NASA Investigating Theft by Hacker

Computerworld - WASHINGTON

NASA cybercrime investigators are looking into the theft of militarily significant design documents pertaining to the next generation of reusable space vehicles.

The documents, which are restricted by export laws from being shared with foreign nationals or governments and are also strictly controlled under the International Trafficking in Arms Regulations, were obtained by Computerworld last week from a hacker who claims to be based in Latin America. Computerworld broke the story online last Thursday.

The documents were authored by contractors from The Boeing Co. and a joint venture between East Hartford, Conn.-based Pratt & Whitney and Sacramento, Calif.-based Aerojet. All of the vendors had labeled the documents "competition sensitive," and while it is not yet clear exactly what sensitive data on military and commercial technologies may have been compromised, defense and intelligence experts said the incident could have both national security and political ramifications.

Bob Jacobs, a spokesman for NASA, confirmed that the documents contain sensitive military information and should have been stored in a closed database. There is no information on how or from where the documents were stolen, and investigators couldn't confirm whether a hacking incident had taken place.

However, a hacker known only by the nickname RaFa who was formerly a member of the now-defunct World of Hell hacker gang, uploaded to a Web site more than 43MB of documents, including a 15-part PowerPoint presentation that included detailed engineering drawings. The documents also included detailed mechanical design information on the COBRA space shuttle engine design program and the risk-reduction plan for the Boeing TA4 Advanced Checkout, Control & Maintenance System (ACCMS). The ACCMS is essentially the ground control system for the next generation of space shuttles.

Walt Rice, a spokesman for Boeing, said the company doesn't have enough information on the incident to comment. However, Boeing is aware that NASA officials are investigating, and the company will offer any assistance that's requested of it, he said.

Patrick Louden, a spokesman for Pratt & Whitney, said that NASA is taking the lead in the investigation and that the company is deferring to the agency for all comments on the matter.

Military Interests

NASA's 2nd Generation Reusable Launch Vehicle Program (RLV) is part of the agency's long-term Space Launch Initiative, a multibillion-dollar effort to design a safer and more efficient space transportation architecture by 2005. The Department of Defense is a key partner in the effort because of its interest in the RLV program's applicability to military satellite programs and future military space plane designs.

RaFa said he didn't understand the sensitivity of the information he had and acknowledged that he has shared the documents with hackers in France. He also showed Computerworld evidence of a hack into systems at NASA's White Sands Test Facility in New Mexico, producing a list of dozens of user accounts. He claims to have used an anonymous FTP vulnerability to conduct both hacks.