Computer Crime Research Center

NASA investigating hacker theft of sensitive documents
(By DAN VERTON)

WASHINGTON -- NASA cybercrime investigators are looking into the theft of militarily significant design documents pertaining to the next generation of reusable space vehicles. The documents, which are restricted under current export laws from being shared with foreign nationals or governments and are also strictly controlled under the International Trafficking in Arms Regulations (ITAR), were obtained by Computerworld from a hacker who claims to be based in Latin America.

The documents were authored by contractors from The Boeing Co. and a joint venture between East Hartford, Conn.-based Pratt & Whitney and Sacramento, Calif.-based Aerojet. All of the vendors also labeled the documents "competition sensitive," and while it is not yet clear whether sensitive data on military and commercial technologies may have been compromised, defense and intelligence experts said the incident could have both national security and political ramifications.

Bob Jacobs, a spokesman for NASA, confirmed that the documents contain sensitive military information and should have been stored in a closed database. There is no information on how or from where the documents were stolen, and investigators couldn't confirm whether a hacking incident had taken place. However, a hacker known only by the nickname RaFa, a former member of the now defunct World of Hell Hacker gang, uploaded to a Web site more than 43MB worth of documents, including a 15-part PowerPoint presentation that included detailed engineering drawings. The documents also included detailed mechanical design information on the COBRA space shuttle engine design program, and the risk reduction plan for the Boeing TA4 Advanced Checkout, Control & Maintenance System (ACCMS). The ACCMS is essentially the ground control system for the next generation of space shuttles.

NASA's 2nd Generation Reusable Launch Vehicle (RLV) program is part of the agency's long-term Space Launch Initiative, a multibillion-dollar effort to design a new, safer and more efficient space transportation architecture by 2005. The Defense Department is a key partner in the effort because of its interest in the RLV program's applicability to military satellite programs and future military space plane designs.

After Computerworld broke the story of the NASA hacking on its Web site Thursday afternoon, RaFa told the publication that he didn't understand the sensitivity of the information he had, and he acknowledged that he has shared the documents with hackers in France.

RaFa also showed Computerworld evidence of a second hack into systems at NASA's White Sands Test Facility. He produced dozens of user accounts and claimed to have used an anonymous FTP vulnerability to conduct both hacks.

The incident may not be an isolated one. When asked how easy or difficult it is to crack into NASA systems, a hacker by the nickname Hackah Jak, a member of the defacement group known as Hackweiser, replied, "Who hasn't hacked NASA?"

"Anyone can put together a scanner and in a few minutes have access to a few government systems," the hacker said. "In fact, many hackers sit around and break into government systems just to secure them because they feel that the government is way too lazy."

Breaking into the systems allows hackers to show system administrators where vulnerabilities are, Hackah Jak said.

Regarding the stolen NASA documents, "These particular records would probably be of most interest to a country trying to build their own space launch vehicle," said Steven Aftergood, an analyst at the Federation of American Scientists in Washington. However, "I'm not sure that anyone else could use them either for good or ill."

On the other hand, "the ITAR provisions are quite strict, and they entail serious penalties for violations," said Aftergood. "If a private person transferred ITAR documents abroad, he could be subject to hefty fines or jail time."

Allen Thomson, a former CIA scientist, said this type of information would likely be of interest to so-called "peer competitors" in the commercial and military space market, such as Russia and Japan. However, the general concern is that the documents could contain information that would be of use in countering the capabilities of a military version of the RLV, said Thomson.

John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., said the disclosure of the documents on the Internet is "a very bad thing," mainly because it may represent only "the tip of the iceberg."

"Many limited distribution documents can be aggregated to indicate very sensitive information," said Pescatore. "Another problem is the ability for someone to modify one of these documents and put it back where they found it -- there are many more possibilities for damaging incidents under that scenario, too."

Walt Rice, a spokesman for Boeing, said the company doesn't have enough information on the incident to comment. However, it plans to offer any assistance to NASA investigators that is requested. Patrick Louden, a spokesman for Pratt & Whitney, said the company is deferring all comment on the incident to NASA.

Source: computerworld.com

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org