It looks as though NASA still have IT security issues.
QuoteA 26-year old Romanian hacker has been arrested for damaging computer systems at NASA, according to a release from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT). Robert Butyka is charged with breaking into an unspecified number of servers at NASA starting in December of 2010.
SOURCE (http://arstechnica.com/tech-policy/news/2011/11/another-romanian-hacker-arrested-for-breaching-nasa-servers.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29)
Earlier in the year another hacker also demonstrated the vulnerability of the systems.
QuoteNASA has become something of a reputation-building target for Romanian hackers. In an unrelated security breach in May of this year, another Romanian hacker claimed to have stolen classified satellite data from servers at NASA's Goddard Space Flight Center. That hacker, who calls himself TinKode, posted screen shots from an FTP server related to NASA's SERVIR Earth observation program, which provides data to relief agencies and other humanitarian organizations.
And in 2008, another Romanian, Victor Faur, was convicted in Romania of hacking NASA and US Navy sites in 2005 and 2006. He avoided jail time, but was fined $238,000 to compensate the US for damages.
SOURCE (http://arstechnica.com/tech-policy/news/2011/11/another-romanian-hacker-arrested-for-breaching-nasa-servers.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29)
It really gives you confidence that NASA or any part of the rest of government computers and computer networks are very secure, NOT!
One of the things that our government has not learned is that they have not learned from history ala Gary McKinnon.
Gary McKinnon, when he was on the NASA computer, said he did a Netstat, and that there were 'others' connected to the same network from countries such as Turkey, Eastern Europe etc. etc.
He used the old, blank Administrator Password hack, to gain access, and said that they distribute a Master image to 5,000 computers. This is common practice in large Corporations.
Every yearly audit of the Defence Systems Computers gives a bleaker and bleaker picture.
While on the NASA computer he could access other .mil computers on other networks because of the familiarity clause. You have to be a .mil to access other .mil computers, and if you are a .mil you are trusted.
Makes you wonder if they really care about security or it is a 'Honey Pot' set up to catch those who would dare attempt to hack their networks ;D
I can only imagine what the hackers came across 8) hope they share some of the more interesting finds with us soon.
QuotePaul K Martin said hackers took over Jet Propulsion Laboratory (JPL) computers and "compromised the accounts of the most privileged JPL users".
He said the attack, involving Chinese IP addresses, was under investigation.
In a statement, Nasa said it had "made significant progress to protect the agency's IT systems".
Mr Martin's testimony on Nasa's cybersecurity was submitted to the House Committee on Science, Space and Technology's Subcommittee on Investigations and Oversight.
I wonder how long this went on for before the alarm bells rang. :o
QuoteState of security
In the document, he outlined how investigators believed the attack had involved "Chinese-based internet protocol [IP] addresses".
He said that the attackers had "full system access" and would have been able to "modify, copy, or delete sensitive files" or "upload hacking tools to steal user credentials and compromise other Nasa systems".
Mr Martin outlined how the agency suffered "5,408 computer security incidents" between 2010 and 2011.
He also noted that "between April 2009 and April 2011, Nasa reported the loss or theft of 48 Agency mobile computing devices".
In one incident an unencrypted notebook computer was lost containing details of the algorithms - the mathematical models - used to control the International Space Station.
Nasa told the BBC that "at no point in time have operations of the International Space Station been in jeopardy due to a data breach".
WTF
continue reading here
http://www.bbc.co.uk/news/technology-17231695
Good job! I hope they will make it public if theres anything that we should know..
Yeah, that makes no sense! Codes on a computer disappearing but no operations in jeopardy?
Huh?
But what else can NASA say? "Uh oh. We're in BIG trouble?"
NASA says laptop with space station control codes was stolen:
QuoteA stolen US space agency laptop containing codes that control the International Space Station did not put the orbiting lab in peril, a NASA spokesman said on Friday.
The unencrypted notebook computer went missing in March 2011 and "resulted in the loss of the algorithms used to command and control the International Space Station", NASA Inspector General Paul Martin told lawmakers this week.
