It has been reported that NASA has been hit by a data breach. The hack took place in October this year, and NASA notified its employees with an internal memo just recently. NASA have said that an ‘unknown intruder gained access to one of its servers storing the personal data of current and former employees’. Social Security numbers have also been compromised. It is also reported that the hack was discovered on October 23rd, so NASA waited almost two months to notify employees. This isn’t the first hack that the US space agency has suffered as similar security breaches happened in 2011 and 2016.
Dr Guy Bunker, SVP of Products, Clearswift, comments on NASA data breach:
“The first thing to note here is that this occurred in the USA and impacted US employees, so the rules and regulations governing data breaches is different to that in the UK and Europe. In the USA and in some instances, there is an approach which is to leave the attackers alone when first discovered in order to better understand exactly what they have done to the network. In this way, specialist cyber forensic analysts can watch to see all the activity rather than just the obvious. This ensures that when they close off the vulnerability, they can also close off any other backdoors which might have been installed. It also means that more facts can be communicated. Of course, while this works well for the organisation the employees are at increased risk for a prolonged time. The sooner you know there is a potential problem, the sooner monitoring services can be set up to watch for fraudulent use of bank details etc. Within the USA, compromised Social Security Numbers in conjunction with other personal details (PII) puts the individual at high risk of identity theft.
Unfortunately for NASA this isn’t their first breach and questions will be asked as to why this has happened again, and what went wrong in the mitigation plans put in place after the previous two breaches. The increasingly sophisticated IT environment means that there are increased opportunities for vulnerabilities to be found by cyber attackers and so there needs to be increased vigilance on systems, their interconnectivity and data flows.”
(3)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2625