Cybersecurity | October 15, 2021

Cybersecurity Scary Stories: Infiltrating NASA

In space, no one can hear you scream. Not even NASA is safe from cybercrime.  

The year is 1999. The specter of Y2K looms large in the near future. But amid our ill-informed panic about the Millennium bug (remember that? I don’t!), a real threat emerges. On the precipice of the digital revolution, both NASA and The United States Department of Defense fall victim to a serious data breach.  

The culprit? 

A Florida teen.  

Using the codename “c0mrade,” 15-year-old Jonathan James infiltrated what were, at the time, some of the most advanced digital security systems in the country. Prolific not just for his age but also for the caliber of his skills, James has since become a legend among cybercriminals and cybersecurity experts alike. Student by day, hacker by night, his story is emblematic of how negligent we were then – and a reminder of how negligent many of us continue to be today – where cybersecurity is concerned.  

In June of 1999, James came across a particularly weak firewall in Huntsville, Alabama.

By installing a malware “backdoor” onto this server, James was able to access 13 computers at the Marshall Space Flight Center, a facility unique for its role in developing rocket engines and the communications system for the International Space Station (ISS).  

Once inside Marshall’s systems, James was able to download $1.7 million worth of NASA proprietary software in the form of the source code that supported the physical environment of the ISS, including the control of the temperature in the living quarters.  

No small feat.  

James, with his simple malware in tow, was able to access controls that had the potential to put NASA astronauts in immediate danger if used. What’s more, once the breach was discovered, NASA induced a 3-week shutdown to take stock of their systems. A call that cost them nearly $42,000.  

As if infiltrating NASA wasn’t enough, James went on to hack into another government agency later that same year. In September, he discovered a similar “backdoor” installed on a server in Dulles, Virginia. Through this access point, James was able to break into the computers of the Defense Threat Reduction Agency (DTRA), a division of the U.S. Department of Defense that monitors nuclear, biological, chemical, and conventional weapons threats.

While James would go on to serve a 6-month prison sentence (and was the first minor to do so for hacking), it should be noted that, aside from accessing sensitive information, James didn’t do anything damaging. No data was released, no systems were broken. This is perhaps the most impressive aspect of Johnathan James’s hacking career. In an interview with PBS’s “Frontline”, James said that he could have easily remained undetected in both NASA’s and the DTRA systems if he had “covered his tracks”, he just didn’t think that he had to; Johnathan never intended to harm anyone.  

This, however, begs the question: if a teenager with no intent to harm can easily break into high-level systems, what can those with a vested interest in cybercrime accomplish? Though much has improved since 1999, it’s true, are we sure that we are doing everything we can to protect our data?

Are you confident that your cybersecurity is strong enough to withstand large-scale breaches, malicious or otherwise? 

Keeping your technology safe is just as prescient now as it was in 1999. Infiltrating NASA was just the tip of what has since revealed itself as a massive iceberg of cybercrime. 

In fact, protecting your sensitive information is more important today than ever before; EMPIST is here to help. Learn more about our cybersecurity services by contacting team EMPIST online today.  


(Sources: ABC News, New York Times, AP News, Frontline)