Home » News » General » NASA’s Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi

NASA’s Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi

By Digit NewsDesk | Updated on 02-Jun-2020
NASA’s Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi
Digit NewsDesk Digit NewsDesk
24 Jun 2019 13:58
HIGHLIGHTS

Hackers gained access to NASA's Jet Propulsion Laboratory network using an unauthorised Raspberry Pi.

The device was not properly vetted and compromised the network.

The intrusion is classified as an advanced persistent threat and the investigation into this incident is still going on.

A report by NASA Office of Inspector General (OIG) Office of Audits has found that the space agency’s Jet Propulsion Laboratory (JPL) network was compromised in April 2018. The hacker(s) gained unauthorised access to the agency's network through a compromised external user system. As noted by ZDNet, this happened because of an unvetted Raspberry Pi system that was connected to NASA’s JPL network. The Raspberry Pi was used as a point of entry by the attackers to explore the JPL network and steal about 500 MB of data related to the agency's Mars missions. 

In addition to the Raspberry Pi device that was connected to NASA’s JPL network without authorisation, the OIG found that the agency’s network gateway had not been properly set-up. “We found that JPL’s network gateway that controls partner access to a shared IT environment for specific missions and data had not been properly segmented to limit users only to those systems and applications for which they had approved access. This shortcoming enabled an attacker to gain unauthorized access to JPL’s mission network through a compromised external user system,” the OIG report reads. 

The OIG also found that NASA's Deep Space Network (DSN) satellite dishes, which relay information from NASA spacecrafts in active missions, were also compromised in the April 2018 intrusion. Hackers moved laterally across the network for gaining access to NASA’s other systems and this incident was undetected for almost a year. The intrusion is classified as an advanced persistent threat and the investigation into this incident is still going on. The report states that JPL’s network gateway was not properly segmented to enable limited access to users and data. 

Additionally, the NASA OIG report says, “NASA failed to establish Interconnection Security Agreements (ISA) to document the requirements partners must meet to connect to NASA’s IT systems and describe the security controls that will be used to protect the systems and data.” There were multiple fallacies that led to the security compromise in the agency’s system and you can learn more about it in detail here.

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo