NASA JPL Data Stolen By Hacker Using Rasberry Pi Computer
When you want to know everything related to space and science, NASA is the one-stop platform for all of us. They always bring new discoveries and amazing theories. However, it seems even the largest aeronautical research agency in the world is not safe from cyber criminals.
The latest report issued by the Office of the Inspector General of the United States (OIG) revealed that NASA JPL was hacked on April 2018, with Raspberry Pi, a cheap computer that was used to teach computing to people.
The Jet Propulsion Laboratory (JPL) of NASA, a government-funded R & D center, recently suffered a cybersecurity breach in which, an external user account was hacked, stealing about 500 MB of data from its system. However, this is not the first time that NASA’s labs have been attacked by hackers. In 2011, hackers managed to steal 87 GB of data by accessing approximately 18 servers that support JPL’s core mission.
The OIG report highlights the major weaknesses in JPL’s security, which reduce its ability to track or reduce cyber-attacks. Most of the security issues presented in the report highlight the lack of JPL’s efforts in network security. As part of its security solution, JPL uses the Information Technology Security Database (ITSDB) to analyze applications on its network. However, the report describes the ITSDB as “inaccurate” and “incomplete” and states that JPL is more vulnerable to IT security.
JPL cannot control the devices connected to its network, further complicating its security capabilities. JPL also does not have basic security measures that provide correct access to the right users.
OIG reports “We found that JPL’s network gateway that controls partner access to a shared IT environment for specific missions and data had not been properly segmented to limit users only to those systems and applications for which they had approved access. This shortcoming enabled an attacker to gain unauthorized access to JPL’s mission network through a compromised external user system.”
There are increasing security differences in the JPL network, including the lack of security guidance for partners, the lack of security training for system administrators, and threat-tracking programs recommended by security experts. The OIG has now recommended several security measures to NASA’s JPL that they must implement to make their networks safer. NASA has received 9 out of 10 recommendations from the OIG and plans to implement corrective measures.
In general, the fact that small computers such as Raspberry Pi have successfully attacked NASA’s JPL has raised concerns because it is not as advanced as other computers. We cannot imagine what hackers can access if they had used an advanced computer. Given all the highly classified information held by NASA’s JPL network, including information on manned space flight missions.