But the US space agency insisted that international astronauts were never at risk aboard the research outpost.
Advertisement: Story continues below
"NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach," spokesman Trent Perrotto said.
The theft was alerted to Congress on Wednesday along with 5408 computer security "incidents" that resulted in unauthorised access to NASA systems or installation of malicious software in the past two years, Martin said.
Perpetrators are suspected to include small-time hackers, organised criminal networks and foreign intelligence services.
The attacks affected thousands of NASA computers and cost the agency more than seven million US dollars in 2010 and 2011, he said.
Over the past few years, investigations have resulted in the arrests and convictions of hackers from China, Great Britain, Italy, Nigeria, Portugal, Romania, Turkey, and Estonia, he said.
One cyber attack still under investigation happened in November 2011, when NASA's Jet Propulsion Laboratory (JPL) in California reported "suspicious network activity involving Chinese-based IP addresses", he said.
"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he added in testimony to the House Science, Space and Technology subcommittee.
"In other words, the attackers had full functional control over these networks."
To better guard against such attacks, "NASA needs to improve agency-wide oversight of the full range of its IT assets," and must encrypt more of its mobile and laptop devices, of which just one per cent are currently encrypted, he said.
Until then, NASA "will continue to be at risk for security incidents that can have a severe adverse effect on Agency operations and assets".
NASA's spokesman said in response that the space agency is in the process of implementing his recommendations and has made "significant progress to better protect the agency's IT systems".
http://www.smh.com.au/technology/sci-tech/nasa-says-laptop-with-space-station-control-codes-was-stolen-20120303-1u9b5.html#ixzz1o1QrnBDO (http://www.smh.com.au/technology/sci-tech/nasa-says-laptop-with-space-station-control-codes-was-stolen-20120303-1u9b5.html#ixzz1o1QrnBDO)
Could NASA security be anymore lax?
Is it just because they don't have any money or are they stupid?
If you cant secure systems.... take them offline..... simple! 8)
Hacking NASA - A New International SportWell we all remember Gary McKinnon's infamous and useless hack attack of NASA for which he still hasn't been extradited for :P
You would THINK the Bozo's at NASA would have smartened up but no....
Stolen NASA Laptop Contained Space Station Control CodesAnd no encryption for supervillains to crack
By Brid-Aine Parnell • Get more from this author
Posted in Enterprise Security, 1st March 2012 13:21 GMT(http://i.huffpost.com/gen/518976/thumbs/r-INTERNATIONAL-SPACE-STATION-large570.jpg)
QuoteA NASA laptop stolen last year had not been encrypted, despite containing codes used to control and command the International Space Station, the agency's inspector general told a US House committee.
NASA IG Paul Martin said in written testimony (PDF) to the House Committee on Science, Space and Technology that a laptop was stolen in March 2011, which "resulted in the loss of the algorithms used to command and control the ISS".
Martin also admitted that 48 different agency laptops or mobile devices had been lost or stolen between April 2009 and April 2011 (that NASA knows of). The kit contained sensitive data including third-party intellectual property and social security numbers as well as data on NASA's Constellation and Orion programmes.
The actual number of missing machines could be much higher, because the agency relied on staff to 'fess up when their notebooks were lost or stolen and admit what information was on them.
Okay so Gary's hack was 2001 and this is 2012 and the spokes person fr NASA says;
Quote"Until NASA fully implements an agency-wide data encryption solution, sensitive data on its mobile computing and portable data storage devices will remain at high risk for loss or theft," Martin told the Subcommittee on Investigations and Oversight.
