Notebookcheck

Hackers attacked NASA's Jet Propulsion Lab via a Raspberry Pi, stole 500 MB of mission data

According to a U.S. Office of Inspector General report published Tuesday, a cyberattack on NASA's Jet Propulsion Laboratory in April 2018 was due to a severe lack of security oversight. The attack was made possible via an unauthorized Raspberry Pi that was connected to JPL's network without any knowledge of the security team. Additionally, a lack of proper network segmentation allowed the hackers to access NASA's Deep Space Network, which is responsible for managing interplanetary missions.

The Jet Propulsion Laboratory (JPL) at NASA is consistently on the cutting edge of technology, so it’s surprising that an April 2018 hack into the department’s systems was made possible by accessing a simple single board computer.

In a review published earlier this week, the U.S. Office of the Inspector General (OIG) stated that lax cybersecurity practices and policies “[reduced] JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks.” The report determined that in April 2018, hackers were able to access JPL’s system by targeting an unauthorized Raspberry Pi that had been connected to the lab’s network. After accessing JPL’s network via the Pi, the attackers were able to navigate to other NASA computer systems, including NASA’s Deep Space Network (DSN), which is responsible for managing the infrastructure used for interplanetary missions.

In response to the attack, the Johnson Space Center in Houston segregated their network from JPL’s, meaning that NASA’s various departments did not have segmented networks. This lack of segmentation allowed the attackers to bounce from network to network, accessing multiple classified and highly sensitive databases and systems.

Another factor exploited in the attack was poor regulation of physical hardware. The Raspberry Pi used to access the network was not approved and had not been documented in JPL’s security database. In other words, someone simply hooked the Pi into a network terminal and left it running.

The report has resulted in a major embarrassment for JPL system administrators, who (according to the OIG’s report) “misunderstood” their roles in securing sensitive systems and data. Ultimately, the attackers stole 500 MB of data. That may seem inconsequential, but keep in mind that any amount of classified data should have been properly secured. Additionally, the hackers’ access to deep space systems is particularly concerning, especially since some of these missions involve human astronauts that could have been placed in extreme danger.

This isn’t the only time NASA’s IT security team has dropped the ball. Last December, the agency admitted that their HR systems had been hacked in October, resulting in the theft of thousands of employees’ personal data, including Social Security numbers.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 06 > Hackers attacked NASA's Jet Propulsion Lab via a Raspberry Pi, stole 500 MB of mission data
Sam Medley, 2019-06-23 (Update: 2019-06-23)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.