Another NASA Hacker Indicted 164
eldavojohn writes "Earlier this year, UK citizen & hacker of NASA Gary KcKinnon was extradited to the United States (also interviewed twice). Now, another hacker has been indicted for hacking more than 150 U.S. government computers. Victor Faur, 26, of Arad, Romania claims to have led a 'white hat team' to expose flaws in U.S. government computers. It seems everyone else has been busy hacking into government systems while I've been wasting my time playing Warcraft." From the article: "The breached computers were used to collect and process data from spacecraft. Because of the break-ins, systems had to be rebuilt and scientists and engineers had to manually communicate with spacecraft, resulting in $1.36 million in losses for NASA and nearly $100,000 in losses for the Energy Department and the Navy, prosecutors said. Several suspected NASA hackers have been dealing with law enforcement recently."
Re:$1.3? $100k?! (Score:3, Informative)
Hacker Crackdown (Score:5, Informative)
Re:Teh Interwebs (Score:5, Informative)
Indeed. The article is pretty thin on what was actually compromised and what "manually communicating with spacecraft" really meant. Rule number 1 with mission critical systems at NASA (I work for them, but not at the locations attacked) is that they are *completely* walled off from the outside.
Now, there are some mission associated systems that are accessible from the internet which are storing spacecraft data. Here's one that has datasets from the acceleration system on the International Space Station:
http://pims.grc.nasa.gov/html/ISSAccelerationArch
It's out there because that's the easiest way to get the data to researchers, many of whom are at universities around the world. I suppose if that server ended up hacked, it would hit the news as "Hacker brings down Space Station support system!". Sounds bad, but it's not like you can actually gain control of the spacecraft. I suspect the machines affected were used for this sort of purpose.
Re:Not very bright and certainl not "white hat" (Score:2, Informative)
Oh, teh inory!
Project Gutenberg (Score:5, Informative)
Re:Say it with me again folks... (Score:4, Informative)
I once attended an infosec meeting at a NASA center several years ago. The initial presentation was an analysis of an incident involving some Oganization's lab systems. It was well done and full of very handy technical information, lessons learned, and advice to other Orgs on how to avoid a simular incident. I looked around the room. Most eyes were well glazed over. Obviously the information was lost on an audience who should be taking notes. The next presentation came from our FBI representative. The rep. basically talked about the lab equipment that was confiscated... what was happening to the HDs during analysis... and the process of "getting the bad guys." The crowd lit up. Everyone was rather excited. They were going to get the bad guys. Few there seemed to realize that this was not "good news". Rather, it was a failure as the lab systems compromised represented lossess to already-tight budgets.
Things have changed since that time. Infosec is changing... at least at NASA. There are new attitudes, new requirements, new regulations. I've still got my own concerns and criticisms of the state of things. It's far from perfect, to say the least. But there is change. We'll see how well it holds.
Re:Manually communicate? (Score:3, Informative)
Re:When I was there... (Score:3, Informative)