It’s not rocket science: NASA unit hobbled by amateurish phishing attack

NASA’s Jet Propulsion Laboratory recently found itself in a rather odd predicament due to phishing attacks. According to an internal email sent to all employees from the Office of the CISO, a phishing email caused all outgoing email to Gmail, Yahoo, Hotmail, and other email accounts to be blocked. The email in question, which was provided by my anonymous source within JPL, says the following:

Monday, June 10 at 4:16 pm, over 3,100 JPL users received a phishing email appearing to come from an IT Helpdesk. The email contained a malicious link to “outlookstoragequotaportal.yahoosites[.]com” or to "webmailaccessstorageportal.yahoosites[.]com”.

The link, if clicked, directed users to a Yahoo-hosted site requesting a JPL username, email address, and password. At least nine JPL users fell victim to the phishing attack and provided their email and password. On Tuesday, June 11 at 5:34 am, at least four of the compromised JPL accounts were used to launch 1.8 million emails to individuals including JPL users, NASA employees, external partners and email services. Two external email services (SORBS and IBM DNS), who monitor SPAM for industry, responded by blacklisting all email coming from JPL. As of Thursday morning, at 7am JPL was removed from the blacklist lists and email is functioning normally."

I have said it before, but it bears repeating. Jet Propulsion Laboratory, and NASA as a whole, has struggled with implementing effective cybersecurity practices. The amount of top-secret projects (both for NASA and the Defense Department) that are developed at this location is reason enough to be alarmed at their lax initiative. JPL is simply lucky that this phishing email attack was not the start of a larger network infection. While it only takes one individual to compromise a network, the fact that nine employees fell for a poorly crafted phishing email is absurd.

Ultimately NASA, especially the Jet Propulsion Laboratory campus, needs to overhaul their cybersecurity training. The next incident may not be so easily solved.

Featured image: NASA/JPL-Caltech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Google hikes payouts on Chrome bug-bounty program

In an attempt to make its products safer, Google is enticing the best and brightest with higher payouts in its…

2 days ago

A simple five-step plan for network troubleshooting

There is no magical solution for network troubleshooting. Sometimes, the best you can do is roll up your sleeves and…

3 days ago

Google Data Catalog metadata management service now in public beta

Google Data Catalog, which allows users to discover, manage, and analyze data within Google Cloud, is now in public beta.…

3 days ago

Using Office 365 DLP policies to protect your precious IT data

Because many breaches come from data leaked from inside your organization, using DLP policies can help by blocking users from…

3 days ago

Amazon Personalize now available to all AWS users

Amazon Personalize is tool that lets users create customized personalization recommendations for applications — and it’s now available to all…

4 days ago

Use baselines to ensure patch compliance for Hyper-V virtual machines

It is important that virtual machine infrastructure is kept up to date. Here’s how to use baselines to ensure patch…

4 days ago