Stolen NASA laptop had Space Station control codes (http://www.theregister.co.uk/2012/03/01/nasa_stolen_laptop_unencrypted/) - The RegisterNASA Cybersecurity: An Examination of the Agency's Information Security (http://science.house.gov/sites/republicans.science.house.gov/files/documents/hearings/HHRG-112-SY21-WState-PMartin-20120229.pdf) - [PDF][Arhived]NASA Space Station Codes Were On Stolen Laptop, Inspector General Paul K. Martin Says (http://www.huffingtonpost.com/2012/03/01/nasa-space-station-codes-stolen-laptop_n_1315018.html) - The Huffington Post
And that's not all....
NASA Computer Hacked, Satellite Data Accessed
17 May 2011 | 06:40 PM ET | Matt Liebowitz, SecurityNewsDaily Staff Writer
(http://www.securitynewsdaily.com/images/i/209/i02/satellite-110517-02.jpg?1323466639)
A hacker claims to have breached a NASA server.
CREDIT: Boeing.QuoteA Romanian hacker claims to have breached a computer server at NASA's Goddard Space Flight Center and gained access to confidential satellite data.
The hacker, who calls himself TinKode, took to Twitter shortly before noon today (May 17) to boast: "NASA Goddard Space Flight Center — (Hacked) 1 Server Access."
On his blog, TinKode posted a screen grab of what he said was a Goddard Space Flight Center FTP server. The screen shot shows files that appear to be connected with NASA's SERVIR program, which uses satellite data to aid in disaster relief, health risk assessments, and climate change and biodiversity issues, wrote Paul Roberts from the security firm Kaspersky Lab.
Rob Gutro, deputy news chief at the spaceflight center, located in Greenbelt, Md., confirmed "there was a breach in the NASA Goddard FTP site" but said it actually took place in April.
"The necessary steps were taken to protect the infrastructure at that time," Gutro told SecurityNewsDaily, adding, "NASA doesn't discuss the details of our IT security but remains vigilant to secure the security of our sites."
TinKode's announcement of his hack came just one day after the final launch of the NASA space shuttle Endeavour before its retirement, and one month to the day after TinKode allegedly hacked into the servers of the European Space Agency .
NASA Computer Hacked, Satellite Data Accessed (http://www.securitynewsdaily.com/698-nasa-computer-hacked-satellite-data-accessed.html) - Security News
NASA confirms satellite hacks in Congressional advisory panel
By Lydia Leavitt posted Nov 2nd 2011 8:40AM (http://www.blogcdn.com/www.engadget.com/media/2011/11/terram1-cropped-proto-custom28.jpg)
QuoteAcknowledging suspicions that two of NASA's earth observation satellites were hacked back in 2007 and 2008, the space agency has indeed confirmed "suspicious events" in a copy of an independent Congressional advisory panel on Chinese / US relations, obtained by Bloomberg News. NASA would not say whether the attacks were organized by the Chinese military as suspected, instead opting to assure the panel that no data was captured or manipulated and that they are working to establish an agency-wide space protection program. According to the report, hackers gained enough access to the Landsat-7 and Terra AM-1 earth mapping satellites to fully command the latter -- choosing not to act on it for unknown reasons. Probably because it'd take an actual rocket scientist in order to do so. Check out the source for more details.TMP
source: Bloomberg News
NASA confirms satellite hacks (http://www.engadget.com/2011/11/02/nasa-confirms-satellite-hacks-in-congressional-advisory-panel/)
NASA Confirms 'Suspicious Events' in Satellite Hacking Report (http://idealab.talkingpointsmemo.com/2011/10/nasa-confirms-satellite-hacked.php) - TMP LabChinese Military Suspected in Hacker Attacks on U.S. SatellitesQuoteComputer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission.
The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month.
"Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," according to the draft. "Access to a satellite's controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission."
Chinese Military Suspected in Hacker Attacks on U.S. Satellites (http://www.bloomberg.com/news/2011-10-27/chinese-military-suspected-in-hacker-attacks-on-u-s-satellites.html) - Bloomberg News
NASA says it was hacked 13 times last year(http://s1.reutersmedia.net/resources/r/?m=02&d=20120302&t=2&i=577819770&w=460&fh=&fw=&ll=&pl=&r=BTRE8211GT900)
QuoteFri Mar 2, 2012 2:00pm EST
(Reuters) - NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.
