Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Space

Cracker Endangered Astronauts 224

DAldredge was one of a huge number of people that wrote in with the news that the BBC has reported that a cracker(s) endangered the lives of astronauts in 1997 by "overloading NASA's communication system". Charming.
This discussion has been archived. No new comments can be posted.

Cracker Endangered Astronauts

Comments Filter:
  • Big Brother says:

    "Just another example of why we need stronger anti-hacker laws and more government control of the internet. We need to keep information about hacking from reaching our precious youth. In addition, we'll have to raise taxes to pay for this crackdown.

    "We should also be using genetic screening and peer reporting to catch troubled teenagers early so they can be treated."

  • by coyote-san ( 38515 ) on Monday July 03, 2000 @03:56PM (#961659)
    In retrospect that phrasing was poor. She was charged with felony murder, but the DA was pushing for the death penalty. The reasoning was that the gunman would have faced the death penalty, and since felony murder means all actors are equally guilty it follows that *she* should face the death penalty as well. So it was a capital "felony murder" case.

    I find that reasoning dangerous... but I grew up in Florida (and had a HS classmate shot in the chest) during an era when the laws actually encouraged convenience store robbers to herd everyone into the freezer and execute them. Extending felony murder to include capital offenses for all is exceedingly dangerous - it means that instead of one person with nothing to lose you now have a carload of armed, desperate people with nothing to lose.

    (My point stands, BTW. If the underlying felony was the burglary then the DA should have either charged all or charged none. To charge Lisl alone means that she and Mattheaus committed a felony that the others did not.)

    Regarding "intent" - I don't disagree that intent is, and should be, irrelevant. My concern is the other half of the equation - casuality.

    Nobody can dispute the causality of a death due to a stray bullet or fleeing (or pursuing) vehicle. I'm even willing to concede a causal connection between a bomb in a public space and a subsequent heart attack.

    But I *don't* see a legally significant causal connection between someone helping to subdue a thief and a subsequent heart attack. I can't ignore the possibility that he was going to die that day regardless of what he did that morning, and that's enough to form reasonable doubt about the causal connection between the thief's acts and the subsequent death.

    I might be willing to let this slide if the dead man was the victim -- but he wasn't. As I understand the situation he was a bystander who *choose* to get involved. He could have let the thief escape, or other men subdue the thief. What if he suffered a heart attack after chasing the thief (e.g., to get a description of his car?) What if he hopped into a car, pursued him, and died in an accident after blowing through a stop light or stop sign? At some point the victim *has* to bring on his own death by misadventure, instead of felony murder.

    Finally, I know that suicide is *normally* an independent, intervening act that breaks liability... but that's not always the case. E.g., a recent case out of Orlando involved a woman who wanted to stop her daughter (IIRC) from refusing medical treatment (= a form of suicide) since the woman would then be charged with murder. (That also follows the ancient tradition that it's murder even if the victim survives, but dies from injuries within a given period - traditionally a year and a day.) My example was a bit more extreme, but that's the nature of slippery-slope arguments ;-)
  • A cracker is something you eat, you know. When I first read the headline, I found it much more believable that it was a bisquit that endangered the astronauts lives then a computer hacker.

    But when reading that this poor bisquit actually managed to overload the communication system I was perplexed. A bisquit could cause a short-circuit perhaps, or more likely the opposite, small particles could find their way into electrical couplings, thereby making bad connections, but overloading...

    I did't understand it untill I actually read the article. And I've been sitting in front of the computer programming all day. I'm scared, is this normal?

  • Jurisdiction is actually pretty straightforward - it is an American flagged aircraft in international airspace, with domestic departure and arrival points. It is no more exotic than a murder on a United Airlines 747 flying between LA and Hawaii.

    (This, incidently, is a fscking big question with "Sea Haven." If it's truly sovereign, I can grab a helicopter, land there, shot everyone up, and get away clean because no civil authority exists to prosecute me.)

    On an unrelated note, Federal land has historically either been a military base (and everyone was subject to military jurisdiction) or public lands where felonies were handled by the state. You couldn't get away with murder, but you could get away with most misdemeanors if you were off in a remote forest or beach. The car changed all of that, since you can now import blue-noses to be offended at the behavior of people who are deliberately trying to get away from the cookie-cutter norm.
  • CNN has a story [cnn.com] where NASA disputes this whole thing.

    -k

  • It's probably too late for most readers, but I just saw the following update [cnn.com] on CNN, in which NASA denies that the astronauts were ever in danger.
  • |_34R|\| T0 SP311, H|_||\/|P|_1cK

    Lameness filter encountered. Post aborted.

    PLEASE DON'T USE SO MANY CAPS. USING CAPS IS LIKE YELLING!

    Actually, I love brits so I'll rescind the above flame. Gormenghast kicked ASS, and the BBC miniseries wasn't too bad either. The final episode aired this weekend. got 'em all on tape. Rock on!
  • or do you think it was Zest? I got some Saltines on some wires once and they do indeed corrode them. I guess it's the salt? I can see how that would affect communications. :) -B
  • No 575?
    He must be out fly-fishing;
    I'll fill in today

    Most say "hack," some crack.
    People argue semantics;
    Does anyone care?

    Astronauts go up
    Cracker breaks in for a thrill
    News at eleven

    NASA desk jockey
    Surfs the net to pass the day
    Brave men die for porn
  • Yes, it would, and if the story is true, then I'm absolutely stunned. When I worked for the MoD, we had one machine connected to the Internet, and it was in it's own room, required clearance to even use it, and it wasn't connected to any other machines.

    It must have been a bloody big room if you could have got spacecraft into orbit in it!

    Suddenly, everyone's a critic but doesn't seem to have thought about the basics of the situation. You're going to need to feed the telemetry from several base stations around the world in different countries. Like hell you're going to run a completely isolated network, unless its absolutely required, which in this case it appears not to have been.

  • Oh, i thought they meant the food!
  • C'mon Moderator! Bring it on! Smack my Karma! I love it!

    A thread full of trolls and you single out one silly little post. GET A LIFE!
  • Say it with me everybody: IANAL.

    Most states (Including Florida and Texas where the system is likely located) have Felony Murder statutes. Which state (in essence) that any death that occurs as a result of a commision of any Felony, regardless of whether that death is premeditated, or even intentional can be tried and punished as First Degree Murder.

    If you rob a jewlery store and some old guy dies of a heart attack from the shock of the robbery, you're on the hook for First Degree Murder.

    I have a feeling that if you're fiddling with systems that monitor an Astronaut's vitals and one of them dies up there you can damn well bet you're going to be tried for Felony Murder.
  • <Conspiracy theory mode on>

    First off, I don't believe that the folks at NASA are actually stupid enough to run such critical systems "connected to the Internet", accessible to Joe Cracker. (I mean, thats asking for trouble, come on)

    Secondly, I can't help but notice that the press currently has many extremely negative portrayals of hacking/cracking, sometimes going beyond the point of misinformation.

