14 DAY TRIAL // A document released by the NASA Office of Inspector General (OIG) shows that anyone with an eBay account and the money to buy a used computer hard drive can theoretically break into NASA servers, if they purchase used drives that the agency is selling.
Weakly-developed IT procedures at the American space agency allow large amounts of sensitive data to be leaked to the general public via incompletely-secured hard drives that are sold to whomever.
While others need informants and moles inside government departments to leak data, NASA can do bad all by itself, the new report shows, highlighting the main weaknesses in the current system.
On hard drives that the agency sold to the public, OIG inspectors discovered data that could be used to hack into sensitive servers at the agency. This state of affairs is caused by weak security measures.
The report also shows that the agency culture that has been developing at NASA is one that struggles continuously with property transfer, searching for the proper way to do this, Space reports.
“During our audit, we discovered significant weaknesses in the sanitization and disposal processes for IT equipment at four NASA Centers – Kennedy and Johnson Space Centers and Ames and Langley Research Centers,” OIG experts say in the document.
Some 10 PC containing sensitive data from the shuttle program were sold to private individuals, after security personnel at the space centers failed to properly sanitize the computers.
This was due in part to individual errors made by relevant personnel, and in part to the procedures set in place at the agency level for such activities. In all the sanitation step was skipped entirely in some instance, the inspectors reveal.
The space agency has a bleak track-record when it comes to information technology and equipment management. Reports from the US Government Accountability Office (GAO) show that NASA misplaced equipment worth $94 million in the decade between 1997 and 2007.
When the agency was cautioned to stop the losses, it failed to do so in six of these ten years. But GAO said at the time that the main issue with NASA was that property mismanagement and loss tended not to be punished.
This needs to change if the organization is to withstand the numerous hacking attacks it's being subjected to everyday. Among hackers, it has become a thing of pride to hack into NASA servers, but the agency is apparently doing its part in making this job easy.