Iranian hackers said they took control of a SSL certificate issued to the NASA Research and Education Support Services (NRESS) group which ended up used in a man-in-the-middle attack.
An Iranian student group comprised of programmers and hackers, known as the Cyber Warriors Team, said they compromised the SSL certificate used on the NASA Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES) website.
The group said they were able to obtain the certificate by exploiting an existing vulnerability within the portal’s login system, but they didn’t outline the entire attack. Once they had control over the certificate, they claim to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users.”
If the claims are true, this wouldn’t be the first time the space agency has had security issues. In March, NASA Inspector General Paul K. Martin told the House’s Committee on Science, Space, and Technology’s Subcommittee on Investigations and Oversight, the agency faces serious challenges when it comes to protecting its information and systems from cyber attacks.
Martin said NASA was the victim of 47 advanced persistent threat attacks, 13 of which compromised agency systems during FY 2011. In one incident, attackers captured user credentials for more than 150 NASA employees which would allow the thieves to gain unauthorized access to NASA systems.
“The attackers had full functional control over these networks,” Martin said.
NSPIRES is the portal responsible for supporting the entire lifecycle of their research solicitation and selection, from announcements to peer review and decision, NASA said.