    It seems that whenever the government wants to create new laws to invade the privacy of their citizens, they start throwing around the usual scary terms like "terrorists" and "paedophiles" - often with seemingly random news articles cropping up about some or other paedophile caught ensnaring kiddies on irc - normally it's enough to pacify the majority of sheeple. This looks similar to me.

    When I see all the negative articles about destructive hacker/crackers, I wonder if it's just the usual media sensationalism, or if somehow these articles are merely preparing the public for the next set of sweeping laws that will destroy our rights in the name of protecting us from these evil crackers. (Consider the recent mess in the UK with the RIP bill wrt encryption etc)

    <Conspiracy theory mode off>

    Or perhaps I'm just being paranoid. But in general I think it's a good idea to take everything you see/hear/read (particularly from mainstream media) with a bucket of salt.

  • yep ;) you meant something like www.l337d00dz.com [l337d00dz.com]
  • Yeah, something like that.
  • Whoa, now. If you ("you" being a nasty evil cracker and not you personally) hack into a hospital and access patient systems, and can recognize what you've hacked into, then you have knowledge of what you're doing. If patients die because you messed something up, you're liable for their deaths. You knew full well that such a result was possible, and a good prosecutor can pin murder on you.

    The NASA thing is a little different. If the cracker recognized that the system he accessed had to do with astronauts' health, and his actions then later caused their deaths, you could probably jack it up to murder one, same as the hospital. Deaths while committing a crime, under many state and federal statutes, gets you at least murder 2, if not murder 1.

    If the cracker didn't realize the full extent of his penetration or recognize what systems he accessed, then manslaughter or reckless homicide would probably be called for.

    Of course, there's jurisdictional issues as well. Actions against U.S. astronauts would likely fall within federal jurisdiction. Actions against a hospital's patients, on the other hand, would likely result in two separate state charges _ one for the hospital and one for wherever the cracker was _ plus federal charges for interstate crimes.

    Now, a cracker may not get the chair for these kind of crimes, but geez...if a cracker kills a ward full of people, there's got to be something more than a few years in prison for simple stupidity, no? We're talking about lives here.

  • Makes perfect sense to me that they'd have to have some form of larger-than-local area networking, even on the computers that communicate with the shuttle. Mission Control happens at at least two separate sites during any given mission: Takeoff and landing happen at Kennedy Space Center in Florida, while the actual mission is controlled from Houston. The transition between the two sites has to be seamless... which means networked computers and communications. Not necessarily the internet, maybe even just private communications over phone lines... but that may be just enough for some wise guy looking to make his name by cracking a government system.
  • What's more, notice how the AC said "so you know how to use a tracert"? That can only mean one thing...

    This guy is a DOSalyte!!! :-)

    Only dos uses tracert due to its eight-character limit. All the Unixen instead use traceroute in its correct, spelling-enhanced form.


  • Maybe the hackers can do some good by hacking into NASA to correct their math problems (a.k.a. the Mars Polar mission)...

  • In honor of the Fourth of July (even though I would probably have still posted this response on any other day of the year!)...

    (rant on)

    I am not a doctor, but I don't run to the doctor because I am totally incompetent in deciding my own care.

    I am not a CPA, but I don't run to the accountant every month so he can pay my bills, deposit my paycheck, etc.

    I am not a lawyer, only someone with a graduate-level technical education which included some (not much) coverage of legal issue and a strong layman's interest in Civil Liberties law. But I guess you're right - in this field, alone, I am a drolling idiot who has absolutely no opinions of value to any other person.

    Tell you what... why don't you take my voter card and cast my vote for me as well. I'm obviously incompetent to use my franchise.

    I'm not picking on you, really, but this post demonstrates the type of arrogance that makes lawyers one of the most despised professions around. The mere fact that you feel the need to tell intelligent, educated people that they must remain silent unless they are practicing lawyers (or why else would you feel the need to mention your insurance?) says volumes about just how screwed up this country is.

    If someone was asking -- or offering -- specific advice about a specific problem I would back you 100% in any statement that the person needs to see a practicing lawyer. Likewise, if someone has a sucking chest wound I'll tell them that they need to see a doctor, not someone who knows just enough first aid to get by while hiking.

    But the vast majority of the "IANAL" posts I have seen refer to general questions that should be comprehensible to the average citizen... or we do not have a democracy. What is felony murder? Are slashdot comments copyrighted? Usenet comments? Small source files without any copyright notice? Can I be fired from my job (or suspended from my public high school) for possessing a magazine I bought at Barnes & Nobel during lunch? Can a cop demand to see what files are on my laptop? Even in an airport? (Read the letters in the summer issue of 2600 if you think the last few questions seem silly.)

    The alternative which you suggest, whether you realize it or not, is to formally give up the American Experiment and recognize a two-class society. The upper class is practicing lawyers, and everyone else is banned from filing any grievance with the government or seeking redress (you know, those forgotten bits from the First Amendment), from <i>pro se</i> representation before either court or government agency, etc.

    (Hmm, another poster's comments about his right to use an archaic title of nobility, "esquire," suddenly take on a whole new meaning. Last time I checked *any* American could add Esq. to their name if they desired. Of course I know that some lawyers were starting to use it, but I thought it was considered a bit of silliness by the mainstream of the bar. But it now sounds like at least one state has changed that....)

    Do I think <i>pro se</i> representation is smart? For any serious problem, no. In fact, the only thing dumber than <i>pro se</i> is getting legal advice from slashdot. :-)

    But for *routine* issues, I get *very* alarmed when a practicing lawyer tells me that the law has gotten so complex that only a lawyer can say anything about it. When I hear that, I don't want to shut up, I want to kick out every member of Congress and elect a bunch who will pass laws that can be understood by the people who are expected to live by them. You cannot have a meaningful democracy if the law is "too complex" for any but a handful of voters to understand.

    (rant off)

    An aside, since the last paragraph is often followed by a statement supporting direct democracy or citizen referendums - the initiative process terrifies me because it tends to *write* extremely bad laws. (With a few notable exceptions, the electorate generally doesn't *pass* those laws, which is more than I can say about our legislature. :-)

    However, I find myself constantly defending actions that expand the power of citizen initiatives because the alternative is worse - I would rather have the people propose, and pass, bad law than Our Benevolent Lords and Masters of the Legislature have sole say in what laws are even discussed.
  • Where they playing xlander?

    --

  • http://www.cnn.com/2000/TECH/space/07/03/nasa.hack er.02/index.html
  • I couldn't determine the meaning of the word "cracker" from the headline. It could be any of the following:

    • Tasty crispy salty treat
    • Hacker dude
    • Racial slur for 'white guy'
    • Mediocre early '90's alternative band
    Or, it could have been all of the above... now THAT would be a story! :)
  • Bloody well ought to be murder in my opinion...or at the very least(and I MEAN very least) it should be First Degree Manslaughter. Goddess forbid but can you imagine the hellstorm that would have spawned in the media if the Challenger disaster was discovered to have been caused by a script kiddie?

