[Moderator: One of our NASA readers came through :)]
---------- Forwarded message ----------
> The group, which calls itself the "Masters of Downloading" or MOD,
> said the cyber-attack had stripped the U.S. space agency of its chief
> defense against computer intrusion and would allow them "to pass undetected
> through their systems."
Unless they're able to h4x0r their way into the logging routines
and undo ink upon printer paper, they would sooner "pass undetected" out
my ass than on the NASA networks I'm around. The people I know who
maintain the network monitors are highly clued-in and I trust their
skills.
> Computer expert John Vranesevich, who runs the AntiOnline website
> devoted to information security issues (www.antionline.com), said Wednesday
> that MOD had contacted him with new claims about a break-in at NASA.
> "They have access to a lot more than they've given to me, or let me
> know about," Vranesevich told Reuters.
This is doubletalk. "I know they have access to things they don't
let me know about." What the hell?
> According to MOD, which sent Vranesevich samples of the alleged NASA
> software to back up its claim, members of the group broke into system
> through the Jet Propulsion Laboratory (JPL) in Pasadena, California, and
> took away enough information to effectively disable any "intruder alert"
> system the agency's computers might have.
> Specifically, the group said it now had key pieces of the NASA
> Automatic Systems Incident Response Capability (NASIRC) software package
> and was able to break into NASA computer servers with impunity.
They claim access to NASIRC in specific. BFD. NASIRC logs and
tracks incidents. It's the NASA equivalent of CERT. To the best of my
knowledge, NASIRC does not possess [nor has it ever possessed] software
that allows it to cruise the NASA network without challenge.
> NASA had no immediate comment on the group's claims, although one
> official who had seen a list of the software allegedly stolen said "it
> doesn't look too alarming."
The reason why is that the software is available pretty readily on
the NASA intranets. My present guess is that these guys got on a
low-level NASA machine and connected via Lynx to NASIRC's internal pages.
- From there, they got a few NASIRC packages and whoop-de-doo.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Thu Apr 23 20:56:50 1998