The problem is they couldn't actually do either action. This is a bunch of hype trying to claim greater "hacking" capability than they actually have. Hell, even the article says they gained access by purchasing it from someone else.
Having worked on those aircraft for the better part of 10 years, these guys didn't do a damn thing. The mission plans would have been noticed immediately as using the wrong waypoints and been corrected, manually or from known-good files. These guys didn't have a chance of actually crashing anything except maybe a couple of servers at NASA, which would have done nothing.
NASA clearly needs to update some of their Network security protocols and probably fire a couple of people, but this is a non-story with respect to the drones. It's FUD trying to drive site clicks.