    Personally if these jokers want to have fun cracking systems, why don't they get into teams and crack eachother's systems. Make it a contest. Is Billy's new firewall able to withstand Mollie's attacks? At least they'd learn a marketable skill of defending systems.

    As for why the 'ell are these fscking morons are posting they mission critical systems on the 'net is simple...they are fscking morons. I'm half expecting to hear about the school that was nuked by some packet monkey not wanting to have to take that test.
  • Uhh...just a question. Have you ever heard of (1) Eric S. Raymond, (2) The Jargon File/New Hacker's Dictionary, and/or the How to Become a Hacker HOWTO maintained by ESR.
    Everyone who's sane knows that hackers:
    1. Built the Internet
    2. Developed BSD, GNU/Linux, XFree86, KDE, GNOME, gcc, bash, etc. etc. etc.
    3. Have never cared for breaking into other's systems and/or comprimising security
    4. Are deeply involved in OSS, and sharing work, programming great software that solves problems needing to be solved


    While crackers do the opposite:
    1. Contributed in a mass effort to BREAK the Internet
    2. Revolve around exploiting everything and breaking security, causing problems from mild nuisances to outright disasters
    3. Are deeply involved in ActiveX trojans, Java exploits, BO2K, Netbus, and SubSeven, write software that not solves problems, but CREATES problems
    4. Are deeply involved in 0wn1ng p30pl3, ha><0ring non-31337, and other cracking rituals
    Uhh now here's a quote:
    There is another group of people who loadly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people "crackers" and want to have nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word "hackers" to describe crackers;
    this irritates real hackers to no end. --Eric S. Raymond, in the How To Become a Hacker HOWTO, distributed at his site, at tuxedo.org/~esr [tuxedo.org].
    So listen up and use correct usage. Crackers Are Not Newbie Hackers. CANNH. One more quote:
    The basic difference is this: hackers build things, crackers break them. --Eric S. Raymond.
  • Oooooooh, if you thought that was misleading with the title cracker, then you are not a hacker, and you do not have any reason to be here. If you don't know standard /. usage of the word Cracker, which we all really know inside...means a person who compromises security. Duuh. Uhh just saying, I got it the first time. I knew that someone(s) allegedly cracked NASA Mission Control.
  • Astronaut Michael Foale, who was part of the 1997 mission, told the BBC he was not informed of the problems at the time, but found the revelations intriguing.
    Indeed. Intriguing? I'd be worried about going up again.
  • Keep in mind, these are the same folks who, just after I started working at DEC, had a major outtage of one of the Alpha / OSF/1 clusters that monitor MCC (Mission Control) while the shuttle was looking for a landing window. After working with them for 9hrs straight and then handing off the call to someone else, and eventually sending someone physically OUT there, the problem turneed out to be:

    6mo before, they had the exact same problem. At that time they were instructed that their disk firmware on the shared SCSI bus were all horribly out of date, and needed updating, and the disks WOULD fall asleep if they didn't upgrade it. If they didn't, the side effect would be the cluster would take a bit longer to fail over. Oh, and it'd be nice if they upgraded to both a version of the OS still supported and put on the latest patches.

    Needless to say, NONE of that was ever done and the big lash up was one of their monkies trying to FORCE a failover of NFS services and disks from node to node. In direct contravention to what they were told by DEC.

    This was just the beginning of my disillusionment with every corporate group I've ever thought highly of.
  • First VaxPunx post!
  • Heh, Motive IS NOT a factor in proving guilt/innocence in America in a Murder case.

    Movies will make you think that it is but no sadly you can be convicted guilty with 0 motive.

    Manslaughter/second degree murder can be considered crimes of passion where the crime is commited on the spur of the moment, First degree murder is a pre-meditated act/
  • Hmmn

    I'm not picking on you, really, but this post demonstrates the type of arrogance that makes lawyers one of the most despised professions around. The mere fact that you feel the need to tell intelligent, educated people that they must remain silent unless they are practicing lawyers (or why else would you feel the need to mention your insurance?) says volumes about just how screwed up this country is.
    Yes you are picking on him :P.

    Second, he said something you chose to ignore.
    He said if you dont know something to be fact dont just say it as an uninformed person.
    He did NOT say if your not a lawyer dont post something.

    He just simply observed that is something seems approximate to how something should be it becomes popular and sets the /. mindset thingie and it gets modded up even if it is patently false.

    I did detect perhaps a hint of arrogance, but it was well informed arrogance deserved at the mannerisms most people post here anyways. HAH HAH Talk about arrogance.. Look around this forum its infected with it.

    Jeremy
  • heh, when I first read this post, I thought that cracker of the edible variety (read: saltine) had endangered the astronauts by jamming an electronic gizmo.

    I thought, well they won't be eating crackers in space anymore now.
  • Complete (physical) isolation is very hard to reach in such cases. You often need to make data from the spaceship available to the outside world (processed telemetry et al) or to connect the control center to other multipurpose LANs. As you said, partial isolation may be done using only outgoing connections and firewall devices, but if seeing how an active ftp connection is done, you can understand this is no panacea, especially if you are low on $ for your project.

    Oh, by the way, take a look at this GOA report [gao.gov]. It states that using trust relations between hosts you can reach some of NASA's critical systems.

    I don't want to be an astronaut anymore ;)


    --
  • ...but...as you SHOULD have known as a juror (which of course you arn't told)...the Jury makes final decision. It does NOT matter what the law says...if the Jury says Not Guilty...then not Guilty it is.

    The Jury doesn't have to answer to anyone (unless it can be shown the the jury was tampered with). This is the whole reason a jury exists...it is the FINAL Check on the system.

    In fact the Jury can even find a person innocent simply because they believe the law itself is wrong. This is a tradition that goes back to the very beginnings of the Jury system.

    The law is simply a set of rules...luckily the people who made those rules realised that no set of rules will ever be perfect (too bad they didn't also realise that rules are a figment of our collective overactive imagination...just like power and order and authority...) and they built in a saftey catch (unfortunaly one that doesn't always work...partially because Jurors are not informed about the true nature of their charge).

    In fact, these days I am sorry that I found a way to get out of jury duty. I refuse to vote (don't believe in it) or take part in most things,...but I realise now that the Jury *IS* the final check and balance. Its the one place where ordinary people, without the delusions of grandure and "con-artist" personalities needed to hold public office, can actually make a difference.

    The next time I am up for it...I will serve proudly....I think. Actually...I have moral objections to the entire concept of sending people to jail...I don't know if I could find a person guilty knowing what was in store for them...stripped of their freedom to satisfy vengence, done in the name of justice.....sigh.
  • See, this is why they have to keep their food in those little plastic tubes; crackers are just too dangerous, they get caught up in the communications systems.

    --
  • He did manage to land it safely.
  • I wonder what type of cracker caused this. Maybe one of those evil ritz with peanut butter ones.

    Oh my god, its a saltene (sp?)! Kill it! Kill it!