The National Aeronautics and Space Administration spends only $58 million of its $1.5 billion annual IT budget on cyber security, Paul Martin, the agency's inspector general, told a Congressional panel on NASA security earlier this week.
"Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our nation's competitive technological advantage," Martin said in testimony before the U.S. House Committee on Science, Space and Technology, released on Wednesday. (bit.ly/yQFSB8)
He said the agency discovered in November that hackers working through a Chinese-based IP address broke into the network of NASA's Jet Propulsion Laboratory.
He said they gained full system access, which allowed them to modify, copy, or delete sensitive files, create user accounts for mission-critical JPL systems and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions, he said.
"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he said.
In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees.
Martin said the agency has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.
Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station as well as sensitive data on NASA's Constellation and Orion programs and Social Security numbers, Martin said.
(Reporting By Jim Finkle; editing by Gunna Dickson)
NASA says it was hacked 13 times last year (http://www.reuters.com/article/2012/03/02/us-nasa-cyberattack-idUSTRE8211G320120302) - Reuters News
Revealed: Chinese Hackers Broke Into NASA & Controlled Jet Propulsion LabPosted on March 2, 2012 at 10:07am by Liz Klimas Liz Klimas (http://www.theblaze.com/wp-content/uploads/2012/03/JPL-in-Los-Angeles.jpg)
Aerial of JPL in Los Angeles. (Photo: NASA)QuoteOn Thursday, NASA's inspector general released a report revealing that between 2010 and 2011, the agency had more than 5,000 computer security incidents. An ongoing investigation has revealed that one such attack was on its Jet Propulsion Lab by Chinese hackers, according to Fox News.
Fox News has more on the lab attack, which it describes as a "jewel in NASA's space technology crown:"
That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.
Paul K. Martin, NASA's inspector general, put his conclusions bluntly.
"The attackers had full functional control over these networks," he wrote.
Revealed: Chinese Hackers Broke Into NASA (http://www.theblaze.com/stories/revealed-chinese-hackers-broke-into-nasa-controlled-jet-propulsion-lab/) - The Blaze
Chinese hackers took over NASA's Jet Propulsion Lab, Inspector General revealsPublished March 01, 2012 FoxNews.com(http://a57.foxnews.com/img.foxnews.com/static/managed/img/Scitech/660/371/msl.jpg)
An artist's conception of NASA's next Martian rover, called Curiosity, one of many U.S. missions to the Red Planet run by the Jet Propulsion Lab. (NASA/JPL)QuoteChinese hackers gained control over NASA's Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General.
That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.
Paul K. Martin, NASA's inspector general, put his conclusions bluntly.
"The attackers had full functional control over these networks," he wrote.
JPL is a jewel in NASA's space technology crown.
Chinese hackers took over NASA's Jet Propulsion Lab (http://www.foxnews.com/scitech/2012/03/01/stolen-nasa-laptop-had-space-station-control-codes/?cmpid=NL_FNTopHeadlines_20120301#ixzz1nxj4ZbOq) - Fox News
Hacker High: 10 Stories of Teenage Hackers Getting into the SystemBy IT Security Editors Quotec0mrade — Miami
In 2000, a 16-year-old from Miami known on the Internet as "c0mrade" became the first juvenile to go to jail on federal computer-crime charges for hacking into NASA. The boy admitted to attacking a military computer network used by the DTRA (Defense Threat Reduction Agency) from Aug. 23, 1999 to Oct. 27, 1999. The youth installed a backdoor access on a server that intercepted more than 3,300 electronic messages to and from DTRA staff. The backdoor also accessed at least 19 usernames and passwords of DTRA employees, including at least 10 usernames and passwords on military computers. The unnamed juvenile was sentenced to six months in a detention facility.
