NASA officially confirmed that Hackers were attack on it’s network system.
The incident happened through unauthorized Raspberry Pi Device connected to NASA Jet Propulsion Laboratory (JPL) Servers.
According to report by NASA,
In April 2018, the Cyber Attack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorized to be attached to the JPL network.
32 The device should not have been permitted on the JPL network without the JPL OCIO’s review and approval.
What was happened?
The cyberattacker from the April 2018 incident exploited the JPL network’s lack of segmentation to move between various systems connected to the gateway, including multiple JPL mission operations and the DSN.
As a result, in May 2018 IT security officials from the Johnson Space Center (Johnson), which handles such programs as the Orion Multi-Purpose Crew Vehicle and International Space Station, elected to temporarily disconnect from the gateway due to security concerns.
34 Johnson officials were concerned the cyber attackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems.
At the same time, Johnson IT security officials discontinued use of DSN data because they were concerned it could be corrupted and unreliable.
As of October 2018, JPL’s network contained 153 open waivers. Of these, 54 were granted to employees no longer working for JPL and therefore the reason why a waiver was needed or granted likely has been lost.
Need Improvement in IDS
While Intrusion detection and prevention systems employed by JPL are necessary to defend against routine intrusions and misuse of computer assets, advanced threats demand a more proactive, efficient approach to incident detection and response.
Previous Cyber Attack on NASA
On December 2018, we have reported (NASA) has confirmed that one of its servers got hacked, and compromised personal data of its former and current employees details, including social security numbers.
In January 2009, a cyber attacker successfully penetrated a computer system at JPL and extracted approximately 22 gigabytes of program data by illegally transferring the information to an Internet Protocol (IP) address in China.
The stolen data included information protected under International Traffic in Arms Regulations and Export administration Regulations.
A follow-on NASA Office of Inspector General (OIG) investigation found that a significant contributing factor to the theft was inadequate security settings across various network points, including several computers and a server at JPL, which allowed the intruder to access a wide range of sensitive data.
To mitigate future attacks, JPL deployed host-based firewalls and intrusion prevention systems on workstations and implemented network segmentation throughout the JPL network to limit the spread of malware.
Nasa has confirmed that its IT security officials took immediate actions to secure the data servers and its working with cyber officials to investigate the incident.