Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

NASA Investigating Possible SSL Compromise

NASA spokesperson has told SecurityWeek that they’re investigating claims made by a group of Iranian hackers earlier this week. The claim is that a SSL certificate issued to NASA’s Research and Education Support Services (NRESS) group has been compromised, and used in a Man-in-the-Middle attack.

NASA spokesperson has told SecurityWeek that they’re investigating claims made by a group of Iranian hackers earlier this week. The claim is that a SSL certificate issued to NASA’s Research and Education Support Services (NRESS) group has been compromised, and used in a Man-in-the-Middle attack.

On Wednesday, an Iranian student group comprised of programmers and hackers, known as the Cyber Warriors Team, claimed to have compromised the SSL cert used on the NASA Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES) website.

NASA

The group said the certificate was compromised by exploiting an existing vulnerability within the portal’s login system, but they didn’t outline the entire attack. Once they had control over the certificate, they claim to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users [sic].”

If the claims are true, this wouldn’t be the first time the space agency has had security issues. In March, NASA Inspector General Paul K. Martin told the House’s Committee on Science, Space, and Technology’s Subcommittee on Investigations and Oversight, that the agency faces serious challenges when it comes to protecting its information and systems from cyber attacks.

Martin said that NASA was the victim of 47 APT attacks, 13 of which compromised agency systems during FY 2011. In one incident, attackers captured user credentials for more than 150 NASA employees that could have been used to gain unauthorized access to NASA systems.

“The attackers had full functional control over these networks,” Martin said. 

According to NASA, NSPIRES is the portal responsible for supporting the entire lifecycle of their research solicitation and selection, from announcements to peer review and decision.

When questioned about the claims made by CWT, the NASA spokesperson simply stated that the, “security office is investigating the claim… that’s really all we can say about it right now.”

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.