Julian Assange may have needed a mole inside the Army to get sensitive government documents for WikiLeaks, but thanks to the lax IT procedures at NASA, it looks like he may have only needed an eBay account. Due to weak security measures and an agency culture that struggles with properly handling property transfer, NASA sold hard drives to the general public that contained information that could help hackers penetrate the space agency's computers, according to a new report from the NASA's Office of Inspector General (OIG).
The computers were left over from the shuttle program, which NASA sold off publicly after they had been properly sanitized of any sensitive information. However, it seems that a combination of poorly designed procedures and individual failures led NASA personnel to skip that sanitation step. Overall, 10 entires PCs that might have contained IP information and other sensitive data are known to have ended up sold to private citizens.
"During our audit, we discovered significant weaknesses in the sanitization and disposal processes for IT equipment at four NASA Centers – Kennedy and Johnson Space Centers and Ames and Langley Research Centers," the report reads.
This is not the first time that NASA has come under fire for poor information technology and equipment management. According to the Government Accountability Office (GAO), NASA misplaced $94 million in equipment between 1997 and 2007, and failed to meet their goals of stopping such losses in six of those ten years.
A 2007 GAO report portrayed a NASA culture where property mismanagement and loss rarely results in punishment. In one instance, a NASA employee escaped punishment despite providing an explanation for losing a laptop that consisted of the excuse "this computer, although assigned to me, was being used on board the International Space Station. I was informed that it was tossed overboard to be burned up in the atmosphere when it failed," the 2007 GAO report said.