NASA hacked because of unauthorized Raspberry Pi connected to its network

mars-curiosity-rover-msl-horizon-sky-self-portrait-pia19808-br2.jpg

This low-angle self-portrait of NASA’s Curiosity Mars rover shows the vehicle at the site from which it reached down to drill into a rock target called “Buckskin.” The MAHLI camera on Curiosity’s robotic arm took multiple images on Aug. 5, 2015, that were stitched together into this selfie.

NASA/JPL-Caltech/MSSS

A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of data related to Mars missions.

The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.

Hackers stole Mars missions data

According to a 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.

The hackers used this network gateway to pivot inside JPL’s infrastructure, and gained access to the network that was storing information about NASA JPL-managed Mars missions, from where he exfiltrated information.

The OIG report said the hackers used “a compromised external user system” to access the JPL missions network.

“The attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission,” the NASA OIG said.

The Mars Science Laboratory is the JPL program that manages the…

Access the full article

Subscribe
Don't miss the best news ! Subscribe to our free newsletter :