A Hacker Used a Tiny Raspberry Pi Computer To Steal NASA

A hacker used a tiny Raspberry Pi pc to infiltrate NASA’s Jet Propulsion Laboratory community, stealing delicate data and forcing the temporary disconnection of house-flight techniques, the agency has revealed.

The April 2018 attack went undetected for almost a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit.

A Raspberry Pi is a credit-card sized device sold for about $35 that plugs into dwelling televisions and is used mainly to teach coding to children and promote computing in growing countries.

Before detection, the attacker was able to exfiltrate 23 files amounting to approximately 500 megabytes of data, the report from NASA’s Office of Inspector General stated.

These included two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover, and information relating to the International Traffic in Arms Rules which restrict the export of US defense and military technologies.

“More importantly, the attacker successfully accessed two of the three primary JPL networks,” the report stated.

“Officials had been concerned the cyberattackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious alerts to human space flight missions that use those systems.”

NASA came to question the integrity of its Deep Space Network data “and temporarily disconnected several space flight-related systems from the JPL network.”

The breach came about as a result of a system administrator failing to update the database that determines which devices have entry to the network. As a result, new tools could be added without proper vetting.

In response to the attack, the JPL “installed additional monitoring agents on its firewalls” and was reviewing network access agreements with its external partners, the report stated.