2 min

The American space agency NASA is the victim of a well-disguised and long-lasting hack. A Raspberry Pi was abused as an access point.

NASA’s Jet Propulsion Laboratory (JPL) was hacked by unknown culprits in April of last year. They were given access to the JPL network via an unauthorised Raspberry Pi that was connected to the internal network. Through this device they hacked into a network gateway, after which they were given access to sensitive data. A total of 500 megabytes of data relating to Mars missions were stolen.

APT

NASA calls the hack an advanced persistent threat which indicates that the guilty parties are looking towards very professional hackers or even countries. NASA itself is also responsible for the burglary. A thorough investigation in response to the discovery of the hack showed that network segmentation had prevented access to sensitive data.

The Information Technology Security Database (ITSDB) was also not up-to-date. In principle, the ITSB keeps track of which devices are connected to the network. This allows unauthorized connections to be detected. In practice, the database was insufficiently maintained.

Deep Space Network

Not only did the hackers gain access to Mars data, they also broke into the Deep Space Network (DSN) through their back door. This is the global network of satellite dishes that NASA uses to communicate with devices throughout the solar system. When the hack came to light, other NASA agencies disconnected themselves from the JPL for fear of being affected themselves.

In December 2018, the US condemned two hackers of the Chinese APT10. They were found guilty, among other things, of hacking into the JPL. However, many details are not known, so it is not clear whether this case was the cause of the conviction.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.