NASA hacked because of unauthorized Raspberry Pi connected to its network

zdnet.com ^ | June 21, 2019 -- | Catalin Cimpanufor Zero Day|

[BenLurkin]

A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency's network and stole approximately 500 MB of data related to Mars missions.

The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.

According to a 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.

The hackers used this network gateway to pivot inside JPL's infrastructure, and gained access to the network that was storing information about NASA JPL-managed Mars missions, from where he exfiltrated information.

[marktwain]

This is pretty serious.

It is how the Chicoms are advancing on our dime.

The Soviets did this as well. Many of their weapons systems were copies of ours.

Reagan authorized traps to be installed to take advantage of the industrial theft.

That action had serious consequences for the Soviets.

[SunkenCiv]

...stole approximately 500 MB of data related to Mars missions.

Sounds remarkably uneventful. Thanks BenLurkin.

[wastedyears]

Pictures, telemetry... it might be nothing, it might be classified.

[tcrlaf]

I was at the Paris air show this week. One company I spoke with was very concerned about Chinese trying hard to get into proprietary info there. They were verifying everyone’s credentials before letting you look at the product.

[Waverunner]

Sounds like these guys were running IT. A system monitor should have alerted and locked out when a non approved, non assigned IP popped onto the network.
Pi fight anyone
I

[Mariner]

I blame NASA 100%.

No other fault can be assigned.

802.1x and Cisco’s ISE (Network Access Control) have been available for over 4 years now.

802.1x NAC tech is over 10 years old.

And it would prevent the connection of any unknown device to the network.

Only abject dereliction of duty caused it not to be. And the IT Director/VP/CIO of JPL should be charged and imprisoned for Criminal Negligence if he spent a single red cent on anything BUT NAC.

[BenLurkin]

{sigh}

Mega-bytes aren’t what they used to be.

First PC had dual floppy drives. Bought and installed a 30 meg hard drive and was living large.

[Chewbarkah]

“The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.”

In 49 pages of technical review at a bureaucratic level, I saw no mention of who owned the Raspberry Pi device, who connected it to the network or when, and most important, what were the CONSEQUENCES to them. As Ross Perot used to say, “Surely their mama gave them a name”. Wonder what it is? The possibility that the device was connected on purpose to facilitate hacking is not even explored.

[BenLurkin]

http://www.lerctr.org/~transit/healy/algoof.wav

[Lurker]

I have my home network locked down by MAC address and the WiFi hidden and strong password protected.

You’re right. This is criminal negligence and charges should be brought.

L

[Mariner]

Worse, there is NO WAY NASA knows what data was moved out, or HOW MUCH.

They’re lying about it.

Certain.

[SunkenCiv]

Mega-bytes aren’t what they used to be.

Exactly.

First PC had dual floppy drives. Bought and installed a 30 meg hard drive and was living large.

The first hard drive I remember seeing was 5 MB and cost a small fortune. The first Gig drive ad I saw (in Infoworld I think) was ten grand. The first terabyte drive I saw was $400 at Staples, just setting out on the shelf.

terabyte sandisk site:youtube.com

Google

[wastedyears]

How could you find out what information was copied on to an outside device? To test, can I track some professional documents I copy from my PC to a flash drive?

[mabarker1]

Remember DBLSPACEing 1.44mb 3.5” Floppies up to 2.88mb 3.5” ?

I thought I was defficating in high cotton back in those days.

Everyone else just thought “here He goes again, walking off another cliff and for what ?”

They called Me madd at the corner store...

[mabarker1]

The 2nd Computer We had back in the 1980’s at the Autoparts Store had a 10mb HDD that was an 18” Fixed Platter and there were ODD and EVEN Removable Mirroring Platters also 10mb. It required Both Platters to Boot up. It also had 2, 8” Flexible Floppies that were used for Data Backup (also ODD/EVEN) and required 8 to 10 Floppies.

The CPU Cabinet was 7’ tall, 3’ wide and 4’ deep.

The Salesman told Us We could operate 4 Stores with that Machine HA!!!! It would barely run 1 Store with 4 CRT’s, 1 Tractor Feed single color Black ribbon Okidata 8.5” Invoice Printer and 1 Tractor Feed single Black ribbon Wide Paper Report Printer. All Peripherals were run on Serial Cables.

I learned to Type on the Computer Keyboard not on a Typewriter.

[mabarker1]

There’s many different Administrator Tools and will depend on The Operating System.

[SunkenCiv]

Sounds like a CP/M machine, I used one of those as well, still a thrill at the time; also had to use the DisplayWriter (IBM) which used a couple of 8" drives.

[Chode]

ibm?

[mabarker1]

The Software was CDA (Computer Data Access) Private Company out of NJ. Assembler Code/Language Base Package Customized for Each Victim Customer. It was really a pretty good Program that just needed quite a bit of Debugging and Tweaking done to it simply because the Programers didn’t know all the “Little things” about Auto parts, Pricing, Inventory Control, Core Charges or Exchanges, Defective Parts, Sales History, Accounting, AR & AP, Alternative Part Numbers & Costs, List, Over the Counter (Retail), Garage & Stocking Garage Pricing and QSP. But over the course of Time We got Them Trained and got the Code fixed or added.

The Hardware was from: Uuuuuhhhhhmmmmdamneditcantrememberthenamerightnow.......