  • by coyote-san ( 38515 ) on Monday July 03, 2000 @07:03AM (#961696)
    Two recent examples from Colorado:

    1) Group burglarizes an apartment (supposedly one member recently moved out and was "retrieving" personal possessions - I don't recall details). Couple in one car is seen by police, pursued. Woman refuses to pull over when cop flashes his lights; male passenger fires gun at pursuing officer. Later, the woman is in custody when male fatally shoots a cop, then takes his own life.

    I'm not sure what the underlying felony was (I though refusal to pull over was a misdemeanor),
    but she was charged with CAPITAL felony murder. She was ultimately sentenced to life-in-prison, no parole.

    2) A man attempts to rob a grocery store. A group of patrons subdue him and hold him for police. A few hours later one of those men suffers a fatal heart attack.

    The DA makes noises about charging the would-be thief with felony murder since the man suffered a fatal heart attack as a direct consequence of the excitement and exertion he experienced that day. (I don't recall if the DA actually filed the charges.)

    These cases have opened up a local debate on the felony murder statutes. IANAL, but the second case seems excessive - people die from heart attacks every day, and this sets a dangerous precedence. Could someone be charged with felony murder if a TV viewer suffers a heart attack after watching live TV coverage? What if a distraught victim subsequently commits suicide?

    The first case is more consistent with the intent of felony murder statutes... but was strangely incomplete. The woman claimed that she was unable to pull over because the gunman threatened to shoot her if she did - and she had no way of knowing he would ultimately kill a cop. All she was trying to do was get some distance between them and the cops so he would stop shooting.

    On the other hand, she did willingly participate in the burglary. On the gripping hand, none of the other people involved in the burglary (who were in a separate car) were charged with felony murder.

    I didn't follow the case closely, so there may have been a legitimate underlying felony that applied to her alone. I, and many other people, are disturbed by the prospect she might have faced a possible death sentence because she offered a ride to the wrong person.

    As for the scenario in question, the biggest issue seems to be jurisdiction. If one astronaut flips out and murders another, where is the trial held?

    (Hint: the same problem occurs with aircraft and ships in international waters... and this "hacker" would be no different than someone on shore interfering with navigational gear that affects a vessel in international waters.)
  • You might note that while the deeply-informed author of the article says a "hacker" "tapped" into NASA's monitoring equipment, he graciously quotes a real person with a clue as saying
    "We had an activity at NASA center where a hacker was overloading our system...to such an extent that it interfered with communications between the NASA center, some medical communications and the astronaut aboard the shuttle."

    This quote doesn't say that a "hacker" penetrated the monitoring equipment, it says that a "hacker" overloaded "our system"(possibly being any computer on or near a NASA campus), and that the actions of this "hacker" interfered with the monitoring system. That still leaves open the possibility that the interference was an indirect effect of an attack somewhere else in "their system".

    <rant to the ignorant>
    Not that anyone's going to notice this. Looks like the highest rated posts are a close second to "hot British breakfast cereal" posts. Oh, don't open .vbs emails. Oh, don't you know the only way to be safe from the internet is not to be connected to it. Yeah, well the only way not to get murdered on the streets is to lock yourself into your house. Pray to God you're not also afraid of arsonists.

  • I'm so sick of this hacker/cracker bs.
    W

    -------------------
  • by Uruk ( 4907 ) on Monday July 03, 2000 @05:36AM (#961699)
    So, out of wild speculation just because I'm interested, if a cracker really screwed something up and the astronaut died as a result, is it murder? Manslaughter?

    Cracking is all fine and good for 14 year old packet monkeys when they're doing it with each other's systems, but this is freakin' nuts.

    BTW, why the hell are these systems even accessible in any way through the internet? I thought most of the government's really important systems had gotten hip to the fact that the only way to really be secure on the internet is to not be connected. And I can't imagine that the astronauts need yahoo stock quotes....

  • Wouldn't it be something like Negligent Homicide? I mean, murder connotes the intent to kill. If it was actually accidental, even though through another illegal act, I would think that would be mitigating.
  • Ok, will somebody who is familiar with NASA fill me in here. Do astronauts in space always communicate with the space center in Houston? Is Houston the standard one used for communications or something? The only reason I ask is that if that is not the case, it seems awfully stupid to me that movies depicting spacecraft which take off from some non-Houston center, say, Cape Canaveral, (*cough* Armageddon *cough*), always have everybody talking back to Houston. "Houston, this. Houston, that. Roger, Houston" It makes me want to hear Houston say back "Goddamnit, shut up!...you took off from Cape Canaveral idiot: talk to them damnit!".
  • See, reading this, I really thought that on the space shuttle, a rogue Ritz (or perhaps a Wheat Thin) had somehow gotten into the communications hardware and somehow messed stuff up. I envisioned shuttle astronauts trying desperately to pull out a Saltine that had gotten wedged into a radio transmitter. Hoo boy did I laugh!

    Then I realized it was a 'cracker' in the slashbot-speek sense - someone who does naughty things with computers. Much less funny.

    I really, really think that "cracker" is a stupid and confusing thing to call "evil hackers". Personally I think all news organizations should start calling such people "hax0rs".

    You listening, New York Times? j00 b3tt3r b3!@$
  • WTF is NASA doing putting their communications between space shuttle and Earth on a network that is connected to the internet? For real security, they should have the boxes through a firewall or 50, or have the boxes not even connected at all...
  • by spezz ( 150943 ) on Monday July 03, 2000 @05:55AM (#961712)
    Perhaps we should have a new acronym to follow INAL. We could use BIWCS (But I Watch Cop Shows)

    Just sayin' is all

  • 'Wargames'.. Broderick broke into the WOPR (War Operations Programmed Response).

    Well, it wasn't totally his fault. The box was supposed to play war games, and come up with a winning outcome. It wasn't supposed to launch missiles, etc. Just like in the NASA situation, some shithead forgot the principle of airgapping.

    I've always wondered how they would have managed to put the WOPR back to work after it had the realization that 'The only winning move is not to play'.
  • by brickbat ( 64506 ) on Monday July 03, 2000 @09:23AM (#961721) Homepage Journal
    1) Group burglarizes an apartment (supposedly one member recently moved out and was "retrieving" personal possessions - I don't recall details). Couple in one car is seen by police, pursued. Woman refuses to pull over when cop flashes his lights; male passenger fires gun at pursuing officer. Later, the woman is in custody when male fatally shoots a cop, then takes his own life.

    I'm not sure what the underlying felony was (I though refusal to pull over was a misdemeanor),
    but she was charged with CAPITAL felony murder. She was ultimately sentenced to life-in-prison, no parole.


    This would be the Matthaeus Jaehnig case, from November 1997. The woman convicted of felony murder (not capital murder; they're two different crimes), Lisl Auman, enlisted Jaehnig's and a few others' help in grabbing her belongings from an ex-boyfriend's home. This was reported as a burglary (aka 1st degree criminal trespass, a felony), to which the cops responded. So it wasn't just the burglary, but the resulting flight from the cops that were used as factors in charging Auman with felony murder.

