it was concerning the Jet Propulsion Laboratory network coming under attack from threat actors. Now the alleged hacking action is said to have actually taken place from space itself. It has been reported that NASA is investigating an accusation that an astronaut accessed a bank account belonging to an estranged spouse; while aboard the International Space Station. If the allegations of identity theft and improper account access turn out to be accurate, this could be the first cybercrime committed off-planet.
Why is NASA investigating space hacking claims?
Anne McClain, a former U. S. Army pilot who flew more than 800 combat hours during Operation Iraqi Freedom before joining NASA in 2013, has been accused of identity theft and improper access to private financial records.
The New York Times report details how Summer Worden, Anne McClain’s estranged spouse, put her skills as a former U.S. Air Force intelligence officer to work when she suspected McClain had been accessing her bank account. Having contacted her bank for details of the locations of logins to the account, Worden discovered one of the computers, where her login credentials were used from, was registered to NASA.
McClain was aboard the International Space Station at the time, due to be part of the ill-fated all-female spacewalk, and putting two and two together led Worden to the conclusion that she had found her bank account hacker.
What does Anne McClain say?
McClain, who has since returned to Earth following her six months in space, has admitted that she did, indeed, access the account while aboard the International Space Station. The newspaper report stated that, under oath and via a lawyer, McClain insisted she was making sure there were sufficient funds in the account to care appropriately for the child they had been raising together. “She strenuously denies that she did anything improper,” lawyer Rusty Hardin stated, adding that McClain was “totally cooperating.”
Cooperating that is, with the investigators from NASA’s Office of Inspector General. Worden filed a complaint with the Federal Trade Commission. The New York Times, however, confirmed that there had been no indication of any funds being moved from the bank account. It further reported that Worden’s family filed a complaint with NASA. According to Business Insider, “Worden’s parents said in a separate complaint that McClain accessed the bank account as part of a “highly calculated and manipulated campaign” to obtain custody of Worden’s son, who was born about a year before the couple got married.”
In a statement posted to Twitter on August 24, McClain said: “There’s unequivocally no truth to these claims. We’ve been going through a painful, personal separation that’s now unfortunately in the media. I appreciate the outpouring of support and will reserve comment until after the investigation. I have total confidence in the IG process.”
What does NASA have to say?
In a statement published by Space.com, NASA officials said “Lt Col. Anne McClain has an accomplished military career, flew combat missions in Iraq and is one of NASA’s top astronauts. She did a great job on her most recent NASA mission aboard the International Space Station. Like with all NASA employees, NASA does not comment on personal or personnel matters.”
Who has legal jurisdiction in space?
When it comes to breaking the law in space, you might think that jurisdiction could be a tricky thing. You would be wrong. BBC News stated that a legal framework exists that dictates any crime committed in space would be under the jurisdiction of the country of origin of the astronaut concerned.
The ethical hacker perspective
John Opdenakker, an ethical hacker and something of an expert when it comes to password best practice, says that “if you share passwords for certain accounts you should reevaluate this whenever your situation changes.” It’s a general best practice not to share any passwords, Opdenakker insists, even when it’s your partner you should limit account sharing to the bare minimum. “I wouldn’t share my bank account password, my partner and I both have our own user accounts for our shared bank account,” Opdenakker says, concluding with some very down to earth advice: “don’t share your password for your bank account in the first place and change shared passwords if your personal situation changes.”
Updated August 25, 2020: This post was updated with statements from both NASA and Anne McClain