It turns out that a small Raspberry Pi was the source of a severe headache for NASA. A revision released by the NASA General Inspector on June 18 reveals that a 2018 cyber attack using one of these mini-computers meant that a hacker ended up with confidential documents.
If you are not familiar with Raspberry Pi, it is a small computer of the same size and shape as a credit card. Since it costs around $ 35, it is a popular tool for learning the basics of computer programming, robotics and creating do-it-yourself projects. (You may have seen one in an episode of Mr. Robot.) As you can guess, its small size and flexible use mean that people don't always use it forever.
12 useful and fantastic gadgets you can do
The gadgets ready for use are all good and easy to install, reliable, powerful and …
Read more To read
Which brings us to NASA: the "unauthorized" Raspberry Pi created a portal through which the attacker stole the files from Jet Propulsion Laboratory (JPL), which manages the robotic space and Earth science missions, including the Mars Curiosity rover, according to the OIG of the agency. This particular violation was discovered in April 2018, when JPL found that an external user account had been compromised. The hacker, using an unauthorized Raspberry Pi connected to the system, was able to expand his access once he had accessed the network.
Two of the 23 stolen files – about 500 MB in total – concerned confidential information relating to the international arms traffic regulation and the Mars Science Laboratory mission. In addition, the hacker has accessed two of the three primary JPL networks, leading NASA to temporarily disconnect different space flight systems from the JPL network. Perhaps the most terrifying thing is that the hacker went unnoticed for 10 months.
Also disturbing: JPL did not have a complete or accurate inventory of system components on its network, according to the OIG report. Furthermore, it did not have security controls to monitor and consistently detect cyber attacks on its network, so administrators had no idea that the Raspberry Pi was present because it was not properly registered. As a result, it has not been properly monitored and taking control of a Raspberry Pi that is practically non-existent, practically non-existent is apparently a fairly easy task for a hacker. According to BBC, the audit found several other "unknown" devices on the JPL network, although none of them were considered harmful.
So far no culprit has been discovered or identified, although NASA's Oig report states that the investigation is ongoing. Meanwhile, JPL has installed multiple monitoring agents on its firewalls and claims to review network access agreements for external partners. Gizmodo contacted NASA for comment and how the agency intends to improve its poor security by going forward, but did not immediately receive a response.
. (tagToTranslate) nasa (t) raspberry pi (t) security (t) Hacking (t) Cybersecurity (t) Gizmodo