An audit report by NASA has revealed that a Raspberry Pi computer was used to steal data from the agency’s Jet Propulsion Laboratory. The credit card-sized computer was connected to JPL’s network and had undetected access to files for 10 months. More has been revealed in a report from NASA’s Office of the Inspector General this week.
NASA’s Jet Propulsion Laboratory is managed by Caltech. It manages all of the robotic missions on Mars in addition to the probes that have been sent to Saturn, Jupiter, and beyond. The Raspberry Pi was used in combination with a compromised external account to log into JPL’s mission network. Around 500 megabytes of data across 23 files were stolen. At least two of the files had restricted information about the Curiosity rover mission on Mars.
It was discovered during the investigation that JPL had security weaknesses which reduced the lab’s “ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals.”
The discovery of the hack caused NASA to question the integrity of the data from its Deep Space Network. In response to the discovery, it temporarily disconnected multiple space flight-related systems from the JPL network. The report mentions that JPL hadn’t properly segregated its data and that external partners such as contractors and foreign space agencies were not limited to the approved systems and apps.
“Improvements to JPL’s security controls and increased oversight by NASA is crucial to ensuring the confidentiality, integrity and availability of agency data,” the report concluded.