    Felony murder law is nothing new; it has its roots in centuries-old British common law (though the UK dropped the statute many years ago). It holds that *anyone* involved in the commission of a felony that results in the death of a person is liable for that death, regardless of whether they were the murderer, or were even present at the time the murder occurred. Auman was already in custody before the cop was killed, but because she "initiated" the burglary and resulting flight, her hands were as bloody as Jaehnig's. As a result, Auman was convicted of first degree murder, and will spend the rest of her life in prison, without the possibility of parole. Did I mention she was just 21 at the time of her conviction?

    Of course, the case isn't nearly as black-and-white as I've presented it here; you can go to a website [lisl.com] set up by the Auman family to hear the other side.

    IANAL, but the second case seems excessive - people die from heart attacks every day, and this sets a dangerous precedence.

    Remember the bombing at the Atlanta Olympics? One of the casualties died from a heart attack. I'd say whoever set off the bomb is responsible for that death. There has to be a pretty direct cause-effect relationship between the crime and the death. Actually pulling the trigger is obviously the most direct. Fleeing from police, and putting them in the position of being shot by a lunatic with an automatic assault rifle, is not as direct, but the felony murder statute allows such connections to be made.

    Could someone be charged with felony murder if a TV viewer suffers a heart attack after watching live TV coverage? What if a distraught victim subsequently commits suicide?

    Last year, the mother of one of the victims of the Columbine massacre killed herself. Just recently, the star basketball player at the school also took his own life. Apparently he was a close friend with a couple of the victims. I won't be overly surprised if his parents sue the parents of Eric Harris and Dylan Klebold for wrongful death. Granted, that would be a civil and not a criminal action, but the issue of responsibility remains the same.

    My view (and, usually, the law's) is that someone who initiates an action that is the direct cause of a person's death or injury is the person most liable. That would rule out most suicides--provided of course that you can show evidence of other factors that would indicate a person's suicidal intentions.

    The woman claimed that she was unable to pull over because the gunman threatened to shoot her if she did - and she had no way of knowing he would ultimately kill a cop.

    Prior knowledge is completely irrelevant in a felony murder case. There doesn't even have to be intent--if you're the wheelman in a bank robbery, you certainly have no intention of shooting a guard, but if one of them is killed, you're as guilty as your accomplices.

    There are mitigating circumstances that should be considered, but that occurs usually in the sentencing phase, after a conviction. Apparently, in Auman's case, the mitigating factors weren't enough. And, in Colorado, the judge has little leeway in the sentencing guidelines--if it's first degree murder, the two options are death (if it's a capital case) or life without parole.
  • ... if a cracker really screwed something up and the astronaut died as a result, is it murder?

    There's a name for it: "felony murder." If, while commiting certain felony crimes, someone dies, the perpetrator is considered criminally responsible for that death. (Example: Some idiot with a gun holds up a convenience store. No shots are fired. The clerk has a heart attack and later dies.)

    Details vary from (U.S.) state to state. I don't know where the crime would be considered to have occured; probably where the hacked server was physically located.

    IANAL, but I was a juror in a trial where the charges were "assault and felony murder."
  • about 5 minutes before this story hit the bbc news site, it was displaying 'Slicks Bikini Page' with some content I'm sure they didn't want, however despite having been cracked themselves they thought it would be better to post some story that happened years and years ago. Its actually annoying because now I'll never know exactly what happened since they're keeping quiet about the whole thing.
    ---
  • I am not familiar with the incident in the news story. I do know that mission critical data communications at NASA are carried over a private Internet that is not connected to the public Internet. There is a separate IP network for administrative and non-critical activities that is connected to the public Internet. That is where you find *.nasa.gov systems. What may have happened is that a cracker disrupted a computer that was connected to the public Internet. If it really was a mission critical system, it should have been on the private Internet.
  • If NASA switches its astronauts to low-fat, low-salt crackers, then maybe their life functions won't be jeopardized.
  • but when i read that the first time i was mentally picturing a saltine. i was wondering if maybe crumbs were falling into the controls or something like that....

  • If they knew they where to kill an astronaut, and did it willingfull, that would have been murder. If they just had killed him/her/them accidentally (Oh, cool sys. Wonder what this command does?), that would have been manslaughter. At least that's the distinction between the two in Sweden...
    --The knowledge that you are an idiot, is what distinguishes you from one.
  • by TheNecromancer ( 179644 ) on Monday July 03, 2000 @05:58AM (#961744)
    My guess, being a careful student of Law & Order and NYPD Blue (which makes me a legal expert, you know), is that he/she would be charged with Involuntary Manslaughter.

    Sorry to disagree, but the hackers would be charged with 1st-degree murder, Party to a Crime. I was the head juror on a murder case where a guy arranged to rob his drug dealer, and in the process, killed him. The law read that if you intend to commit a crime, and another crime is committed as a result of your actions, you are responsible for both crimes. Since hacking into a government agency is considered a crime, if an astronaut died as a result of the hacking, the hacker would be liable for the death(s) of the astronauts.

    It just goes to show that television courtroom shows are very inaccurate when it comes to the actual judicial system.

  • I just wanted to clarify what First Degree Murder actually is. It is murder with mallace and forethought. If you take a gun to your ex-wife's house with the intent to scare the shit out of her and wind up killing her, this is not first degree muder. Same with the mugging case. - Both of those, however would probably wind up in the second degree category. First Degree murder is reserved for people who kill with intent. They know they want to kill you, because they fucking hate you! and they'll get you if it's the last thing they ever do - sort of thing.

    Manslaughter is when someone dies as a direct consequence of your actions, although you had no intent, even at the time, of killing them. i.e. - drunk driving, and the cracking case this discussion is about. Fortunately for the cracker, it would be very easy to put reasonable doubt into the minds of a jury that most likely knows nothing about the logistics of cracking. Or - on the flip side - they could send some @home user to prison because he forgot to edit /etc/inetd.conf before getting on the internet with his freshly installed RedHat 6.0 distro, allowing some dickhead to use his box as one of 20 or so hops before breaking NASA's famously weak security.

    But then again, that's life.


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network
  • For one thing, the data was medical telemetry. If this goes down, it's no big deal - in fact, if the book about Apollo 13 is anything to go by, astronauts regard the things as an instrusive and irrelevant distraction. For another thing, the data was still received through "alternate methods".

    Not that NASA shouldn't be concerned - any denial of service is always a concern, particularly for anything related to flight control - but claiming this was an "emergency" is debasing the term.

  • by gadwale ( 46632 ) on Monday July 03, 2000 @06:01AM (#961763) Homepage
    A simple traceroute confirms two of my suspicions!

    a. My ISP is far far away
    b. NASA has definitely not isolated their systems!

