NASA Has Been Hacked Because of Raspberry Pi Connected to its Network

NASA Has Been Hacked Because of Raspberry Pi Connected to its Network

The point of access was a Raspberry Pi device that was connected to the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.

NASA Office of Inspector General informed that hackers broke the agency’s network and stole approximately 500 MB of data related to Mars missions.

Raspberry Pi is a small computer about the same size and shape as a credit card. Since it costs about $35, it’s a popular tool for learning the basics of computer programming, robotics, and creating DIY projects.

According to a 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.

As a result of the hack, NASA stopped some of its agencies from using a core gateway due to fear that the hacker could harm currently active spacecraft.

As mentioned www.cnet.com “This isn’t the first time hackers have taken advantage of the space station’s security flaws. As sister site ZDNet reports, last year the Department of Justice charged a pair of Chinese nationals for hacking NASA and the US Navy’s cloud services. These hackers worked for Huaying Haitai Science and Technology Company located in Tianjin, China. Their goal included stealing intellectual property from top commercial and defense technology companies”.

“The attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission,” the NASA OIG said.

“Classified as an advanced persistent threat, the attack went undetected for nearly a year,” the NASA OIG said. “The investigation into this incident is ongoing.”

“We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time-sometimes longer than 180 days,” the report said.

Source: Text; www.zdnet.com, www.cnet.com

Image credit; gizmodo.com