NASA Hack Blamed On Rogue Raspberry Pi

Tom Jowitt,

Unauthorised Raspberry Pi device blamed for hack at NASA’s Jet Propulsion Laboratory (JPL)

A hack at NASA’s Jet Propulsion Laboratory (JPL) has been blamed on an unsecure and unauthorised Raspberry Pi device.

In a report, the NASA’s Office of Inspector General, noted a previous security breach in 2011 at JPL that resulted in the theft of 87GB of data.

But in April 2018 “JPL discovered an account belonging to an external user had been compromised and used to steal approximately 500 megabytes of data from one of its major mission systems.”

NASA

Rogue device

An investigation apparently revealed “multiple IT security control weaknesses” that reduced “JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals.”

Among a number of security flaws at JPL, including inadequate security controls, and a lack of admin visibility into network access, the investigators found that an unauthorised micro computer allowed hackers to gain access to steal the mission data.

“The April 2018 cyberattack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorised to be attached to the JPL network,” the report stated.

The highly detailed report did not reveal how the Raspberry Pi computer came to be attached to the JPL network, or indeed which staffer or contractor was responsible.

JPL was founded back in the 1930s and is owned by NASA and managed by the nearby California Institute of Technology (Caltech) for NASA.

Its goal is the construction and operation of spacecraft to explore other planets. It is also responsible for operating NASA’s Deep Space Network.

Micro computers

The first Raspberry Pi single-board computer was launched all way back in February 2012 for the price of just £22, and it triggered a revolution in how small and cheap computers could be.

Since that time various new models have arrived, and included additions such as Wi-Fi and Bluetooth in a bid to make the device a suitable “hub” for the Internet of Things (IoT).

Microsoft has released a brace of Raspberry Pi 3-powered IoT kits, and a partnership with Google has opened the doors to the introduction of artificial intelligence.

The company has also continued to strengthening its ties to the education sector with the launch of a magazine for teachers called ‘Hello World’.

Quiz: What do you know about the Raspberry Pi?