Hackers steal video games, computer programs, movie trailers, and just about anything that can exist on a computer or in cyberspace (please don’t be that person), but someone actually had the nerve to mess with NASA.
It’s quite a thing to swipe files with data from a major Mars mission, and while no details of that mission or any of the other restricted documents that were swiped have surfaced, an audit recently released by the NASA Office of Inspector General has revealed the crime — which went undetected for 10 months.
“We found that JPL’s network gateway that controls partner access to a shared IT environment for specific missions and data had not been properly segmented to limit users only to those systems and applications for which they had approved access," the audit says. "This shortcoming enabled an attacker to gain unauthorized access to JPL’s mission network through a compromised external user system.”
Whoever this hacker is, they somehow used a $35 computer no bigger than a credit card to wreak havoc on the NASA JPL (Jet Propulsion Lab) database. Raspberry Pi is supposed to be a portable intro to computer programming, but went way beyond that when it was used to open a portal to JPL files.
The hacker broke in using an unauthorized Raspberry Pi to connect to the system and then expand access to just about anything after logging in to the network. This already seems kind of mind-boggling for those of us who forget our own passwords on the regular.
After breaking into two out of JPL's three primary networks, the hacker stole an unnerving 23 files that totaled about 500 MB. Try to really wrap your brain around that for a second before you find out that the perpetrator stole files as sensitive as top-secret info about the International Traffic in Arms Regulation and Mars Science Laboratory mission (which landed Curiosity on the Red Planet). NASA ended up having to temporarily disconnect the affected systems from the JPL network before anything else got hacked.
“Multiple IT security control weaknesses reduce JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals,” says the audit.
JPL apparently needs an upgrade to its network security. Network assets and applications are tracked by its Information Technology Security Database (ITSDB), but it was found that inventory was not even complete or accurate. Not only that, but JPL couldn’t even secure those networks properly because of reduced visibility into the devices connecting them, and the network gateway wasn’t restricting users from files they didn’t have access to. Officials say these combined weaknesses left JPL vulnerable to a cyberattack, though after this, it stands to reason they'll be fixing those issues soon. Or at least before we actually go to Mars, right?