Hacker used $35 computer to steal restricted NASA data

accreditation
NASA Administrator Jim Bridenstine meets with the media at the US embassy in Moscow. (Yuri Kadobnov, AFP)
NASA Administrator Jim Bridenstine meets with the media at the US embassy in Moscow. (Yuri Kadobnov, AFP)

A hacker used a tiny Raspberry Pi computer to infiltrate NASA's Jet Propulsion Laboratory network, stealing sensitive data and forcing the temporary disconnection of space-flight systems, the agency has revealed.

The April 2018 attack went undetected for nearly a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit.

A Raspberry Pi is a credit-card sized device sold for about $35 that plugs into home televisions and is used mainly to teach coding to children and promote computing in developing countries.

Prior to detection, the attacker was able to exfiltrate 23 files amounting to approximately 500 megabytes of data, the report from NASA's Office of inspector General said.

These included two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover, and information relating to the International Traffic in Arms Regulations which restrict the export of US defense and military technologies.

"More importantly, the attacker successfully accessed two of the three primary JPL networks," the report said.

"Officials were concerned the cyberattackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."

NASA came to question the integrity of its Deep Space Network data "and temporarily disconnected several space flight-related systems from the JPL network".

The breach came about as a result of a system administrator failing to update the database that determines which devices have access to the network. As a result, new devices could be added without proper vetting.

In response to the attack, the JPL "installed additional monitoring agents on its firewalls" and was reviewing network access agreements with its external partners, the report said.

KEEP UPDATED on the latest news by subscribing to our FREE newsletter.

- FOLLOW News24 on Twitter

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
15.78
-0.3%
Rand - Pound
19.82
-0.1%
Rand - Euro
16.86
-0.3%
Rand - Aus dollar
11.15
-0.0%
Rand - Yen
0.12
-0.2%
Gold
1,845.52
-0.4%
Silver
21.78
-0.9%
Palladium
2,005.00
-0.3%
Platinum
942.50
-0.6%
Brent Crude
114.03
+0.4%
Top 40
61,176
0.0%
All Share
67,585
0.0%
Resource 10
74,448
0.0%
Industrial 25
72,681
0.0%
Financial 15
15,434
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE