-Caveat Lector- NASA Computers Found Insecure By JOSEPH SCHUMAN .c The Associated Press WASHINGTON (AP) -- A government investigation into NASA's cyber security found it so vulnerable to attack that hackers could easily disrupt command and control operations, including the tracking of earth-orbiting spacecraft. The General Accounting Office said last week that its teams also penetrated systems that process and distribute the National Aeronautics and Space Administration's scientific data and broke into many of NASA's most vital networks. ``Having obtained access to these systems, we could have disrupted NASA's ongoing command and control operations and stolen, modified or destroyed system software and data,'' said the report from the GAO, the investigative arm of Congress. NASA officials said they agreed with many of the GAO's findings and were working to improve security, but the report possibly exaggerates the extent of the problem. Working with NASA personnel, the GAO arranged within the last year to have National Security Agency experts try to break into systems vital to NASA's mission. They targeted systems at one of NASA's 10 field centers. The teams ``initially penetrated these systems using easily guessed passwords'' that provided limited access, then used that access to find ways of breaking through to deeper, more damaging areas, the report said. ``Worse still, some accounts had no passwords at all,'' it said. Among the report's findings: One hundred and thirty-five of the 155 mission-critical systems reviewed did not meet NASA's own risk requirements. NASA's security guidance did not specify what information can be posted on the World Wide Web or how critical systems should be protected. NASA had conducted no agencywide review of its information technology security at its 10 field centers since 1991. NASA failed to provide required computer security training and did not centrally coordinate responses to security incidents. Moreover, NASA's systems are extensively interconnected through the Internet ``and can be an attractive target for individuals and organizations desiring to learn about or damage NASA's operations, including would-be hackers as well as industrial spies and foreign intelligence agents,'' the report said. Sen. Fred Thompson, R-Tenn., who requested the GAO investigation, called the results troubling and unacceptable. ``NASA spent more than $1 billion last year on information systems to support a wide range of critical missions, including the space shuttle, international space station and Mars Pathfinder,'' Thompson, chairman of the Committee on Governmental Affairs, said in a statement. ``Now we're learning that the security and integrity of many of these computing systems is vulnerable to attack.'' NASA official J.R. Dailey wrote to GAO officials that NASA agreed with many of the findings. But he said, ``Penetration testing of a limited number of systems at one center cannot be extrapolated to all of NASA's mission-critical systems at all of its centers.'' DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