Hacker High: 10 Stories of Teenage Hackers Getting into the System (http://www.focus.com/fyi/hacker-high-10-stories-teenage-hackers-getting-system/)Bunch more interesting non NASA hacks in that list, like the kid who had SWAT teams come to bust into peoples houses :o
In ongoing hacking or rather simply logging in a network honey pot, this just projects the system administrators are doing there work even though they leave systems wide open for script kiddies to poke around in.
Mckinnon peep show is so old the fools that left the door open should just say OK, lets move on. Mckinnon seems to be a political dog and pony show. Let say a little game the system plays with itself for others to say, see, they are doing something. Right, hanging the case out like some never ending made for TV show everyone has had enough of and wonder whats up with these numb nuts.
I say this honey pot Venus fly trap of network file fest is all for game show mentality and the real stuff is barricaded behind proxy servers fully encrypted of world.
Thats just me though......
???
(http://i45.servimg.com/u/f45/13/55/53/83/images27.jpg)
maybe i am overly skeptical here..but this sounds like a good ploy for the gov to censor the web
nothing has really actually happened
except they are telling us how easy it is to do
sounds more like nasa and the gov are excessively sloppy in security and we all know they aren't THAT slack
just my take on it..sigh
> no encryption for supervillains to crack..........that a laptop was stolen in March 2011
> A Romanian hacker..took to Twitter shortly before noon today (May 17) to boast
"there was a breach in the NASA Goddard FTP site" but said it actually took place in April.
NASA doesn't discuss the details of our IT security
> Acknowledging suspicions that two of NASA's earth observation satellites were hacked back in 2007 and 2008, the space agency has indeed confirmed "suspicious events"
hackers choosing not to act on it for unknown reasons.
> Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway,
An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission
> Fri Mar 2, 2012 2:00pm EST
(Reuters) - NASA said hackers broke into its computer systems 13 times last year, stealing employee credentials and gaining access to mission-critical projects in breaches that could compromise U.S. national security.
> On Thursday, NASA's inspector general released a report revealing that between 2010 and 2011, the agency had more than 5,000 computer security incidents Fox News has more on the lab attack, which it describes as a "jewel in NASA's space technology crown:"
That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.
> In 2000, a 16-year-old from Miami known on the Internet as "c0mrade" became the first juvenile to go to jail on federal computer-crime charges for hacking into NASA.
Okay a little confusion here....
Over at ATS one of the things that happened a LOT was duplicate threads, or more to the point, many threads that although they are different incidents are all related. On this forum I have a feature that you don't see on other forums (or is not used)
It is called MERGE TOPIC So rather than wasting time with posts like "it's already been posted" over and over disrupting the threads (it was REALLY getting annoying over there) we can merge them here.
What happens is they are sorted by time.... so whoever had the first post will be on top
One example at ATS was the Baltic UFO.... when the SECOND one was found, everyone was so busy screaming "Its already done use search you idiot", that they all missed that this was new info. I even reposted that in the original thread but it wasn't even noticed
Hopefully the merge feature will help solve that. It took me a few tries to get it to go to the right place and you all 'should' have been notified by the system. As I can't see that, you will have to tell me if you did get them :D
I agree with Gigas about that possible 'honey pot trap' and Sky Otter... It sounds too STUPID to not be a setup
The codes to control the ISS on a laptop that gets 'stolen'? Seriously? We all know NASA has been inept lately, yet at the same time we are sure they are covering up Aliens and UFO's so SOMETHING is wrong here.
WHY is NASA even running 'mission critical' stuff on the regular internet anyway? WHY are they not using the secure SiPRNET or other DoD separate networks?
Are they really this stupid? Smells fishy to me
(http://www.thelivingmoon.com/43ancients/04images/Bluebird/Rotten_Yellowfin_Tuna-icon.png)
Not sure how they run things at NASA... but Jim Oberg always tells us NASA isn't hiding any film footage, he no one, including him, can produce the original STS75 Tether video. The copy we have and what is on the net was intercepted by Martyn Stubbs (SecretNasaMan) in Canada using a TV station dish.
