A report published by NASA’s Office of the Inspector General states that rogues continuously hacked and nicked a total of 500 megabytes of data from NASA’s Jet Propulsion Laboratory in Pasadena without being detected for nearly a year. The breach was discovered in April 2018, the 49-page report said adding the hack included (among other documents) two files containing classified information on the Curiosity rover Mars mission.
The hackers were discovered to have used a credit card-sized computer - a Raspberry Pi device – as a point of entry, along with a compromised external user account to break into the JPL, with the hack largely repeating similar ones back in 2009, 2011, 2014, and 2016.
NASA’s OIG said the attack was classified as “an advanced persistent threat” stressing that the investigation into this incident is still underway.
The report blamed the JPL for failing to keep the Information Technology Security Database (ITSDB) complete, where JPL IT staff is expected to log every single device into the system on an individual basis. Incidentally, during the attack, the Raspberry I device was spotted as not having been entered into the ITSDB inventory.
Separately, the report pointed to security issues remaining unresolved over lengthy periods of time, despite making themselves obvious:
"We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time-sometimes longer than 180 days”, the report said.
The issue has immediately been picked up on Twitter, with netizens eagerly sharing the link to the report:
“Great case study to push for Network Access Control (NAC). An unknown device should not be able to route to anywhere else on the network”, one noted, while another expressed pity over not being a security expert:
“If I was younger and choosing a career, Cyber Security would be it. I'd love it!” he said.
Many more were genuinely baffled by the news, apparently not expecting the breach to have happened in the landmark NASA laboratory:
It's not what you have, it's what you do with it 😉https://t.co/vFZmpP1nnm— Dev Cluster (@devclustergoa) 22 июня 2019 г.
Someone connected an unauthorized #RaspberryPi, to the #NASA network & a #cyber snooper was then able to use the device to springboard into two of the Jet Propulsion Laboratory’s main networks & steal as much as 500 megabytes of #data from 23 files. https://t.co/LQOApXU9Yj— Colette Weston (@ColetteWeston) 22 июня 2019 г.
Hackers stole data From @NASA Jet Propulsion Laboratory using cheap Raspberry Pi compute. One reason was NASA JPL was not able to keep tabs on devices connected to its network. #cybersecurity #IoT https://t.co/cQi3vbdFlk pic.twitter.com/B0VWyp2T1D— Ronnie Ervin (@ErvinRo) 21 июня 2019 г.
Similar news was reported in December 2018, when the US Department of Justice charged two Chinese nationals with hacking cloud providers, NASA (NASA Goddard Space Centre and the Jet Propulsion Laboratory), and the US Navy.
The DoJ claimed then the pair were part of one of the Chinese government’s elite hacking groups known as APT10. Around the same time, NASA announced another breach: in a separate incident in October 2018, some digital intruder(s) got their hands on NASA employee-related data.