A NASA spokesperson has told SecurityWeek that they’re investigating claims made by a group of Iranian hackers earlier this week. The claim is that a SSL certificate issued to NASA’s Research and Education Support Services (NRESS) group has been compromised, and used in a Man-in-the-Middle attack.
On Wednesday, an Iranian student group comprised of programmers and hackers, known as the Cyber Warriors Team, claimed to have compromised the SSL cert used on the NASA Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES) website.
The group said the certificate was compromised by exploiting an existing vulnerability within the portal’s login system, but they didn’t outline the entire attack. Once they had control over the certificate, they claim to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users [sic].”
If the claims are true, this wouldn’t be the first time the space agency has had security issues. In March, NASA Inspector General Paul K. Martin told the House’s Committee on Science, Space, and Technology’s Subcommittee on Investigations and Oversight, that the agency faces serious challenges when it comes to protecting its information and systems from cyber attacks.
Martin said that NASA was the victim of 47 APT attacks, 13 of which compromised agency systems during FY 2011. In one incident, attackers captured user credentials for more than 150 NASA employees that could have been used to gain unauthorized access to NASA systems.
“The attackers had full functional control over these networks,” Martin said.
According to NASA, NSPIRES is the portal responsible for supporting the entire lifecycle of their research solicitation and selection, from announcements to peer review and decision.
When questioned about the claims made by CWT, the NASA spokesperson simply stated that the, “security office is investigating the claim… that’s really all we can say about it right now.”