It is shockingly easy to hack NASA

Despite being a bit dusty and disused at the moment, NASA remains one of the brightest symbols of American technological achievement, innovation and development. That said, one would think the space agency’s computer systems would be impenetrable to hackers and the such. Not so.

Congressional testimony from NASA Inspector General Paul K. Martin last week revealed that NASA’s security systems are sub-par, at best: 13 of 47 targeted attacks on the space agency over the past year were successful. In some of those cases, the hackers had “full functional control” over NASA systems and made off with loads of data and codes about some of our most sensitive programs that could be sold for millions on the black market.

The most alarming security breach, however, may not be in NASA’s systems, but among some of their more forgetful or irresponsible employees. As Popular Science points out, Martin told Congress that a total of 48 mobile devices have been lost or stolen between the Aprils of 2009 and 2011. And that some of those gadgets held the codes for the International Space Station.

From Martin’s testimony:

Between April 2009 and April 2011, NASA reported the loss or theft of 48 Agency mobile computing devices, some of which resulted in the unauthorized release of sensitive data including export-controlled, Personally Identifiable Information (PII), and third-party intellectual property. For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station. Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programs.

Moreover, NASA cannot consistently measure the amount of sensitive data exposed when employee notebooks are lost or stolen because the Agency relies on employees to self-report regarding the lost data rather than determining what was stored on the devices by reviewing backup files.

Martin also testified that only one percent of all NASA laptops are encrypted and recommended an entire system overhaul, which obviously is desperately needed.

But it’s not all bad for NASA. Martin noted that the NASA investigation led to the arrests of at least 14 people, including a Texan, two Romanians, a Chinese national and six Estonians. Estonian hackers trying to take down NASA? How very Cold War of them.

(Note on the image: That is the Sombrero Galaxy. It has a super massive black hole at its center, a hole that represents the holes in NASA’s $1.5 trillion IT system. Get it?!)