Kilo Echo Bravo Six Four Niner

Oh shit, there I was…

Reports Say Hackers Broke into NASA Computer System

GIRARD C. STEICHEN September 15, 1987

FRANKFURT, West Germany (AP) _ Computer hackers broke into NASA’s worldwide data network throughout the summer and gathered secret information on space shuttle projects and rocket failures, West German media said Tuesday.

News reports said young West Germans gained regular access to at least 20 computers of the U.S. space agency and had the ability to paralyze the entire network.

The ARD television network said a flaw in the network’s security system allowed the hackers to enter the network from May to September.

Hackers are computer enthusiasts who often try to break into private computer systems for the challenge or for criminal gain.

The NASA system connects more than 1,600 computers worldwide that share information on space research, nuclear physics and molecular biology, ARD said in a report broadcast Tuesday night. The network includes U.S. atomic research facilities in Los Alamos, N.M.

In Washington, the National Aeronautics and Space Administration said in a statement that the tapped network provides unclassified information to university and industry researchers.

″We know of no classified information which can be accessed through the network,″ the statement said.

The statement said NASA uses a number of computer networks with varying degrees of security to provide ″appropriate inviduals″ with access to data.

The Hamburg-based magazine Stern reported information similar to the ARD report in an advance telexed to news media Tuesday.

″When I saw ‘Welcome to the NASA headquarters … installation’ on my screen, I was a little shocked, to say the least,″ the magazine quoted one youth as saying.

The Hamburg-based ″Chaos Computer Club″ said in a statement to news media Tuesday that the youths turned to the club for help when they realized the enormity of their discovery.

The statement said the hackers penetrated the network to show the ″unbelievable weaknesses″ of the security system and had no interest in the secret data.

The reports did not say how many hackers were involved or where they lived.

Stern said the youths obtained NASA memos to employees on daily space shuttle program updates and on how to deal with the media.

The magazine, quoting one youth’s records of computer transactions, said the hackers were able to read users’ electronic mail and had the ability to paralyze the entire network.

In one of the most serious security breaches, the hackers obtained NASA information on space shuttle projects, computer security studies and rocket boosters, the television network said.

Scientists in at least eight other countries besides the United States are linked to the computer network. Stern said the system is called the ″Space Physics Analysis Network,″ or SPAN.

Michael Butz, a spokesman for the West German Interior Ministry, said his office had no information about the incidents. The Interior Ministry supervises many police functions in West Germany.

In addition to the NASA computers, the hackers gained access to computers at some of Europe’s most sophisticated research institutions, including the European Space Agency in Darmstadt, West Germany; the European Nuclear Research Center in Geneva, an the European Laboratory for Molecular Biology in Heidelberg, West Germany.

Lennart Philipson, director of the molecular biology laboratory, said the institute is re-evaluating its use of the computer network.

″We are considering whether we should restrict our exchange of data with other institutes, even if that might hinder our research,″ Philipson told ARD.

The hackers said they gained access to the NASA computers by asking for files stored under such key words as ″shuttle,″ ″challenger,″ and ″secret,″ ARD said.

Under those categories, the hackers said they saw data reports on ″Shuttle C Study Contracts,″ a ″System Security Study″ on computer security, and a study on ″Booster Rocket Incidents,″ the television network said.

The hackers described a step-by-step process of gaining more and more access to the network’s computers until they achieved ″unlimited access″ to all data banks and the ability to ″manipulate at will″ all information stored there, according to ARD.

ARD said the hackers provided more than 200 pages of documents pertaining to entry into the NASA computers for Tuesday night’s television broadcast.

The computer club said the penetration was discovered in August and all organizations who use the network were notified.

So far, no charges have been filed in the case.

Justice Ministry spokesman Henning Gehl said the hackers’ actions are punishable by up to three years in prison and fines.

GIRARD C. STEICHEN writing for the Associated Press (https://apnews.com/article/80a0df745cedccd1bb8ab42850620064) September 15, 1987

Some of my systems at NASA were hacked. As I understand it, $GETUAI (A recently introduced VMS System Service routine) was intended to provide safe access to the System User Authorization File. It had a flaw which allowed an unprivileged user to make any changes to SYSUAF.DAT including privilege elevation. A patched (by the CCC) version of the login routine (LOGINOUT.EXE) was uploaded to my systems and cleartext passwords were stashed for retrieval later. There had been rumors circulating online (Usenet comp.os.vms) for some time that $GETUAI had problems, but little was made public. I came to find out that the patch tape to fix the $GETUAI issue has been sitting on a manager’s desk for some period of time. I have no idea if we had installed the patch (on a reel of magnetic tape) the day we received it if it would have made a difference.

Obviously we have learned a few things since then.

More on this story later. Peace!

Posted

in

,

by

John McMahon

Tags:

, , ,