NASA cybersecurity report: ISS, Hubble, Shuttle vulnerable when hackers penetrated NASA network

Screen-shot-2011-04-02-at-9.48.jpg

The office of NASA’s Inspector General released a report this week titled “Inadequate Security Practices Expose Key NASA Network to Cyberattack,” which details pretty much what it says on the tin: the International Space Station, the Hubble telescope, the space shuttle, and other key assets were made vulnerable back in 2009 when hackers penetrated the NASA computer network that controls them.

The vulnerabilities have since been addressed, but NASA still lacks a recommended cybersecurity oversight progam to reduce future risks.

From a related story in the Huntsville Times:

Also in 2009, hackers stole 22 gigabytes of export-controlled data from the Jet Propulsion Laboratory and opened links between the NASA network and 3,000 foreign IP addresses.

NASA has closed the worst holes in its system, according to the audit released Monday, but other risks will remain until NASA establishes IT safeguards for the entire agency. NASA says it will do that by the end of the fiscal year Sept. 30. NASA said in a statement Tuesday that its chief information officer will work with NASA centers, including Huntsville’s Marshall Space Flight Center, to make sure computers are secure.

And more about the past intrusions, directly from the NASA Inspector General’s report:

Continue reading “NASA cybersecurity report: ISS, Hubble, Shuttle vulnerable when hackers penetrated NASA network”

Not so much cellphones as tracking devices: a surveilled day in the life of German politician Malte Spitz

Screen-shot-2011-03-28-at-1.02.jpg

Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet.”Interactive map here, article here, in Die Zeit (English). A related New York Times item is here.

Libya: Woman struggles to tell foreign journalists of kidnapping, rape by Qaddafi militia

A Libyan woman burst into the hotel housing the foreign press in Tripoli Saturday morning and fought off security forces as she told journalists that she had been raped and beaten by members of the Qaddafi militia. After nearly an hour, she was dragged away from the hotel screaming.” (New York Times)

Her name is Eman al-Obeidy. CNN’s Nic Robertson was present, and his tweeted account is screengrabbed here. “CNN camera was violently snatched, systematically smashed to pieces and video footage stolen,” he wrote. “Some journalists were beaten in blatant display of regime thuggery.”

“Journalists are demanding to see her. David Kirkpatrick of the New York Times and I went to officials in charge who claimed they don’t know who took her, or where she was taken.”

A related Reuters item is here. Above: A related Sky News clip. The UK Telegraph also has video coverage. (via @acarvin).

Days after global nuke experts declare Fukushima Serious Business, Japan raises disaster level to 5

RTR2K2TB.jpg

Japan’s nuclear safety agency (NISA) today raised the level of the crisis at the Fukushima nuclear plant from level 4 (local consequences) to level 5 (wider consequences, same level as Three Mile Island), on the 7-point scale* created by the International Atomic Energy Agency (IAEA).

NISA’s assessment was declared retroactive to Tuesday.

More on the story: New York Times, Kyodo News, NHK English (with video).

* Okay, 8 levels if you include the “zero” default.


PHOTO: The damaged Fukushima Daiichi Power Plant in Fukushima is seen in this DigitalGlobe satellite image, taken March 18, 2011. About 300 workers are racing against time to restore power and cooling systems to the six reactors at Fukushima Daiichi and try to avert the biggest nuclear catastrophe since Chernobyl in 1986. Japan has entered its second week after a 9.0-magnitude earthquake and 10-metre (33-foot) tsunami flattened coastal cities and killed thousands of people.

Saudi Arabia sends counterrevolutionary goons to Bahrain

Saudi Arabia will split its security forces, lately much occupied with suppressing protest at home, and will send them to Bahrain to help put down the popular uprising there.

Witnesses said security forces surrounded the protesters’ tent compound, shooting tear gas and rubber bullets at the activists in the largest effort to clear the square since a crackdown last month that left four dead after live ammunition was fired.

Activists tried to stand their ground yesterday and chanted “Peaceful, peaceful” as the crowd swelled into thousands, with protesters streaming to the square to reinforce the activists’ lines, forcing the police to pull back by the early afternoon.

At Bahrain University, Shia demonstrators and government supporters held competing protests that descended into violence when plainclothes pro-government backers and security forces forced students blocking the campus main gate to seek refuge in classrooms and lecture halls, the Associated Press reported.

Saudi Arabian forces prepare to enter Bahrain after day of clashes

Self-pwning cars: the future of automotive rooting

Security researches at UCSD and UWash have been looking at advanced ways of making mischief with computerized automotive systems, from messing with Bluetooth to inserting malware into the diagnostic tools. The most baroque and interesting attack they’ve demonstrated, though, uses a malformed MP3 that exploits a bug in the sound system (I’m assuming some sort of buffer overflow). Once they’re in, the researchers have been able to control the car’s locks, speedometer, brakes and engine.

They found lots of ways to break in. In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. “The easiest way remains what we did in our first paper: Plug into the car and do it,” he said.

But the research shows how completely new types of automotive attacks could be on the horizon. For example, thieves could instruct cars to unlock their doors and report their GPS coordinates and Vehicle Identification Numbers to a central server. “An enterprising thief might stop stealing cars himself, and instead sell his capabilities as a service to other thieves,” Savage said. A thief looking for certain kinds of cars in a given area could ask to have them identified and unlocked, he said.

With hacking, music can take control of your car (via MeFi)

(Image: Even technology needs it, a Creative Commons Attribution Share-Alike (2.0) image from pnglife’s photostream)