The U.S. National Aeronautics and Space Administration (NASA) this week confirmed that its Jet Propulsion Laboratory (JPL) has been hacked.
NASA hacked because of unauthorized Raspberry Pi connected to its network.
NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups.
Space Cyber Crime – “CYBERSECURITY MANAGEMENT AND OVERSIGHT AT THE JET PROPULSION LABORATORY Report: Hackers stole Mars missions 500Mb of data and breached NASA’s satellite dish network.
A report published this week by the NASA Office of Inspector General – Office of Audits reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of data related to Mars missions.
The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
According to a 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.
Office of Inspector General, Office of Audits Repor’st Conclusion:
“As the center of NASA’s interplanetary robotic research efforts, JPL and its IT systems maintain a wide public internet presence while supporting missions and networks that control spacecraft, collect and process scientific data, and perform critical operational functions. In spite of its efforts to protect these assets, critical vulnerabilities remain that place JPL at risk of cyber intrusions resulting in the theft of critical information.
We identified a series of weaknesses in JPL’s system of security controls that collectively diminish its ability to effectively prevent, detect, and mitigate cyberattacks targeting its IT systems and networks. Several of these weaknesses were exploited during an April 2018 security breach that resulted in the loss of approximately 500 megabytes of data.
The inability to protect against cyberattacks in general and advanced persistent threats in particular places the Agency’s status as a global leader in space exploration and aeronautics research at risk. Accordingly, effective network security requires a system of sound IT security controls. In addition, NASA does not have sufficient oversight into JPL’s system of security controls to effectively monitor and protect the Agency’s assets.
NASA is responsible for ensuring its IT assets are protected from unauthorized or inappropriate access, including assets on the JPL network managed by Caltech pursuant to NASA’s contract with the university. Improvements to JPL’s security controls and increased oversight by NASA is crucial to ensuring the confidentiality, integrity, and availability of Agency data.”
Hackers described as an APT “Classified as an advanced persistent threat, the attack went undetected for nearly a year,” the NASA OIG said. “The investigation into this incident is ongoing.”
The report blamed the JPL’s failure to segment its internal network into smaller segments, a basic security practice that makes it harder for hackers to move inside compromised networks with relative ease.
NASA Office of Inspector General IG-19-02229 RECOMMENDATIONS,MANAGEMENT’S RESPONSE,AND OUR EVALUATION:
“To improve JPL network security controls and provide NASA greater oversight, we recommended the Director of the NASA Management Office instruct the JPL Chief Information Officer to:
1. Require all system administrators to review and update the ITSDB to ensure all system components are properly registered in the database, and require the JPL CITO to periodically review the ITSDB for compliance with this requirement.
2. Segregate shared environments connected to the network gateway for all partners accessing the JPL network and monitor partner activity when accessing the network.
3. Review and update ISAs for all partners connected to the network gateway to ensure they are up-to-date and made available to the NASA OCIO.
4. Require the JPL CITO to identify and remediate weaknesses in the SPL ticket process and provide periodic aging reports to the JPL CIO detailing the status of open SPL tickets, pending patches, and outdated security waivers.
5. Require the JPL CITO to complete its validation and updates of open waivers, perform annual reviews to ensure system representatives are validating the need for the waiver, and provide NASA documentation of these waivers.
6. Clarify the division of responsibility between the JPL OCIO and system administrators for conducting routine log reviews and monitor their compliance with this requirement on a more frequent basis.
7. Implement the planned role-based training program by July 2019.
8. Establish a formal, documented threat-hunting process that includes roles and responsibilities, standard processes for conducting a hunt, and metrics to track success.
9. Develop and implement a comprehensive strategy for institutional IT knowledge and incident management that includes the dissemination of lessons learned to system administrators and other appropriate personnel.
We also recommended the NASA Chief Information Officer:
10. Include requirements in the pending IT Transition Plan for implementation of continuous monitoring tools that provide the NASA SOC with oversight of JPL network security practices to ensure they adequately protect NASA data, systems, and applications.”
Read full report here: https://oig.nasa.gov/docs/IG-19-022.pdf
Ironically Udemy offer Video Tutorial: “Learn Hacking using Raspberry Pi From Scratch”.
For only $11.99 course promise to: “Improve your Ethical Hacking Skills by using your portable Raspberry Pi device for Penetration Testing/Security Auditing”
In this course, you’ll learn how the Black Hat Hackers use the Raspberry Pi to implement remotely advanced hacking techniques to Crack WEP/WPA2 Wi-Fi encryption key and to Compromise Windows, Linux and Mac OSX operating systems by setting up the Raspberry Pi 3 as a server and Raspberry Pi zero as the hacking hardware.
The Office of Inspector General released its annual report identifying what it sees as the top management and performance challenges facing NASA.
Remember! The Most Effective Cyber Defense is Proactive Cybersecurity
What to Do When You’ve Been Hacked?
Contact LIFARS.com Cyber Incident Response Team immediately