NASA's Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi

By Digit NewsDesk | Updated 24 Jun 2019
NASA's Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi
  • Hackers gained access to NASA's Jet Propulsion Laboratory network using an unauthorised Raspberry Pi.
  • The device was not properly vetted and compromised the network.
  • The intrusion is classified as an advanced persistent threat and the investigation into this incident is still going on.

A report by NASA Office of Inspector General (OIG) Office of Audits has found that the space agency’s Jet Propulsion Laboratory (JPL) network was compromised in April 2018. The hacker(s) gained unauthorised access to the agency's network through a compromised external user system. As noted by ZDNet, this happened because of an unvetted Raspberry Pi system that was connected to NASA’s JPL network. The Raspberry Pi was used as a point of entry by the attackers to explore the JPL network and steal about 500 MB of data related to the agency's Mars missions. 

advertisements

In addition to the Raspberry Pi device that was connected to NASA’s JPL network without authorisation, the OIG found that the agency’s network gateway had not been properly set-up. “We found that JPL’s network gateway that controls partner access to a shared IT environment for specific missions and data had not been properly segmented to limit users only to those systems and applications for which they had approved access. This shortcoming enabled an attacker to gain unauthorized access to JPL’s mission network through a compromised external user system,” the OIG report reads. 

The OIG also found that NASA's Deep Space Network (DSN) satellite dishes, which relay information from NASA spacecrafts in active missions, were also compromised in the April 2018 intrusion. Hackers moved laterally across the network for gaining access to NASA’s other systems and this incident was undetected for almost a year. The intrusion is classified as an advanced persistent threat and the investigation into this incident is still going on. The report states that JPL’s network gateway was not properly segmented to enable limited access to users and data. 

Additionally, the NASA OIG report says, “NASA failed to establish Interconnection Security Agreements (ISA) to document the requirements partners must meet to connect to NASA’s IT systems and describe the security controls that will be used to protect the systems and data.” There were multiple fallacies that led to the security compromise in the agency’s system and you can learn more about it in detail here.

advertisements
advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

Raspberry Pi
t ruth pushpalatha
Sept 12, 2014
Responses 1
Vivek Bhatt
Sept 16, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements