Just to have an overview of what exactly a cheap PC might be like – Raspberry Pi is a teeny-tiny device that can be tinkered with to gain deceptively high capabilities. This was demonstrated by a most recent report which confirmed that a NASA lab was hacked using a Raspberry Pi.
The alleged data infiltration took place last April 2018 where NASA’s Jet Propulsion Laboratory (JPL) was hacked and 500MB of data from major mission systems was taken.
A US federal intelligence report of the incident officially established that a Raspberry Pi was indeed used to gain access to the system. It also underlined the major security lapses that were present in the network for almost a decade and made the data intrusion feasible.
The US Office of the Inspector General (OIG) assessment states that a Raspberry Pi was connected to the NASA Jet Propulsion Laboratory network system without authorization. This beats the usual everyday unprotected databases that leak information on their companies.
After uncovering the vulnerability, the hackers exploited the Pi to gain access to the network and compromised JPL systems as well as the Deep Space Network (DSN) — the world’s largest and most sensitive scientific telecommunications system. Whew! Talk about going after the big fish.
The federal report also managed to expose the very poor system security at the world’s most prominent space agency. It seems that the agency’s system administrators did not consistently update the inventory system while adding new devices to their overall network
As a response to the attack, the Johnson Space Center in Houston segregated their network from JPL’s, meaning that NASA’s various departments did not have segmented networks. This lack of segmentation allowed the attackers to bounce from network to network, accessing multiple classified and highly sensitive databases and systems.
The incident has resulted in a major embarrassment for NASA’s JPL system administrators, who don’t seem to seriously understand their roles in securing sensitive systems and data. Ultimately, the attackers stole large amounts of data.
That may seem inconsequential, but keep in mind that any classified data should have been properly secured. Additionally, the hackers’ access to deep space systems is particularly concerning, especially since some of these missions involve human astronauts that could have been placed in extreme danger.