The National Aeronautics and Space Administration revealed that an attacker stole 500 megabytes worth of data regarding the Mars Mission. According to ZDNet, the attack occurred in April 2018 using a Raspberry Pi as an entry point.
What is a raspberry pi?
Raspberry Pi is a build-it-yourself computer the size of a credit card designed to function just like a normal PC. According to the official manufacturer’s website, this machine “has the ability to interact with the outside world.”
The device can also perform regular tasks such as internet browsing, word-processing and playing games. The price of these devices ranges from $25 to $35.
The versatile nature of the device allowed users to access NASA’s IT networks without permission. The unauthorized access transpired in the Jet Propulsion Laboratory (JPL) of NASA. No security review took place when the attack happened.
The hacker transferred sensitive files regarding the Mars Mission through the external device. The data extracted from 23 files, including International Traffic in Arms Regulations. These details relate to the JPL program that handled Curiosity the Mars rover.
NASA’s Office of Inspector General (OIG) remarked that the device used was a “compromised external user system.”
Aside from the attack on JPL’s Mars Mission data, the hackers accessed the organization’s satellite network. Compromised networks include NASA’s Deep Space Network (DSN) which transferred data to and from NASA’s spacecraft.
Upon detection, investigations classified the breach as an “advanced persistent threat” (APT). Reports say that the assault persisted for almost one year before discovery.
When it comes to accountability, the NASA OIG attributed the liability to JPL. This is due to JPL’s failure to protect the Information technology Security Database (ITSDB). The ITSDB is a log of devices connected to the JPL network.
The OIG says that JPL personnel failed to update the ITSDB. Deemed “incomplete” and “inaccurate,” the laboratory’s staff did not take note of the Raspberry Pi upon connecting to the network.
A huge blunder seems to stem from the laboratory’s failure to address security issue tickets logged in the ITSDB. According to the OIG, reports went unaddressed for more than 180 days.
As of this writing, the hackers are still unidentified. However, some theorize that the April 2018 attack relates to the breach in December 2018. The latter focused on NASA and the US Navy and resulted in the indictment of two Chinese nationals.