Data breach after Nasa fails to wipe end-of-life PCs
An internal inquiry has left Nasa red faced amid revelations that computers were being sold off with top secret information about the Space Shuttle programme still stored on them.
In addition some computers were put up for sale with digital information still on them that could be used by hackers to attack Nasa’s network.
When Nasa disposes of computer equipment it usually undergoes a thorough “sanitization” process to clean the machines of all digital data, so that almost none of it can be retrieved.
During an audit of its processes, however, Nasa discovered “significant weaknesses in the sanitisation and disposition processes” for IT equipment at four Nasa Centres.
The problems, which Nasa says resulted in the release of sensitive information, occurred at the Kennedy and Johnson Space Centers and Ames and Langley Research Centers.
Specifically, Kennedy released to the public 10 computers that still contained NASA data.
Worryingly Nasa found computers at the Kennedy facility that were being prepared for sale with Nasa Internet Protocol information on prominent display.
Internet Protocol information could provide a hacker with the details needed to target specific NASA network assets and exploit weaknesses, resulting in the compromise of sensitive information.