It’s not rocket science: NASA unit hobbled by amateurish phishing attack

NASA’s Jet Propulsion Laboratory recently found itself in a rather odd predicament due to phishing attacks. According to an internal email sent to all employees from the Office of the CISO, a phishing email caused all outgoing email to Gmail, Yahoo, Hotmail, and other email accounts to be blocked. The email in question, which was provided by my anonymous source within JPL, says the following:

Monday, June 10 at 4:16 pm, over 3,100 JPL users received a phishing email appearing to come from an IT Helpdesk. The email contained a malicious link to “outlookstoragequotaportal.yahoosites[.]com” or to "webmailaccessstorageportal.yahoosites[.]com”.

The link, if clicked, directed users to a Yahoo-hosted site requesting a JPL username, email address, and password. At least nine JPL users fell victim to the phishing attack and provided their email and password. On Tuesday, June 11 at 5:34 am, at least four of the compromised JPL accounts were used to launch 1.8 million emails to individuals including JPL users, NASA employees, external partners and email services. Two external email services (SORBS and IBM DNS), who monitor SPAM for industry, responded by blacklisting all email coming from JPL. As of Thursday morning, at 7am JPL was removed from the blacklist lists and email is functioning normally."

I have said it before, but it bears repeating. Jet Propulsion Laboratory, and NASA as a whole, has struggled with implementing effective cybersecurity practices. The amount of top-secret projects (both for NASA and the Defense Department) that are developed at this location is reason enough to be alarmed at their lax initiative. JPL is simply lucky that this phishing email attack was not the start of a larger network infection. While it only takes one individual to compromise a network, the fact that nine employees fell for a poorly crafted phishing email is absurd.

Ultimately NASA, especially the Jet Propulsion Laboratory campus, needs to overhaul their cybersecurity training. The next incident may not be so easily solved.

Featured image: NASA/JPL-Caltech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

How to manage and automate Azure DevOps using Azure CLI

Azure DevOps is fast becoming the next big thing. This Azure DevOps Quick Tip shows…

2 days ago

Trench Tales: When you really need to retire that messaging platform

That old messaging platform has served you well, but maybe it’s time to move on.…

3 days ago

Customize PowerShell with default parameters and save time

Microsoft makes it easy to set up default parameters for PowerShell. And while they may…

3 days ago

Secret Manager security service now available for Google Cloud

Secret Manager, new from Google Cloud, is out in in beta. It provides a secure…

3 days ago

Postman API platform surpasses 10 million registered users

API development platform Postman said it has surpassed 10 million active users, a clear signal…

4 days ago

SOS for SSDs: How to avoid solid-state drives firmware failure

Solid-state drives are great. They're terrific. They're blazing fast. Except when all SSDs suddenly fail…

4 days ago