They 'lost' the original Moon mission tapes... those tapes were very large reels of 75 millimeter tape and the 'loss' was 700 boxes or 4800 pounds'
So are they really this sloppy? or are we being played for suckers? Remember that they told us Creech Drone Control at Area 51 was hit by hackers, the US Atomic weapons had half of them go offline....
Yet I know for a fact that these guys don't use the regular internet for anything really important... so why are we getting these stories?
The government nets are NiPRNET (for unclassified sensitive level); SiPRNET (for secret level); JWICS (for top secret level) and then the top network, which NJ Mooch back at ATS just called the 'Global'
QuoteOriginally posted by eriktheawful
That type of information would be kept on a LAN system at the facilities, and under serious lock and key. Does not matter how good of a hacker you or a group of you may be, the simple fact remains: if you can't actually access their network, then you can't hack in.
True that... look up NIPRNET (http://en.wikipedia.org/wiki/NIPRNet) (Unclassified but Sensitive Internet Protocol (IP) Router Network (abbreviated as "NIPRNet," but commonly written "NIPRNET")); SIPRNET (http://en.wikipedia.org/wiki/SIPRNet) (Secret Internet Protocol Router Network (SIPRNet)); JWICS (http://en.wikipedia.org/wiki/Joint_Worldwide_Intelligence_Communications_System) (Joint Worldwide Intelligence Communications System (JWICS pronounced JAYwicks) - cleared up to Top Secret and SCI) and there is one higher the 'global' that I won't mention right now ;)
While there IS a doorway to SIPRNET and JWICS from our internet you need a DOD ID card and your IP must originate from a .mil web address :D
nic.mil was the older SIPRNET portal... i guess they got to many pings at the front door from ATS :P because they shut it down... but you can still see the front door via the Wayback Machine
NIC.MIL (http://goo.gl/YcQ70)(http://www.thelivingmoon.com/45jack_files/04images/Intel/NIC.jpg)
The old JWICS Marine portal is also moved but again you can view it via Wayback machine
JOINT WORLDWIDE INTELLIGENCE COMMUNICATION (JWICS)
[ex]System Description: JWICS is the IC global backbone network for the DoDIIS communications network. It provides DoD and IC users a mature, reliable, and flexible SCI communications architecture. The Marine Corps JWICS program provides a variety of IT HW/SW that supports network functionality, high-speed/cytological bandwidth for transmission of data, text, graphics, imagery and video, and VTC. The program also provides over a 1000 MOS 02XX and 26XX intelligence members with the computer HW/SW/peripherals required to perform intelligence activities at the SCI level, contractual support for accreditation of equipment installation levied by DIA. Additionally, the program funds for the continual refresh of technological advances to network, HW/SW and peripherals. The JWICS provides garrison and tactical intelligence capabilities and infrastructure SCI to Major Commands, MSCs, and permits point-to-point or multipoint intelligence exchange throughout the entire Marine Corps and the DoD IC.[/ex]
JWICS Portal (http://goo.gl/HDA71)I know where the new doorway is for JWICS but haven't found the DoD one yet :D
Quote from: zorgon on March 05, 2012, 09:28:11 AM
Are they really this stupid?
I Blame the the millennials. They aren't disciplined and have a very poor sense of operational security. They are the first generation to knowingly and willingly inform on themselves and expose the details of their private lives en masse, I believes that this bleeds into other areas of their lives, namely work.
Millennials will use mobile phones around secure lines without a second thought. They weren't raised in the paranoid atmosphere of the cold war and the last of the old breed is dying off and retiring. Not to mention it has become very unfashionable to be seen as 'paranoid', not having been raised and trained in atmosphere where paranoia was all the rage. This leads the millennials to be major security risks.
Also, older generations grew up in an era where technology was not so ubiquitous, and so was inherently seen as more valuable - something to be guarded. That might explain how nonchalant the younger generation is with technology, and such nonchalance leads to lax security practices.