An attack in April 2018 that went almost unnoticed for over a year has shed some astonishing facts -- a tiny Raspberry Pi computer was used by a hacker to steal sensitive data from the Jet Propulsion Laboratory network of NASA that led to a temporary disruption of contact with its space-flight systems, said the agency.
The agency's audit report issued on Jun 18, 2019 said the investigation is still underway. The $35 Raspberry Pi is meant for schools in developing countries but the use by a hacker indicates its potential to even affect NASA's cybersecurity system.
The attack that took place in April last year showed that 23 files woth about 500 megabytes of data was stolen, said the report from NASA's Office of Inspector General. Among the sensitive projects affected include two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover. Also some data related to the International Traffic in Arms Regulations that was part of US defence was reportedly hacked into by the person.
"The cyberattackers could move laterally from the gateway into their (NASA's JLP Network) mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems," said the agency.
The breach took place due to the error of a system administrator to update the database to specify which devices have access to the network. Due to this flaw, the hacker was able to add a new device without permission, it revealed.
It has also recommended the NASA CIO to include requirements in the pending IT Transition Plan that provide the NASA SOC with sufficient control and visibility into JPL network security practices.
The JPL said it has installed additional monitoring agents on its firewalls and is currently reviewing network access agreements with external partners.