Cybercrooks broke into NASA's computer systems 13 times last year gaining "full functional control" of important systems in the worse cases, according to the testimony before the US Congress by the space agency's inspector general.
Paul Martin told a Congressional panel on information security at the space agency that NASA spent $58m of its $1.5bn annual IT budget on cyber security. The space agency has long been a prestige target for hackers of various skill levels and motivations, including profit-motivated malware distributors (cybercrooks) and intruders thought to be in the pay of foreign intelligence services.
Poorly implemented security policies mean that these attacks were often successful. In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems, Martin testified (PDF) before the US House Committee on Science, Space and Technology last Wednesday.
Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7m.
In the most serious of these incidents, hackers gained control of systems at NASA's Jet Propulsion Laboratory. The attack was traced back to IP addresses in China, Martin explained. Another of the most serious APT (advanced persistent threats) that hit NASA last year resulted in the extraction of user credentials from 150 space agency workers.