NASA's Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi

By Digit NewsDesk | Published on Jun 24 2019
NASA's Jet Propulsion Laboratory network was compromised using unauthorised Raspberry Pi
HIGHLIGHTS

Hackers gained access to NASA's Jet Propulsion Laboratory network using an unauthorised Raspberry Pi.

The device was not properly vetted and compromised the network.

The intrusion is classified as an advanced persistent threat and the investigation into this incident is still going on.

Apple iPhone XR 64GB at Lowest Price Ever

6.1" display | 50% Faster Graphics performance | TrueDepth camera

Click here to know more

A report by NASA Office of Inspector General (OIG) Office of Audits has found that the space agency’s Jet Propulsion Laboratory (JPL) network was compromised in April 2018. The hacker(s) gained unauthorised access to the agency's network through a compromised external user system. As noted by ZDNet, this happened because of an unvetted Raspberry Pi system that was connected to NASA’s JPL network. The Raspberry Pi was used as a point of entry by the attackers to explore the JPL network and steal about 500 MB of data related to the agency's Mars missions. 

In addition to the Raspberry Pi device that was connected to NASA’s JPL network without authorisation, the OIG found that the agency’s network gateway had not been properly set-up. “We found that JPL’s network gateway that controls partner access to a shared IT environment for specific missions and data had not been properly segmented to limit users only to those systems and applications for which they had approved access. This shortcoming enabled an attacker to gain unauthorized access to JPL’s mission network through a compromised external user system,” the OIG report reads. 

The OIG also found that NASA's Deep Space Network (DSN) satellite dishes, which relay information from NASA spacecrafts in active missions, were also compromised in the April 2018 intrusion. Hackers moved laterally across the network for gaining access to NASA’s other systems and this incident was undetected for almost a year. The intrusion is classified as an advanced persistent threat and the investigation into this incident is still going on. The report states that JPL’s network gateway was not properly segmented to enable limited access to users and data. 

Additionally, the NASA OIG report says, “NASA failed to establish Interconnection Security Agreements (ISA) to document the requirements partners must meet to connect to NASA’s IT systems and describe the security controls that will be used to protect the systems and data.” There were multiple fallacies that led to the security compromise in the agency’s system and you can learn more about it in detail here.

Videos

Gaming on the Vivo Z1 Pro : PUBG Mobile Club Open's Official Phone
logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.