The perceived security of some major entities may fail if tested, quite recently NASA's security was challenged and found to lack some bolts! On February 23, a 26 year old Texas developer was charged of hacking into NASA's networks. The federal court is charging him of wire fraud and computer hacking! He is accepting all charges. Apparently this was not the only cybercrime this individual was up to. In fact, he is also charged of manipulating Digital River's SWReg systems as to credit his account to an approximate amount of $275,000 over a period of one year. SWReg pays independent software developer royalties to their submitted code.
The NASA incident occurred once where he managed to get access to two servers at the flight center in Greenbelt, Maryland. The hacked servers gathered data sent from satellites so that the scientific community could retrieve oceanographic data against a paid membership. The cybercriminal did not gain any financial income from this attack but has caused NASA approximately $43, 000 to fix the damage and caused a long down time for the 3,300 paid members of NASA. Such a criminal faces a potential maximum penalty of 20 years in prison on the wire fraud and 10 year on the computer hacking charge!
According to official reports there was an increase of 23% of cybercrime in 2009 than the previous year where the estimated dollar loss from such activity reached about $569 million. Mainly, there are two lessons to be learned here, first is that cybercrime activity will continue to increase and will get more effective, and secondly we are seeing more big entities with supposedly secure infrastructures being hacked! Are the major entities lacking security controls or cyber criminals are becoming even better? I reckon that IT systems are rarely driven by security features or controls in their development phases which may allow certain weaknesses to be present and later exploited by cyber criminals.