Network invaded NASA lab thanks to poorly secured Raspberry Pi

Criminals have stolen data from NASA Mars missions. The US space agency reports that unknown persons entered the network via a Raspberry Pi and stole data from missions.

The break-in was discovered in April 2018, NASA’s inspector general said in a report. That didn’t happen at NASA itself, but at the Jet Propulsion Laboratory, the developer center of the California Institute of Technology that is funded by NASA. JPL is the division that designs and develops NASA’s Mars rovers. It’s not clear who the attackers were, but NASA calls it an “advanced persistent threat,” a designation normally used only for state hackers.

Criminals managed to break into JPL’s network through a poorly secured Raspberry Pi that was attached to the network, but was not notified to the system administrators through the official channels. From there they managed to penetrate further into the network. In total, they had access for about ten months without anyone noticing them. According to the Inspector General’s report, the criminal hackers gained access to it by taking over a user account. In total they managed to steal 23 files with a total of 500MB. It is not known what kind of files those were.

The report also states that JPL had its ICT security in order. For example, there was no permanent crew in the Security Operations Center, and the institution had not properly segmented its networks, making it easy for unauthorized persons to access the entire network. In addition, many system administrator tickets would often be open for a long time, in some cases even more than 180 days. It is not the first time that JPL has been hit by a hack. In 2011, more than 87 gigabytes of data were stolen in a digital break-in.