A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency's network and stole approximately 500 MB of data related to Mars missions.
The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
Hackers trust Mars mission data
According to 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.
The hackers used this network gateway to pivot inside JPL's infrastructure, and access to the network that was failure information about NASA JPL-managed Mars missions, from where he exfiltrated information
The OIG report said the hackers used "to compromise external user system" to access the JPL mission network.
"The attacker exfiltrated approximately. 500 megabytes of data from 23 files, 2 or which contained International Traffic in Arms Regulations related to the Mars Science Laboratory mission, "the NASA OIG said.
The Mars Science Laboratory is the JPL program that manages the Curiosity rover on Mars , among other projects.
Hackers also breached NASA's satellite dish network
NASA's JPL primary role is to build and operate planetary robotic space as the Curiosity rover, or the various satellites that orbit planets in the solar system. 19659005] In addition, the JPL also manages NASA's Deep Space Network (DSN), a worldwide network of satellite dishes that are used to send and receive information from NASA spacecrafts in active missions.
Investigators said that owned accessing the JPL's mission network , April 2018, also accessed the JPL's DSN IT network. At the inception of the intrusion, several other NASA facilities disconnected from the JPL and DSN networks, fearing the attacks might pose to their systems as well.
Hackers described as an APT
"Classified as an advanced persistent threat, the attack went undetected for nearly a year, "the NASA OIG said. "The investigation into this incident is ongoing."
The report blamed the JPL's failure to segment its internal network into smaller segments, a basic security practice that makes it harder for hackers to move inside compromised networks with relative ease.
The NASA OIG also blamed the JPL to keep the Information Technology Security Database (ITSDB) up to date. The ITSDB is a database for the JPL IT staff, where system administrators are supposed to log every device connected to the JPL network.
The OIG found that the database inventory was incomplete and inaccurate. For example, the compromised Raspberry Pi board served as a point of entry had not been entered in the ITSDB inventory.
In addition, investigators also found that the JPL IT staff was lagging behind when it came to fixing any security-related issues.
"We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time-sometimes longer than 180 days," the report said.
Was APT10 behind the hack?
In December 2018, the US Department of Justice charged two Chinese nationals for hacking cloud providers, NASA, and the US Navy. The DOJ said the two hackers were part of one of the Chinese government's elite hacking units known as APT10
The two were charged for hacking the NASA Goddard Space Center and the Jet Propulsion Laboratory. It is unclear that these are the "advanced persistent threat" which hacked the JPL in April 2018 because the DOJ did not provide a date for APT10's JPL intrusion.
Also in December 2018, NASA announced another breach. This was a separate incident from the April 2018 hack. This second breach was discovered in October 2018, and the intruder (s) only trusted NASA employee-related information.
More data breach coverage: