Thursday, March 1, 2012

"Chinese Hackers" - - - And Keep Reading

The headline is attention-getting. Which headlines are supposed to be. So was the article's lead paragraph:
"Chinese hackers took over NASA's Jet Propulsion Lab, Inspector General reveals" (March 1, 2012)

"Chinese hackers gained control over NASA's Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General...."
I've posted about 'cyberwar' and how important it is to keep the wrong people from getting at anything from my credit card number, to launch codes for nuclear missiles.

Simple? Not

The headline's accurate. So is the lead paragraph.

But there's more going on than "could have allowed...." I put a slightly longer excerpt from the article at the end of this post.1

The article links to a nine-page document:
It's not particularly turgid prose. Certainly not compared with some government documents I've slogged through: If you're interested in what's going on, I suggest you read it yourself.

The report has good news, and it's got bad news.

First, the bad news: NASA, and a whole lot of other government and private outfits, could do a lot better when it comes to keeping their data secure. This is hardly 'news.'

Now, the good news: The Office of Inspector General (OIG) and other agencies around the world have started tracking down and dealing with folks who aren't nice when it comes to other people's data.

Turns out, there are a lot of folks who haven't been nice. And they don't fall into one simple category of 'bad guys.'

Conclusions, Crazy and Otherwise

There's a summary of events and actions at the end of that NASA cybersecurity report.

I might be able to take data from that report; pour in assumptions, biases, and a generous helping of paranoia: and claim that a secret cabal (that's the best kind) of Romanians, Estonians, and Texans, are plotting to take over the world by hacking into the accounting systems of Minnesota companies.

That would be - crazy talk.

I could also claim that the report proves that China's leaders are plotting to take over America's computer networks.

That would be - not so much crazy talk, as arguing ahead of facts. 'Way ahead of facts.

I'm not at all comfortable at how many hack attacks on American - and other - computer networks 'just happen' to come from servers in China. I'd like to believe that China's current leadership has gotten past the 'good old days' of Mao's cultural revolution, and want to make China a better place for the folks who live there. I'd also like to believe that everybody could just get along.

But this is the real world: and national leaders don't always have the best interests of their citizens in mind; or a sensible view of what their citizens need. And that's another topic.

Very Cautious Optimism

I insist on seeing some good news in that Cybersecurity report.

Government agencies in America and elsewhere are apparently treating crimes which are committed primarily online as - crimes.

After what look like serious investigations - not just knee-jerk accusations and assumptions - action has been taken. Correctly, if that catastrophic drop in spam was the result of two rogue Internet Service Providers getting shut down.

China's leadership may have decided to join the rest of the world, where it comes to treating online crimes as 'real' crimes. Okay - that's on the strength of just one arrest: but that's a start.

