WASHINGTON -- NASA's charter dictates that it is an open agency dedicated to the free flow of information.
Nevertheless, the agency's "open door" policy isn't enough to satisfy the curiosity of computer hackers who consider NASA's mainframes a cyber-playground.
"NASA itself is quite attractive. If you can hack a NASA site you have extra prestige," said David Nelson, deputy chief of information technology security at NASA headquarters. "We're not sure why that's the case."
But that's what the hackers themselves say in crudely scrawled graffiti left on NASA websites. With the number of computer attacks on NASA increasing, the space agency has stepped up its security against such actions.
In separate cases last month, a 22-year-old Canadian man and an American teenager pleaded guilty to illegally entering the agency's systems with the intent to cause damage. The Canadian, who prosecutors say destroyed a NASA web page once, and tried to do it again six more times, was sentenced to six months in jail. The youth received three years probation and a $20,000 fine.
"What we're seeing is increasingly sophisticated attacks using better software and better coordination," Nelson said. He declined to give numbers, saying it might encourage even more attacks.
All the hacking makes it difficult for an agency that is predicated on openness. In that sense, "NASA has a conflict in that we need to communicate while at the same time we need to safeguard our systems. We can't close ourselves down completely," he said.
One of most hacked of NASA's 10 centers is the sprawling Goddard Space Flight Center in Greenbelt, Maryland, home to operations for the Hubble Space Telescope and dozens of science satellites.
Goddard receives more requests for information from scientists and academics than any other center. That means, by necessity, more pathways must be opened into Goddard's systems which hackers can -- and do -- exploit for their own purposes.
"Goddard is particularly important for science operations and they have a particular problem in keeping their systems accessible," Nelson said.
A report last spring by the General Accounting Office, the watchdog arm of Congress, found NASA woefully unprepared to fight off hackers.
Since then, the agency has instituted a sweeping program to train its 17,000 civil service employees in how to make their computers more secure. About half of NASA's employees, or some 8,000 people, have been trained so far. The goal is to get to 80 percent by the end of this year.
NASA takes any hacking attempt seriously, said Steve Nesbitt, head of the computer crime division at NASA's Office of Inspector General. The office works with the FBI and other law enforcement agencies to catch cyber-crooks.
"I've been doing this eight or nine years and I'd say the activity generally has increased," Nesbitt said. "The number of participants has increased because there are more individuals involved with computers today… and the use and sophistication of their tools are based on the internet's ability to share information.
"There's always plenty for us to do."
advertisement
