NASA suffered a huge data breach, with approximately 500 MB of data related to Mars missions stolen. The malicious hackers used a Raspberry Pi divide as an entry point
NASA suffered a data breach, thanks to a cyber attack that exploited a Raspberry Pi device. It has been revealed by the Office of Inspector General (OIG) in a report.The cyber attack happened in April 2018, but it was unveiled just in the las days. The malicious hackers stole approximately 500 MB of data related to Mars missions and the device was used as an entry point. It was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL), without authorization or going through the proper security review. According to the cyber security experts, the threat actor (considered an APT) used it to move deeper inside the JPL network by hacking a shared network gateway. They gained access to the network that was storing information about NASA JPL-managed Mars missions, from where they exfiltrated information.
The Agency cyber security experts: The attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission. Also the satellite dish network was breached
The NASA OIG stated in a report that the hackers used “a compromised external user system” to access the JPL missions network. “The attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission.” According to the cyber security experts, the APT also breached NASA’s satellite dish network. As ZDnet reported, JPL also manages NASA’s Deep Space Network (DSN), a worldwide network of satellite dishes that are used to send and receive information from NASA spacecrafts in active missions. Investigators said that besides accessing the JPL’s mission network, the April 2018 intruder also accessed the JPL’s DSN IT network. Upon the dicovery of the intrusion, several other NASA facilities disconnected from the JPL and DSN networks, fearing the attacker might pivot to their systems as well.
The Office of Inspector General (OIG): It’s the work of an APT, the attack went undetected for nearly a year
The NASA OIG explained that the threat actor is “classified as an advanced persistent threat, the attack went undetected for nearly a year. The investigation into this incident is ongoing.” On the Raspberry Pi device, the report blamed the JPL’s failure to segment its internal network into smaller segments, a basic security practice that makes it harder for hackers to move inside compromised networks with relative ease. Furthermore, blamed the JPL for failing to keep the Information Technology Security Database (ITSDB) up to date. The ITSDB is a database for the JPL IT staff, where system administrators are supposed to log every device connected to the JPL network. In addition, investigators also found that the JPL IT staff was lagging behind when it came to fixing any security-related issues.
Photo Credits: NASA