The U.S. National Aeronautics and Space Administration (NASA) published an audit document from the U.S. Office of the Inspector General confirming that its Jet Propulsion Laboratory (JPL) has been hacked this week. Based on the audit report, it was found out that the cybercriminals hacked multiple IT security control reducing JPL’s ability to prevent, detect, and mitigate attacks thereby exposing NASA’s network systems.
Hackers gain victim’s information through phishing, malware attacks, and other forms of social engineering because they know that these individuals do not have proper security knowledge to detect their attacks and don’t have enough budget to invest in anti-malware programs. But surprisingly, even NASA, which is the world’s most prominent space agency, has been hacked which revealsthat NASA has poor overall system security.
The hackers targeted the system using a Raspberry Pi device which was connected to the IT network of the JPL and then moved laterally further into the Deep Space Network (DSN), the world’s largest and most sensitive scientific telecommunications system, without authorization or going through the proper security review.Raspberry Pi is a credit-card sized computer that plugs into a computer monitor or TV and uses a standard keyboard and mouse. All over the world, people use Raspberry Pi to learn programming skills, build hardware projects, do home automation, and even use them in industrial applications.
It was the decision of NASA’s Johnson Space Center, a unique national research facility that carries out robotic space and Earth science missions, to disconnect from the gateway altogether allowing the hacker to gain access on NASA’s network.The administrator of NASA said in the audit report that Johnson officials were concerned the cyber attackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight mission. He also added that Johnson had not restored its use of all communications data because of continuing concerns about its reliability.
Fearing that other systems will also be hacked, several other NASA facilities disconnected from the JPL and DSN networks afterthey discovered the intrusion.It was estimated that the data stolen was approximately 500 MB that contains 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission. These 2 files include the Curiosity rover, which has been collecting soil and rock samples along with other valuable information from the Red Planet.
It was also revealed in the audit that one system administrator does not regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work, and he later forgets to enter the asset information. Given the fact that the network is not segmented rather that a shared one allowed hackers to move deliberately between the different systems.
The audit report concluded that JPL and its IT systems maintain a wide public internet presence while supporting missions and networks that control spacecraft, collect and process scientific data, and perform critical operational functions. Despiteof its efforts to protect these assets, critical vulnerabilities remain, placing JPL at risk of cyber intrusions resulting in theft of critical information.
Nevertheless, the shortcomings of NASA’s network security have been identified and appropriate cybercrime solutions have been taken to ensure its IT assets are protected from unauthorized or inappropriate access, including assets on the JPL network.