa has promised action to address the problem.

In March, Nasa administrator Charles Bolden told the House Appropriations Committee Subcommittee on Commerce that he was going to sign a directive ordering all portable devices to use encryption, after
acknowledging the agency was “woefully deficient” when compared to other government departments.”


Additional Nov. 2012 article about “large” data breach via unencrypted laptop stolen from NASA hq parking lot: 

11/14/2012, NASA Suffers “Large” Data Breach Affecting Employees, Contractors, and Others,, R. Charette

 “Yesterday, NASA sent a message to all NASA employees informing them of a data breach involving an agency stolen laptop.

According to the NASA message posted at, “On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals.  

We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.”

The message goes on to state that NASA will be sending letters to affected individuals, once the agency figures out who they are,
which may take up to 60 days. Those individuals receiving letters will be offered a free credit and ID monitoring service….

NASA plans to have all of its laptops running whole disk encryption software by 21 December 2012….

Why it has taken so long for NASA to finally decide to fully encrypt its laptops remains a mystery, given its long-time poor record on IT security. As noted at NASA Watch, NASA has a history of laptops with personally identifiable information being stolen, one as recently as March."... 

[From, 3/21/2012: "NASA KSC internal Memo: NASA KSC Laptop Theft 

"On March 5, 2012, a NASA laptop computer containing sensitive Personally Identifiable Information (PII) was stolen from a NASA KSC employee. We have verified that personal information was contained in the files that were on this laptop at the time it was stolen."

NASA KSC Response to [March 2012] Employee Laptop Theft

"Originally, a limited number of employees and less sensitive personal data were thought to be on the stolen computer. But as part of the investigation and response to the theft, NASA IT, security and human resource personnel confirmed (through backed-up records of the stolen computer stored on protected agency servers) more precisely what information was contained on that laptop, and it was learned on March 14 that many more employees and more sensitive data, including social security numbers, were involved. NASA is sending "letters of notification," first in the email below, to provide faster notification, and then by paper letter by March 19, to affected employees.""] 

(continuing): "Maybe NASA decided to act this time because it involved a NASA Headquarters’ person who in all likelihood is very senior and should have known better than to possess a laptop with no data encryption.

(Image, NASA administrator Charles Bolden) 

Added: More about Charles Bolden: This is a March 30, 2014 opinion article about Bolden's overall administration of NASA (not including his insistence over several years that everything on NASA computers including employee social security numbers be available for the world to see as described above), "Opinion: What happened to Charlie Bolden?" by Collin Skocik. The author is a space fan shocked at Bolden's poor performance as NASA administrator especially considering his stellar resume. The author doesn't get into politics (Bolden is an Obama appointee), but says one can only conclude that Bolden's are "the actions of a man who was placed in charge of an organization for the task of dismantling it:" 

"Considering his Marine Corps background, his years as a test pilot, and his space flight experience, he cannot possibly be a stupid man. It’s also hard to believe anyone who has flown the space shuttle at a record 400-mile altitude can have no vision for the future of space flight. He obviously is a poor public speaker who easily stumbles into idiotic statements; he is not to be hated for that. However, his atrocious management of NASA is a hard to explain and a even harder to forgive.

So what happened to Charlie Bolden? Perhaps he is just a pilot, with a talent for flying spaceships, but no skill at running a large organization. Perhaps he’s overwhelmed by the task of running a sprawling space program with minimal funding. Or perhaps he’s just following orders; his consistently destructive recommendations to the President and Congress are not those of a man who wants the United States to excel, or even succeed, in space flight; they are the actions of a man who was placed in charge of an organization for the task of dismantling it–which is the one task at which he is excelling."

Within the March 2014 article, the author mentions Bolden's famous NASA Muslim outreach statement: 

"But in was on July 7, 2010 that Bolden made his most famous, most outrageous, and most widely lampooned statement from which even President Obama distanced himself: “When I became the NASA administrator–or before I became the NASA administrator—(President Obama) charged me with three things. One was he wanted me to help re-inspire children to want to get into science and math, he wanted me to expand our international relationships, and third, and perhaps foremost, he wanted me to find a way to reach out to the Muslim world and engage much more with dominantly Muslim nations to help them feel good about their historic contribution to science, math and engineering.”

Bolden’s bizarre speeches, strange statements, and inexplicable behavior continue. Since the end of the shuttle program, the United States has been dependent on the Russian Soyuz for transportation of American astronauts to the International Space Station. This week [March 2014] Bolden testified before Congress about the danger of Russia freezing American astronauts out of access to the ISS.

Bolden said that if Russia were to do that, the ISS should be shut down, and he said, “I would go to the president and recommend we terminate SLS and Orion.”

Although not as ridiculous as his comment about helping Muslims “feel good” about their contribution to science, Bolden’s statement about the ISS and SLS is even more insane, far more dangerous–and makes even less sense. SLS and Orion are designed for deep space exploration beyond LEO, where the ISS is a strictly LEO endeavor. It will be commercial crew vehicles such as SpaceX’s Dragon capsule that allow us to regain the ability to launch astronauts to the ISS. There is virtually no connection between the ISS and SLS. Why in the world would he want to shut down SLS and Orion if the ISS is closed down? The only conceivable answer is that he wants to shut down Orion and SLS anyway and is grasping for an excuse. Russia’s actions in the Ukraine have provided him with just such a reason."... 

Two among comments: 

"Robert Clark: Bolden is a very nice man and easy to like. So one does not like to criticize him. A management position is not his strength. Something like public relations would be. Bolden like all NASA administrators is a political appointee. Then he has to follow the line set down by the White House – even when it doesn’t make much sense. Bob Clark"

"Mohammed October 30, 2014 1:06 pm Agree fully with most here, in particular with Robert Clark’s post. Be VERY clear that ‘Muslim world outreach’ was an Obama defined mandate. Poor Charlie was thrown under the bus by the WH, yes, fair enough, after his poorly chosen comments during an interview he should have never given while in Qatar. All in all, Charlie’s greatest downfall seems to be, he is too nice, too trusting and sadly, a mismatch for political world."


Comment: Bolden's an Obama appointee but plenty of people could've spoken up about this. Bolden's criminal negligence on computer matters over several years was common knowledge. High profile people could've stood up but didn't. A Senator, a Congressman, or a Cabinet member (such as Hillary Clinton) could easily have said, "I'm resigning over this dangerous and life threatening behavior, this depraved indifference to humanity." On computers alone Bolden endangered lives of many individuals and their families. That's aside from cavalierly giving away all of America's intellectual property, telling the world it was there for anyone to take.


No comments:


Blog Archive

About Me

My photo
I'm the daughter of an Eagle Scout (fan of the Brooklyn Dodgers and Mets) and a Beauty Queen.