Nasa hack exposes data on space agency's servers

Cyber security experts continue to analyse the scope of the data breach

Anthony Cuthbertson
Wednesday 19 December 2018 10:08 EST
Comments
NASA Logo and Atlantis Space Shuttle at Kennedy Space Center Visitor Complex in Cape Canaveral, Florida, USA
NASA Logo and Atlantis Space Shuttle at Kennedy Space Center Visitor Complex in Cape Canaveral, Florida, USA (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers have targeted computer servers at Nasa and exposed the personal details of current and former employees, the space agency has revealed.

Nasa informed employees of the hack in an internal memo, adding it is treating the incident as a “top priority”.

Cyber security specialists at Nasa began investigating the issue in October after suspecting one of its servers had been compromised, the agency said in the memo sent on Tuesday.

“Upon discovery of the incidents, Nasa cyber security personnel took immediate action to secure the servers and the data contained within,” Bob Gibbs, Nasa’s chief human capital officer, said in the message.

“Nasa and its federal cyber security partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. Nasa does not believe that any agency missions were jeopardised by the cyber incidents.”

Mr Gibbs said initial analysis suggests social security numbers and other personally identifiable information was compromised.

Nasa staff affected potentially include anyone employed under Nasa Civil Service between July 2006 and October 2018.

No mission critical data is believed to be exposed by the data breach and it is still unknown who was behind the hack.

“Once identified, Nasa will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” the agency stated.

“Nasa is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”

Security experts told The Independent the space agency needs to do more to protect its data, given its previous track record with data breaches.

“This is the third breach of Nasa since 2011. The first priority should be to limit harm and help the victims while also ensuring that the breach is remediated, but after that it’s time to go into the more painful mission phase and learn from the results,” said Sam Curry, chief security officer at Cybereason.

“Countermeasures are important, but we the public want to know that this government agency is learning from the past, we want the post mortem, we want the agency to get better because while PII and employee privacy are vital, there are many things at Nasa in the national security domain and are of vital importance to the nation. From a security perspective, we all hope that the third time is a charm and that there is no fourth.”

Nasa did not immediately respond to a request for comment.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in