NASA fears Web server compromised

NASA's Johnson Space Center (JSC) last week shut down all accounts on its primary World Wide Web server after officials discovered the system's password directory may have been stolen.

The possible security breach was detected this month by the space center's security team. According to an Oct. 9 e-mail message posted on the Internet by Christopher Ortiz Internet group leader in the information systems directorate at JSC the password file that JSC officials believe was compromised was stored on the space center's primary Web server called Krakatoa. The server also houses JSC's home page.

Contacted by phone last week Ortiz declined to provide further details of a possible security breach. "As a precaution we are resetting the passwords " Ortiz said. "We are taking a pro-active approach."

NASA spokesman Kelly Humphries said the agency had no comment.Although Krakatoa will remain in operation NASA disabled all user accounts on the server Oct. 14. All users who wish to reinstate their log-in identification number and password will be required to report in person to do so and they will be briefed on computer security policy and password selection according to Ortiz's electronic message. All accounts that are not reinstated within 30 days will be removed from the system. These measures are being taken to "re-secure the server " according to Ortiz's e-mail.

Christopher Klaus - the founder and chief technology officer of Atlanta-based Internet Security Systems Inc. a company that specializes in analyzing Internet security for government agencies - including NASA - said password files are often a popular target of intruders because most users choose passwords that are easy to guess such as the name of a spouse or pet.

Although password files are often encrypted an intruder can use the system's encryption method to encrypt possible passwords such as a name of a spouse or pet looking for matches within the password file. Or intruders can use an exhaustive search encrypting all possible passwords based on the length of the password. Many times this method is effective with short passwords that contain only letters. In addition an intruder can use a program that would encrypt each word in a dictionary to check if it matches an encrypted password.

"If you've done a good job making sure every user has a difficult-to-guess password stealing that file is not a big deal " Klaus said.

"Most systems that we see have passwords that are easy to guess. Once a password file gets stolen it becomes pretty hard to block out the hacker. Once someone has compromised a network it's very difficult to trust that network again " he said.

That is because intruders often install in a compromised system "backdoors" that replace many of the operating system programs such as the log-in program. These backdoors allow an intruder to access at will any account on a compromised system with a special keyword Klaus said.

An intruder also could install a "sniffer" program that would allow him to monitor network traffic and access new passwords designed to restore security to an account.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.