Feeds

Top NASA scientist busted for leaking satellite intel

Key networks not secured

High performance access to file storage

A former NASA scientist who helped discover evidence of water on the moon has been arrested on charges he tried to sell Israel classified information about US military satellite systems.

Stewart Nozette, 52, of Maryland, was arrested in a sting in which an FBI agent posed as an Israeli intelligence officer. According to federal prosecutors, he demanded money and a new Israeli passport in exchange for the sensitive information, which he obtained while working with a high security clearance for the US space agency.

The charges came Monday, just a few days after a government watchdog agency warned congress that NASA has failed to adequately secure its computer networks against hackers, terrorists, and hostile nations. The report (PDF) from the Government Accountability Office cited a long list of shortcomings, including the lack of sufficient systems to authenticate users who access the system.

The shortcomings "make it possible for intruders, as well as government and contractor employees, to bypass or disable computer access controls and undertake a wide variety of inappropriate or malicious acts," the report concluded. "As a result, increased and unnecessary risk exists that sensitive information is subject to unauthorized disclosure, modification, and destruction and that mission operations could be disrupted."

NASA networks and systems have already been successfully targeted by attackers, the report said. During fiscal years 2007 and 2008, NASA reported 1,120 incidents that resulted in malware being installed and unauthorized access to sensitive information. Last year, the space agency established a security operations center to prevent attacks. While NASA has made important progress in securing its networks, it still faces serious shortcomings.

"NASA has not yet fully implemented key activities of its information security program to ensure that controls are appropriately designed and operating effectively," the report said. "Despite actions to address prior security incidents, NASA remains vulnerable to similar incidents."

The charges leveled against Nozette suggest that NASA isn't the only US government agency that was affected by the breach. In addition to his research into lunar poles, he also held top security clearances from the Energy Department's Lawrence Livermore National Laboratory. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.