Mr. Martin's Cybersecurity Summary, Summarized

Here's what I got, after parsing out Mr. Martin's "NASA Cybersecurity..."summary:
  • February 2012
    • JPL systems hacked
    • A Romanian national was indicted in the Central District of California
      • Following convictions in Romania for related criminal activity
    • Result: losses of over $500,000 to the Atmospheric Infrared Sounder (AIRS) Program
  • January 2012
    • Unauthorized accesses into numerous systems belonging
      • NASA
      • The Pentagon
      • The Romanian government
      • Commercial entities
    • Romanian authorities a 20-year-old Romanian national for this intrusion
    • Result: products from a variety of NASA scientific research efforts were inaccessible to the general public for a brief period of time
      • No long-term damage to the underlying programs was reported
  • November 2011
    • JPL IT Security reported suspicious network activity involving Chinese-based IP addresses
    • NASA review disclosed that the intruders had compromised the accounts of the most privileged JPL users
      • Giving the intruders access to most of JPL's networks
    • The Office of Inspector General (OIG) continues to investigate this matter
  • November 2011
    • Following an earlier international fraud scheme
      • That compromised more than 4 million computers worldwide
        • Including 135 NASA systems
      • Over $15,000,000 in assets from the operation have been seized
        • So far
    • Indictments announced
      • By the U.S. Attorney's Office for the Southern District of New York
      • Six Estonians
      • One Russian national
  • February 2011
    • Hacked
      • Two NASA systems
      • A Minnesota-based company's pay and accounting system
    • A Texas man pled guilty to wire fraud in Federal court in Minnesota in connection with the crime
    • Result: more than 3,000 registered users were denied access to oceanographic data supplied by NASA for several days. Direct remediation costs in this case exceeded $66,000
  • February 2011
    • Distribution of malware that caused NASA data to be compromised
    • A British citizen was sentenced in England to 18 months' imprisonment for his role
    • Result: about 2,000 NASA e-mail users were infected with this malware as part of a worldwide computer fraud scheme
  • December 2010
    • Following the hacking of seven NASA systems
      • Many containing export-restricted technical data
    • A Chinese national was detained
      • By Chinese authorities
      • For violations of Chinese Administrative Law
    • This detention
      • Followed
        • An OIG investigation
        • Lengthy international coordination efforts
    • Significance: "This case resulted in the first confirmed detention of a Chinese national for hacking activity targeting U.S. Government agencies. Seven NASA systems, many containing export-restricted technical data, were compromised by the Chinese national."
  • March 2009
    • Following unauthorized intrusions into NASA JPL systems
      • Two computer systems used to support
        • NASA's Deep Space Network
        • Several Goddard Space Flight Center systems
    • Italian authorities
      • Raided the home of an Italian national suspected of taking part in the intrusions
      • Suspect the individual of being a member of a hacker group responsible for an Internet fraud and hacking schemes
    • Result: Good question
      • NASA officials assured us that no critical space operations were ever at risk
  • Other incidents
    • (No date given)
      • 53 NASA systems were affected by the criminal activity sponsored by McColo Inc.
        • None of the systems were mission critical
      • Twenty-one NASA systems compromised as part of criminal activity hosted by rogue ISPs
      • OIG investigations followed
        • Rogue ISPs were identified by NASA OIG and other law enforcement agencies as a major source of
          • Child pornography
          • E-mail spam
          • Stolen credit cards
          • Malicious software
        • Result:
          • Shutdown of rogue Internet Service Providers (ISPs)
            • "McColo Inc."
            • "Triple Fiber Networks,"
          • The U.S. District Court in the Northern District of California ordered McColo Inc. to pay the Federal Government a $1.08 million civil judgment
          • Worldwide reduction in spam of approximately 50 percent shortly after the ISPs were taken offline
    • 2009
      • Following theft of
        • Cisco Systems, Inc., proprietary code
        • Numerous intrusions into NASA systems
          • Including Ames Research Center's Super Computing Center
      • A Swedish citizen indicted in 2009
      • Swedish and U.S. authorities agreed to have the subject tried in Sweden
      • The subject
        • Was found guilty
        • A "formal criminal history" was filed by Swedish authorities
      • Result: several instances when the Ames Research Center's Super Computing Center was temporarily shutdown to clean up after the intrusions
        • Losses to NASA were estimated at over $5,000,000
Relate posts:
In the news:

1Excerpt from the news:
"Chinese hackers took over NASA's Jet Propulsion Lab, Inspector General reveals" (March 1, 2012) "Chinese hackers gained control over NASA's Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General. "That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses. "Paul K. Martin, NASA's inspector general, put his conclusions bluntly. " 'The attackers had full functional control over these networks,' he wrote.... "...Beyond a wealth of exploration programs, such as the recent GRAIL mission to study the moon and the upcoming Mars Science Laboratory, JPL manages the Deep Space Network, a network of antenna complex. "Martin released written testimony about the attacks in the report 'NASA Cybersecurity: An Examination of the Agency;s Information Security,' presented to the House Science, Space and Technology Committee investigations panel on Wednesday. It details a host of security lapses and breaches of protocol at the space agency...."

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle Store


Note! Although I believe that these websites and blogs are useful resources for understanding the War on Terror, I do not necessarily agree with their opinions. 1 1 Given a recent misunderstanding of the phrase "useful resources," a clarification: I do not limit my reading to resources which support my views, or even to those which appear to be accurate. Reading opinions contrary to what I believed has been very useful at times: sometimes verifying my previous assumptions, sometimes encouraging me to change them.

Even resources which, in my opinion, are simply inaccurate are sometimes useful: these can give valuable insights into why some people or groups believe what they do.

In short, It is my opinion that some of the resources in this blogroll are neither accurate, nor unbiased. I do, however, believe that they are useful in understanding the War on Terror, the many versions of Islam, terrorism, and related topics.