    1 gateway.cec.wustl.edu (128.252.21.249) 2.246 ms 2.006 ms 1.168 ms
    2 border2-verio.wustl.edu (128.252.5.254) 15.746 ms 156.419 ms 200.945 ms
    3 spaceship.nasa.gov (xxx.xxx.xx.xxx) 5.46 ms 16.41 ms 20.45 ms
    4 controlcenter.nasa.gov (xx.xxx.xx.xxx) 3.27 ms 6.08 ms 3.12 ms
    5 lifesupport.apollo13.nasa.gov (xxx.xxx.x.xxx) 15.746 ms 156.419 ms 200.945 ms
    6 galileo.jupiter.nasa.gov (xxx.xxx.xx.xxx) 2.246 ms 2.006 ms 1.168 ms

    7 206.220.243.49 (206.220.243.49) 16.222 ms 14.125 ms 16.237 ms
    8 fullnet.okcity.good.net (209.140.161.2) 32.884 ms 34.316 ms *
    9 edug.gadwale.com [gadwale.com] (216.226.24.76) 35.227 ms 60.082 ms 63.112 ms
  • Goodness. I bet that those kids feel really 1337 too. "Look ma, I downloaded a script and killed some astronauts." "I learned all of my 1337 hacking from www.scriptkiddie.com, I downloaded this program and..."

    *Dungeon Dweller smacks the script kiddie population*
  • Where Homer opens a bag of chips and they end up all over the Command Module. It could have happened with a Box of Ritz. Well, that's the first thought I had when I saw the headline...
  • Oh riiiight! WarGames, how could I have forgot!

    Cheesy movie, but at the time (late 70's - early 80? ) it seemed really cool (hell, I had an acoustic coupler just like that! Probably around the same age too).

    That's right -- the WOPR was dialing him back to play a game. 'Global ThremoNuclear War, anyone?' :-)

    Have to stop by the local video rental hole on the way home and see if I can pick it up. A bowl of popcorn, 3 or 18 beers and Ally Sheedy might just make my night!
  • As one of my esteemed colleagues pointed out this morning, this is mostly just the BBC hyping a (domestic) show that's going out tonight ('Panorama') with a pseudo-'news' spinoff. Read the NASA quotes carefully and it's obvious the cracker / DoSer never got near actual live production systems.

    Panorama used to be good - or at least, I remember it being good, perhaps I just didn't have the web to compare it against in those days. Nowadays it's been largely dumbed down and become increasingly sensationalist, along with the rest of their (domestic terrestrial) output.

    BBC News 24 (reputedly) and the World Service (from personal experience) are still good, though.


    Camaron de la Isla [flamenco-world.com] 'When I sing with pleasure, my

  • I can just see the authorities rounding up linus torvalds as we speak

    Officer:"FREEZE! Boy you in a heap of trouble!

    Torvalds: "What are you talking about?!?!"

    Office: (sternly) "We have evidence that you're a known HACKER!!!!!!!"

    Torvalds: "Yes, that's right. I created....aaaaahhhh!"

    Linus falls to the ground as several FBI attack dogs wrestle with his legs...He's sent up to San Quentin to spend the rest of his days bartering for pudding. Thanks to the good work of all our law enforcement officials for rounding up all of the sinister and evil HACKERS, lest one of them be allowed to roam free, creating things like Linux and the UBL.

    Can someone send AP a copy of the Hacker Jargon File please!?!?!?!?!


    FluX
    After 16 years, MTV has finally completed its deevolution into the shiny things network
  • Yes, it is. All the data systems within Mission Control are isolated within a LAN that has only a couple of connection points to the outside world. These connection points are guarded by firewall hardware. The firewalls allow only outgoing connections, and only then on a couple of ports. The machines connected to the outside of the firewalls only have a couple of services enabled, and only allow connections out to a limited set of IP addresses.

    Furthermore, all connections to the outside world -- both voice and data -- can be physically disconnected at the throw of a switch.

    A couple of years ago, a group I work with wanted to enable a new "tap" into the MCC telemetry systems. We wanted to allow outcoming data only, and proposed the same kind of firewall protection used by existing connection points. It still took nearly an act of Congress to get our tap installed.

    I've talked with NASA's information-security people, and they're nothing if not overcautious. They're not all technical geniouses, but they do employ some. For example, I know that they employ "white-hat" crackers to perform penetration tests of their systems.

    So, are NASA's security arrangements foolproof? Certainly not, but I have a hard time taking that article at face value. The suggestion that a cracker from somewhere out on the net penetrated NASA's systems doesn't seem as likely as other explanations: That the reporter got the story wrong -- that the problem wasn't actually within MCC. Or that there was a problem, but NASA's technical people, unable to come up with the real explanation, invented a cracker to blame. Or even that the cracker existed, but came from within the MCC.

    --Jim
  • Good point, but then again corporations are hardly ever convicted of criminal activities, especially negligence such as creating a crappy OS. That tends to be civil suits, etc, that act as punishment. So if you crack into an NT machine which is running someone's life support, and you get in because of a security hole (netscape's engineers are weenies!), you can be convicted, and microsoft will have to pay $$$ to the victims family. Maybe.

    BTW, I'm gonna check to see if my health insurance covers BSODs....
  • I thought you meant that somehow a Nabisco(tm) product had endangered them or something. The title of the Slashdot article is very misleading. When I read the CNet article, it made much more sense.
  • I'd say you're right; Oran's Dictionary of the Law [wld.com] defines manslaughter as:

    A crime, less severe than murder, involving the wrongful but non-malicious (see malice) killing of another person. There are various categories of manslaughter. In some states voluntary manslaughter is a killing in a sudden rage such as occurs during a quarrel and fight, and involuntary manslaughter is a killing with no intention to cause serious bodily harm, such as by acting without proper caution.

    However, I think you could make a case for "reckless homocide," as "reckless" is defined:

    "Reckless" can mean anything from "careless and inattentive" or "indifferent to consequences" to a "willful disregard for danger to the life or safety of others."

    So of which one the cracker would be guilty depends on the circumstances and/or intent of the cracker. Murder doesn't seem to apply, given the definition:

    "Murder: The unlawful killing of another human being that is premeditated (planned in advance) or is with malice aforethought (see that word). Most states divide murder into first and second degrees. First degree murder usually involves a willful and deliberate killing, such as by torture or lying in wait, or killing during the commission of another felony such as arson, rape, robbery, and kidnapping. Second degree murder is less serious, but still worse than manslaughter."

    Unless the cracker intended to kill the astronaut, and either premeditated the killing or had prior malicious intent, which seems unlikely in this case.

  • by sammy baby ( 14909 ) on Monday July 03, 2000 @06:07AM (#961793) Journal
    if a cracker really screwed something up and the astronaut died as a result, is it murder?

    (IANAL)

    It depends on how the perpetrator was charged. If charged with a felony (which is the likely scenario), then the "felony murder" rule is invoked. This states that any death which occurs as a result of the commission of a felony is automatically murder, not manslaughter. Examples:

    • A shopkeeper catches you stealing a candy bar, flies into an apoplectic rage, has a heart attack, and dies. Since stealing a candy bar is a misdemeanor, you might be charged with manslaughter, but no prosecutor would bother taking the time to pursue it.
    • A shopkeeper catches you stealing a candy bar, you pull a gun on him, and he has a heart attack and dies. Because armed robbery is a felony, and because your actions precipitated his heart attack, you can, and most likely will, be charged with felony murder.
    • Same situation, but instead of having a heart attack, the shopkeeper flees out into the street, where he's hit by a car and dies. Because he was fleeing you and the big gun you pointed at him during the commission of a felony, you get charged with felony murder.
  • Where does it say in the article that the hacker got to the system through the internet? I didn't see that. Are you assuming that's the only possible way?
  • Wouldn't making sure the network was totally isolated from all other networks prevent this sort of thing from happening?

