It’s not rocket science: NASA unit hobbled by amateurish phishing attack

NASA’s Jet Propulsion Laboratory recently found itself in a rather odd predicament due to phishing attacks. According to an internal email sent to all employees from the Office of the CISO, a phishing email caused all outgoing email to Gmail, Yahoo, Hotmail, and other email accounts to be blocked. The email in question, which was provided by my anonymous source within JPL, says the following:

Monday, June 10 at 4:16 pm, over 3,100 JPL users received a phishing email appearing to come from an IT Helpdesk. The email contained a malicious link to “outlookstoragequotaportal.yahoosites[.]com” or to "webmailaccessstorageportal.yahoosites[.]com”.

The link, if clicked, directed users to a Yahoo-hosted site requesting a JPL username, email address, and password. At least nine JPL users fell victim to the phishing attack and provided their email and password. On Tuesday, June 11 at 5:34 am, at least four of the compromised JPL accounts were used to launch 1.8 million emails to individuals including JPL users, NASA employees, external partners and email services. Two external email services (SORBS and IBM DNS), who monitor SPAM for industry, responded by blacklisting all email coming from JPL. As of Thursday morning, at 7am JPL was removed from the blacklist lists and email is functioning normally."

I have said it before, but it bears repeating. Jet Propulsion Laboratory, and NASA as a whole, has struggled with implementing effective cybersecurity practices. The amount of top-secret projects (both for NASA and the Defense Department) that are developed at this location is reason enough to be alarmed at their lax initiative. JPL is simply lucky that this phishing email attack was not the start of a larger network infection. While it only takes one individual to compromise a network, the fact that nine employees fell for a poorly crafted phishing email is absurd.

Ultimately NASA, especially the Jet Propulsion Laboratory campus, needs to overhaul their cybersecurity training. The next incident may not be so easily solved.

Featured image: NASA/JPL-Caltech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

On-premises backup for cloud data and cloud infrastructure protection

On-premises backup is a down-to-earth solution for backing up your cloud data – especially for those with a healthy paranoia…

2 hours ago

Lenovo adds to lineups of ThinkBook laptops for SMBs

Lenovo’s new ThinkBook lineup brings agile collaboration features and enterprise-grade infrastructure and security to SMBs.

7 hours ago

Control your business data: Managing the unmanaged mobile devices

Can we allow companies to control their business data while allowing employees to access that data on their personal mobile…

10 hours ago

IFA 2019: All the top smartphone announcements and unveilings

IFA 2019, this year’s version of the annual consumer electronics trade show, did not disappoint. Is one of these smartphones…

1 day ago

Outlook connectivity: Troubleshooting and solving common issues

IT professionals all dread getting this fevered message from employees and clients: “I’m having Outlook connectivity issues!” Here’s what you…

1 day ago

Using tags with Azure runbook automation to control your costs

Here’s a script designed to start and stop virtual machines based on tags associated at the resource group level. It…

1 day ago