Hacking

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions.

According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report says that hackers stole roughly 500 MB of data related to Mars missions from NASA’s Jet Propulsion Laboratory in Southern California.

The attackers exploited a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or implementing proper security measures.

“The April 2018 cyberattack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorized to be attached to the JPL network.” reads the report. “The device should not have been permitted on the JPL network without the JPL OCIO’s review and approval.”

The report states that IT staff failed to implement segmentation of Network Environment Shared with External Partners through a JPL network gateway. The gateway was used to allow external users and its partners, including foreign space agencies, contractors, and educational institutions, to remotely access to a shared environment for specific missions and data.

“In this case the attacker, using an external user account, exploited weaknesses in JPL’s system of security controls to move undetected within the JPL network for approximately 10 months.” the NASA OIG said.

“Prior to detection and containment of the incident, the attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission.”

The NASA’s JPL division operates planetary robotic spacecraft, including the popular the Curiosity rover, it also manages various satellites that orbit planets in the solar system.

The hack has also affected the NASA’s Deep Space Network (DSN) managed by the JPL, it is a worldwide network of satellite dishes that allows to send and receive information from NASA spacecrafts in active missions.

After the discovery of the intrusion, other NASA divisions disconnected from the JPL and DSN networks to avoid further lateral movements of the attackers.

According to the investigators, the attack was carried out by an APT group. While an investigation is still ongoing, the Agency announced to have installed additional monitoring agents on its firewalls.

“Classified as an advanced persistent threat, the attack went undetected for nearly a year. The investigation into this incident is ongoing. In response to the attack, JPL” continues the report. “The investigation into this incident is ongoing.”

As reported in the document, the entry point was an unmanaged Raspberry device, for this reason, the NASA OIG also blamed the JPL for failing to maintain up to date the Information Technology Security Database (ITSDB).

The Technology Security Database (ITSDB) is a web-based application used to track and manage physical assets and applications on its network.

The archive was incomplete and inaccurate, the Raspberry Pi used to penetrate the NASA network had not been listed in the ITSDB.

Investigators also found problems in patch management procedures.

“We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time-sometimes longer than 180 days,” the report added.

Unfortunately, this was not the first time hackers broke into JPL, it has already happened back in 2009, 2011, 2014, 2016 and 2017.

In December the U.S. National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information.

According to the data breach notification, hackers have breached at least one of the agency’s servers, the security breach impacted both past and present employees. 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – NASA, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

10 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

17 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.