To breach the system at NASA’s Jet Propulsion Laboratory last year, a hacker merely had to tap into a low-cost Raspberry Pi computer on the network
The U.S. Office of the Inspector General said in a report this week that someone connected an unauthorized Raspberry Pi, a basic, build-it-yourself computer that costs $25 to $35, to the network. A cyber snooper was then able to use the credit-card sized computer to springboard into two of the Jet Propulsion Laboratory’s main networks and steal as much as 500 megabytes of data from 23 files.
Two of those files included International Traffic in Arms Regulations information related to the Mars Science Laboratory mission, which includes the Curiosity rover. The rover has been collecting soil and rock samples, along with other valuable information, from the Red Planet.
JPL, located just outside of Pasadena, Calif., declined to comment. It’s unclear who connected the Raspberry Pi computer inside JPL or who was behind the cyber attack.
After getting word of the hacking, the Johnson Space Center in Houston disconnected its system from JPL’s exploited gateway because of fears that the hacker could move into its mission systems, and send “malicious signals to human space flight missions that use those systems,” the report says.
NASA also said the hacking opened the door to possible manipulation from the Deep Space Network, an international system of radio antennas that collects data from and commands interplanetary space missions, as well as a few that orbit Earth. The Johnson Space Center stopped using the networks as a precaution, the report says.
Johnson resumed using limited spacecraft data in March, nearly a year after the hack was discovered. However, it still does not use all of the communications due to ongoing concerns about its reliability.
“Improvements to JPL’s security controls and increased oversight by NASA is crucial to ensuring the confidentiality, integrity, and availability of Agency data,” the report concluded.
NASA has agreed to a plan to correct its cybersecurity deficiencies, according to the report. Those include increased training and reviews.
The episode goes to show how one very inexpensive computer was all it took for Houston to have one very big cybersecurity problem.