    Yes, it would, and if the story is true, then I'm absolutely stunned. When I worked for the MoD, we had one machine connected to the Internet, and it was in it's own room, required clearance to even use it, and it wasn't connected to any other machines. The concept that the main servers would be even physically connected to the Internet was laughable. It just doesn't happen. I guess NASA doesn't have the same standards as the military...

  • Actually a good point was made by my Mother who sent me this article. If intent can't be proven, it should be manslaughter. However Murder or Manslaughter, there ought to be a charge of treason. The person in New Jersey who wrote and released the Melissa virus should have been brought up on charges for the damage he did to the USMC's E-Mail servers...totally shut them down till the viruss could be cleared out. Admittidly E-Mail service isn't meant for secure information but the fact remains that the person performed a disruption in a US Government service.

    Ought to work in the case of 'accidently' killing an astronaut too.
  • by Cy Guy ( 56083 ) on Monday July 03, 2000 @06:24AM (#961798) Homepage Journal
    good. thing they aren't using NT...

    Actually, per N etcraft [netcraft.com] they're running just about every OS you can name on at least one of their 456 publicly accessible webservers. A quick check of a few of them showed NT, Solaris, IRIX, and Linux.

    When you put the sheer number of webservers they are running in perspective with 500k cyberattacks in a year, it means they are only getting about 3 attacks per day per webserver.

    With all the possible points of entry, and inconsistent OS usage, I don't think it's surprising that a few backdoors were found.

  • >I've always wondered how they would have managed to put the WOPR back to work after it had the realization that 'The only winning move is not to play'.

    CTRL+ALT+DEL
  • Right, my point exactly. Hacking a Hospital, taking the network down which causes everyone in the ICU to die is not murder. It's stupid, you made people die, but you won't get the chair.

    Sitting out in from of you wife's lover's house waiting for him to come home and then running him down in the driveway is murder.

    Getting loaded and driving through a 7-11 at 2am and killing a bunch of people is manslaughter (or at least, that's my story and I'm sticking to it!) :-)
  • Call me crazy, but a quote from the Gross guy said something like "it shows the potential hackers have to do damage to nasa systems." Okay, now comes the CRAZY idea. Don't hook the vital systems to the internet.

    Now, since I'm sure that statement is over simplified, why not make sure systems can't be traced back to the internet.

    Somehow I doubt this ACTUALLY happened. Why would NASA have its shuttle monitoring systems networked in a way that an outside connection could be made to them? even if it meant getting into one system, then another, then another, and finially whatever this article is claiming they interfered with.....how many people know how those systems are networked?

    ---
  • by luckykaa ( 134517 ) on Monday July 03, 2000 @05:39AM (#961806)
    Wouldn't making sure the network was totally isolated from all other networks prevent this sort of thing from happening? I just don't see how this was possible in the forst place.
  • Look: I know that a lot of people are on a fool's quest to preserve the ancient meaning of the word 'hacker', but the word cracker is a terrible substitute. I honestly thought that a Saltine had wedged itself into the shuttle's computers.

    The mass media has changed the meaning of the word hacker into something negative. What's the big problem with that? Words have changed meaning throughout history. 'Awful' used to mean about the same thing as 'awesome', and 'gay' used to mean 'happy', but they really aren't used that way anymore. The world has moved on.

    The Hacker Dictionary can deny this fact all it wants and claim that the negative meaning is deprecated, but the truth of the matter is, most of the English speaking world thinks of hackers as guys who break into NASA. And everybody understands what "hacker" means when used in an article like this. Give it up.

  • The Jury doesn't have to answer to anyone (unless it can be shown the the jury was tampered with). This is the whole reason a jury exists...it is the FINAL Check on the system.

    I wish this concept was taught to more people. When in the court, the judge (and whichever side is more conservatively interpreting the laws) hammer the jury with admonitions that they are ONLY supposed to decide whether the person violated the law or not, and are not supposed to judge the law itself. The jury rarely gets instruction from lawyers that they are also responsible to judge the law itself.

    I think it's also part of the lawyer's game, that if they think they'll get a more favorable ruling through strict interpretation of the law (by technicalities, for instance), that they'll try to get a trial by judge instead of jury, since the judge is honor-bound to pay more attention to the laws than to the ethics.

  • by LaNMaN2000 ( 173615 ) on Monday July 03, 2000 @05:41AM (#961813) Homepage
    Astronaut Michael Foale, who was part of the 1997 mission, told the BBC he was not informed of the problems at the time but found the revelations intriguing.

    You would think that the astronauts would be notified if there were sudden anomalies with their vital signs. At least an inquiry as to their status and a mention of the bad readings would be expected. I wonder if this is not just more PR designed to encourage stricter computer crime legislation and get NASA more funding for IT security.
  • Any deaths directly caused by the commision of a crime are murder.

    I was under the impression it had to be a felony.

  • by rifter ( 147452 ) on Monday July 03, 2000 @11:53AM (#961823) Homepage

    Interestingly enough, there is a group that proclaims a phone number, 1-800-TEL-JURY which prescribes the same thing. One important point made: if a jury believes the law to be unjust or unjustly applied, they can reach a not guilty verdict even if they believe without a doubt that the person in question committed the act.

    Of course, juries are often instructed otherwise by judges and lawyers, and since they are often uneducated and rarely if ever legally educated, they are apt to listen. And for people with 1-800-TEL-JURY signs to be outside the courthouse has been counted as jury tampering in the past, and invalidated their rulings.

  • It's just the ugly head of the 'Hacker/Cracker' debate rearing into view.. We know that the fellow was a cracker, but either AP doesn't know or doesn't care. 'Hackers' are evil, scary guys to be persecuted in the media, doncha know?

    He's correcting their grammar, nothing more..

    Hemos might also have started a Holy war with his correction, but the trolls and instigators have yet to notice, so we'll see..
  • I believe thats the difference between manslaughter and murder - pre-meditated vs. accidental (but still with malicious intent). IE if I am driving drunk, and run over you, I can be charged with manslaughter even though I never intended to run you over.
  • I personally, would just like to advocate giving up on the hacker/cracker debate. My initial reaction when seeing the headline was wondering how Saltine's could have gotten into the equipment.

    Once a word, such as hackers, has made it's way into the lexicon so deeply, you can't reverse it.

    Take politically correct words, which have social stigma attached to the incorrect words. How many of us take the time to say Native American instead of Indian? Or African-American instead of black? Why should John Q. Public or Jane P. Media take the time to care about hacker vs. cracker? Especially when everyone knows what a hacker is, right?

