NASA Division Battles The Hack From Ipanema (And check out the date on the story - straight from the future!)greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
Notice the date on this story... I am posting it at 1 p.m. MST, March 15. ________
Thursday, March 16 3:27 AM SGT
NASA Division Battles The Hack From Ipanema WASHINGTON, DC, U.S.A., 2000 MAR 15 (NB) -- By Robert MacMillan, Newsbytes.
From Antonio Carlos Jobim to the samba, the US generally has welcomed some of the cooler cultural exports from Brazil, but the latest one - a series of hack attacks on NASA's Jet Propulsion Laboratory at CalTech - has the agency bossa nova-ing its way toward beefing up its security measures.
JPL Spokesman Frank O'Donnell confirmed for Newsbytes an MSNBC report that the agency has shut down access to queries emanating from Brazil until the agency's security team makes some necessary improvements to its network.
O'Donnell said that the Brazil shutout was not a "blacklist" attempt, as earlier reports indicated.
"There was a number of recent attacks on JPL hosts originating from various sites in Brazil, and as a temporary move while our computer security people work, we're blocking network access to JPL from Brazil," O'Donnell said. "But this is a temporary thing."
He said normal service to South America's largest nation would return "in a matter of days at most."
He added that he is "not aware of any (security) compromises per se in these attacks."
Highly secure data at JPL generally is not stored on hosts that are connected to the Internet, O'Donnell also said, but added that he could "not go into a great deal of detail" on what kind of information was sought.
MSNBC reported the Brazil problem after a network analyst at the Bank of Brazil in Brasilia reported that he could not access the JPL site.
The service also reported that a CERT official at its headquarters in Pittsburgh, Pa., said that blocking access to an entire network or country is reasonably common, though the official said that spoofing attacks - when the address of the attacking e-mail in a denial of service attack is falsified - blocking against a particular domain or country code becomes largely ineffective.
O'Donnell said that CERT and the JPL have been working jointly on security issues.
-- Jen Bunker (firstname.lastname@example.org), March 15, 2000