Nasa hack exposes data on space agency's servers

Cyber security experts continue to analyse the scope of the data breach

Anthony Cuthbertson
Wednesday 19 December 2018 15:08
Comments
NASA Logo and Atlantis Space Shuttle at Kennedy Space Center Visitor Complex in Cape Canaveral, Florida, USA
NASA Logo and Atlantis Space Shuttle at Kennedy Space Center Visitor Complex in Cape Canaveral, Florida, USA

Hackers have targeted computer servers at Nasa and exposed the personal details of current and former employees, the space agency has revealed.

Nasa informed employees of the hack in an internal memo, adding it is treating the incident as a “top priority”.

Cyber security specialists at Nasa began investigating the issue in October after suspecting one of its servers had been compromised, the agency said in the memo sent on Tuesday.

“Upon discovery of the incidents, Nasa cyber security personnel took immediate action to secure the servers and the data contained within,” Bob Gibbs, Nasa’s chief human capital officer, said in the message.

“Nasa and its federal cyber security partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. Nasa does not believe that any agency missions were jeopardised by the cyber incidents.”

Mr Gibbs said initial analysis suggests social security numbers and other personally identifiable information was compromised.

Nasa staff affected potentially include anyone employed under Nasa Civil Service between July 2006 and October 2018.

No mission critical data is believed to be exposed by the data breach and it is still unknown who was behind the hack.

“Once identified, Nasa will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” the agency stated.

“Nasa is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”

Security experts told The Independent the space agency needs to do more to protect its data, given its previous track record with data breaches.

“This is the third breach of Nasa since 2011. The first priority should be to limit harm and help the victims while also ensuring that the breach is remediated, but after that it’s time to go into the more painful mission phase and learn from the results,” said Sam Curry, chief security officer at Cybereason.

“Countermeasures are important, but we the public want to know that this government agency is learning from the past, we want the post mortem, we want the agency to get better because while PII and employee privacy are vital, there are many things at Nasa in the national security domain and are of vital importance to the nation. From a security perspective, we all hope that the third time is a charm and that there is no fourth.”

Nasa did not immediately respond to a request for comment.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in