    And cracker already has two definitions, does it need more? It's already a slang term for a white redneck, as well as a tasty high-carb treat.
    ---
  • by zyqqh ( 137965 ) on Monday July 03, 2000 @05:46AM (#961841)
    Everyone, pick your favorite NASA official, and send him a little gift of "Firewalls for Dummies." Or "for Complete Idiots" -- did that come out yet?

  • The CNET version was the AP story. Wired has Reuters coverage of this [wired.com].
  • My guess, being a careful student of Law & Order and NYPD Blue (which makes me a legal expert, you know), is that he/she would be charged with Involuntary Manslaughter. The cracker didn't mean to kill the astronauts, but his actions caused their deaths. For it to be Murder the cracker would to have had the intention of killing the astronauts.

  • by dave ( 223 ) <dave@whitinger.net> on Monday July 03, 2000 @05:47AM (#961847) Homepage
    Heh, I'm surprised that you left out the obvious parallel with the time Homer caused havoc by bringing potato chips into space with him.

    Where's that Inanimate Carbon Rod when you need it? :)
  • by levendis ( 67993 ) on Monday July 03, 2000 @05:48AM (#961851) Homepage
    IANAL, but yes, this would be murder, or at least manslaughter, if someone died as a direct result of the hackers actions. What's the difference between hacking into a hospital computer and deactivating someone's life support, versus simply walking up to and clipping the cords with a bolt cutter? Just because the former was done with a computer doesn't make the action any less deadly.

    Also, your question about why these systems were connected to the internet: first, you don't know that for sure, it may have been a dialup or even someone overriding the actual satellite link up. Second, its becoming more & more clear that everything is going to be on the internet soon enough. As we move to a fully "wired" and interconnected world, issues like this are going to become more & more serious. I have no doubt that pretty soon we will have to deal with the legal question of whether a cracker can be judged as a murdered.
  • I just watched the panorama programme. The NASA incident was a fairly small item near the end. Most of the show was about how easy it is to break into Microsoft programs. They interviewed Cult of the Dead Cow, had a demo of Back Orifice, interviewed the guy who runs AntiOnline, and had someone from a British computer security company say that things will remain bad while Microsoft is driven by features, not security.

    On the whole it was not as bad as some of the stuff that gets broadcast.

  • I wonder if this is not just more PR designed to encourage stricter computer crime legislation and get NASA more funding for IT security.
    I have to say that I ultimately agree. One should consider that the episode of the BBC show Panorama, where this report comes from, is specifically discussing computer security as a weak point in Western defense. Secondly, the story itself seems a bit over stated.

    I think a bit of a background perspective would help a lot in considering the "truth" to this story.

    Let's make our first assumption in that the center being discussed in Johnson Space Center, home of Mission Control. JSC has become one of the more network security aware centers within the NASA environment in recent years. That's not to say there aren't problems. JSC is one of the few that is at least aware of a network security clue train and occasionally buys a ticket and takes a ride. When they'll actually begin buying monthly passes is another question.

    JSC confronts many of the same technical vulnerability issues other research institutions face. This means that much of JSC is ultimately vulnerable (hint to Joe Scriptkiddy - taking a NASA engineer's under-administered Linux test box is neither proof of any real skill, nor is it particularly enlightening to NASA officials). JSC is aware of this and treats Mission Control with extra precautions. Truly mission critical hardware is not going to be manipulated directly by Internet traffic. That's not to say that a network attack of some kind can't have some effect on a mission. And here's a key point. Even a minor effect provides a politician with plenty of fuel to fan the fires of hysteria. And don't expect it all from our elected officials. NASA is ran by politicians.

    NASA (and ultimately JSC) network vulnerability is due to more than technical issues. There's a cultural clash within the security framework internal to JSC, NASA, and very likely many other Governmental institutions. Network security policy is being formed by old-guard "physical security" personnel. Network security is a fast-changing and alien environment to many of these officials. The technical targets shift at a rapid rate, and new ways of thinking often challenge old standbys (IE: debunking security through obscurity). Unfortunately, many physical security concepts do not transfer well to the new network security environment. There are occasional flashes of insight... and many more attempts to cling to the old, better-known environment.

    One example of this is the penchant for prosecution. Its amazing to watch an organization bemoan a lack of funding to support security administration of an environment, then light up at the opportunity to pull production equipment offline and spend untold amounts of money and man hours to track down a script kiddy for defacing a minor internal web site. Spending funding on preventing the incident in the first place seems to get lost somewhere in the upper echelons.

    So if today's mission control is safe from Joe Scriptkiddy, where'd this incident come from? 1997. In my experience, the mid 90's were way before the network security clue train - there wasn't even tracks laid down. It wasn't until the end of the decade that network security began to show up as a serious issue and positive steps were being made to do something about the situation. 1997? History.

    So sure, NASA could use some improvement of their network security environment. And they certainly could use the funding. But to say there's lives on the line - that's political kindling to pass legislation and cook up some National Infrastructure Protection Center funding.

  • Am I the only one who finds these articles so devoid of actual information that they are pretty much worthless in terms of determining if these events actually happened?

    For one thing, how did the cracker manage to penetrate NASA's communications system in the first place? I imagine they aren't stupid enough to give it any connection to the Internet - in fact, I'd hope all connections to and from the shuttle, and any computers and networks vital to the shuttle missions, are sealed from the 'net by an airwall. This would mean the cracker somehow found another way in, got past (hopefully) some sort of security...I don't know. I don't give this story much credibility. I wonder if perhaps NASA's just trying to cover up Yet Another Systems Failure.

    My $0.02 Cdn, so it's not worth that much...
  • If he linked to a story that read "capitalist pigs abuse workers", would it be okay for him to change the heading to "Microsoft Accused to Illegal Labor Practices"?
  • I don't know, but I always liked hacker better. Though it is usually the name (umong geek circles anyway) to computer code hackers, it saves me from problems like this. Being, as it is, July 3rd, I thought that the "cracker" he was reffering to was actually a fire cracker. I thought that somehow fire crackers were set off near NASA headquarters, thus damaging equiptment... Anyway, I think that this latest cracking is reprehensible. C'mon, these guys are doing life-threatening things anway, and there is no need to escalate their problems anymore. I'd like to see the first guy who gets the death-sentence for cracking because he somehow manages to make a space shuttle crash. (Now there's a Supreme Court case for you.) Also, NASA really ought to beef up security. It is a sad thing, that it takes something to go really wrong before government agencies change security or safty characteristics (like Los Alamos lab.) I hope we don't have to have 4.5 million pounds of space shuttle crash down 5 seconds after launch because some basterd decided to flex his cracker muscles.
  • tell them that those .vbs email attachments should not be opened.
  • Uh, let me rephrase that...
  • OK, after reading the headline 'Cracker Endagers Astronauts' who didn't think it was about some redneck parking his trailer on the shuttle landing strip? Ok maybe it was just me.
  • Interesting that Hemos changed the word "Hacker" to "Cracker". The article does not containg the word "Cracker". Are you guys shaping the news or reporting it?

No spitting on the Bus! Thank you, The Mgt.

Working...