An audit report of NASA’s Jet Propulsion Laboratory (JPL) unveiled that around 500MB of data was stolen. The hacker who used a Raspberry Pi to perform the attack, was undiscovered for almost a year (about 10 months). The report said that two of the compromised files contained data involving the international transfer of restricted military and space tech.
The attacker gained access to JPL’s internal network by taking control of its user account. Though an employee connected the Raspberry Pi to the network, permissive controls over logging resulted in NASA’s admin being unaware of its presence. This inattention left the exposed mini computer unobserved on the network, giving the hacker the opportunity to gain control and retrieve data.
Exactly what data was taken remains unknown
After entry was achieved, the unidentified attacker proceeded to explore the internal network by exploiting fragile security controls that were meant to prevent access between various departmental systems. The report said that information was taken from 23 files, although not much is known about the type of data the was stolen.
The audit also shed light on a few other devices the network that system admin were unaware of, however, all of these devices were not considered to be malicious.
NASA needs to beef up their security
Once NASA became aware of the network violation, some sectors of the agency such as the Johnson Space Center were encouraged to cease the use of a central gateway that provides employees and contractors with admittance to other labs. This action was brought on by their fear that the hacker might utilize their extensive reach within the network to access the flight systems managing active spacecraft.
The audit report suggested that NASA should improve their awareness of their network as well as increase their security policies.