NASA investigates hacker document theft

NASA cybercrime investigators are looking into the theft of militarily significant design documents pertaining to the next...

NASA cybercrime investigators are looking into the theft of militarily significant design documents pertaining to the next generation of reusable space vehicles.

The documents, which are restricted under export laws from being shared with foreign nationals or governments and are also strictly controlled under the International Trafficking in Arms Regulations (ITAR), were leaked from a hacker who claimed to be based in Latin America.

The documents had been authored by contractors from Boeing and a joint venture between propulsion companies Pratt & Whitney and Aerojet.

All of the vendors also labelled the documents "competition sensitive" and, while it is not yet clear whether sensitive data on military and commercial technologies may have been compromised, defence and intelligence experts said the incident could have both national security and political ramifications.

NASA spokesman Bob Jacobs confirmed that the documents contained sensitive military information and should have been stored in a closed database. There is no information on how or from where the documents were stolen, and investigators could not confirm if a hacking incident had taken place.

However, a hacker known only by the nickname RaFa, a former member of the now defunct World of Hell Hacker gang, uploaded more than 43MB worth of documents to a Web site, including a 15-part Powerpoint presentation that included detailed engineering drawings.

The documents also included detailed mechanical design information on the Cobra space shuttle engine design program, and the risk reduction plan for the Boeing TA4 Advanced Checkout, Control & Maintenance System (ACCMS), the ground control system for the next generation of space shuttles.

NASA's 2nd Generation Reusable Space Vehicle program is part of NASA's long-term Space Launch Initiative, a multibillion-dollar effort to design safer and more efficient space transportation by 2005.

The US Defense Department is a key partner in the effort because of its interest in the program's applicability to military satellite programs and future military space plane designs.

"These particular records would probably be of most interest to a country trying to build their own space launch vehicle," said Steven Aftergood, an analyst at the Federation of American Scientists in Washington. However, he added, "I'm not sure that anyone else could use them either for good or ill."

On the other hand, "the ITAR provisions are quite strict, and they entail serious penalties for violations," said Aftergood. "If a private person transferred ITAR documents abroad he could be subject to hefty fines or jail time."

Allen Thomson, a former CIA scientist, said this type of information would likely to be of interest to so-called "peer competitors" in the commercial and military space market, such as Russia and Japan.

Read more on IT risk management