Hacker used $35 computer to steal restricted NASA data

2019-06-25 14:04
NASA Administrator Jim Bridenstine meets with the media at the US embassy in Moscow. (Yuri Kadobnov, AFP)

NASA Administrator Jim Bridenstine meets with the media at the US embassy in Moscow. (Yuri Kadobnov, AFP)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

A hacker used a tiny Raspberry Pi computer to infiltrate NASA's Jet Propulsion Laboratory network, stealing sensitive data and forcing the temporary disconnection of space-flight systems, the agency has revealed.

The April 2018 attack went undetected for nearly a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit.

A Raspberry Pi is a credit-card sized device sold for about $35 that plugs into home televisions and is used mainly to teach coding to children and promote computing in developing countries.

Prior to detection, the attacker was able to exfiltrate 23 files amounting to approximately 500 megabytes of data, the report from NASA's Office of inspector General said.

These included two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover, and information relating to the International Traffic in Arms Regulations which restrict the export of US defense and military technologies.

"More importantly, the attacker successfully accessed two of the three primary JPL networks," the report said.

"Officials were concerned the cyberattackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."

NASA came to question the integrity of its Deep Space Network data "and temporarily disconnected several space flight-related systems from the JPL network".

The breach came about as a result of a system administrator failing to update the database that determines which devices have access to the network. As a result, new devices could be added without proper vetting.

In response to the attack, the JPL "installed additional monitoring agents on its firewalls" and was reviewing network access agreements with its external partners, the report said.

KEEP UPDATED on the latest news by subscribing to our FREE newsletter.

- FOLLOW News24 on Twitter

Read more on:    nasa  |  us
NEXT ON NEWS24X

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

Inside News24

 
Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.