Feeds

Top NASA scientist busted for leaking satellite intel

Key networks not secured

Internet Security Threat Report 2014

A former NASA scientist who helped discover evidence of water on the moon has been arrested on charges he tried to sell Israel classified information about US military satellite systems.

Stewart Nozette, 52, of Maryland, was arrested in a sting in which an FBI agent posed as an Israeli intelligence officer. According to federal prosecutors, he demanded money and a new Israeli passport in exchange for the sensitive information, which he obtained while working with a high security clearance for the US space agency.

The charges came Monday, just a few days after a government watchdog agency warned congress that NASA has failed to adequately secure its computer networks against hackers, terrorists, and hostile nations. The report (PDF) from the Government Accountability Office cited a long list of shortcomings, including the lack of sufficient systems to authenticate users who access the system.

The shortcomings "make it possible for intruders, as well as government and contractor employees, to bypass or disable computer access controls and undertake a wide variety of inappropriate or malicious acts," the report concluded. "As a result, increased and unnecessary risk exists that sensitive information is subject to unauthorized disclosure, modification, and destruction and that mission operations could be disrupted."

NASA networks and systems have already been successfully targeted by attackers, the report said. During fiscal years 2007 and 2008, NASA reported 1,120 incidents that resulted in malware being installed and unauthorized access to sensitive information. Last year, the space agency established a security operations center to prevent attacks. While NASA has made important progress in securing its networks, it still faces serious shortcomings.

"NASA has not yet fully implemented key activities of its information security program to ensure that controls are appropriately designed and operating effectively," the report said. "Despite actions to address prior security incidents, NASA remains vulnerable to similar incidents."

The charges leveled against Nozette suggest that NASA isn't the only US government agency that was affected by the breach. In addition to his research into lunar poles, he also held top security clearances from the Energy Department's Lawrence Livermore National Laboratory. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.