Hackers around the world are always trying a new and creative approach to get the desired result. In a lot of cases, the hack job itself requires a sophisticated approach. One group of culprits successfully stole 500MB of NASA’s mission data by using a Raspberry Pi. A very interesting, albeit somewhat disturbing development which warrants some clarification.
The Raspberry Pi NASA Hack
To put everything in its proper perspective first and foremost, the target of the hack is NASA’s Jet Propulsion laboratory. That doesn’t make this incident any less worth taking note of, however, as hackers still managed to obtain 500MB of data related to the agency’s missions. That in itself is the worrisome aspect regarding this hack, albeit it remains to be seen how this information will be used exactly.
With this incident taking place in 2018, it took quite an investigation to uncover what had gone down exactly. It appears the hackers used a Raspberry Pi, which is one of the cheapest and most accessible small computers on the market today. Whereas most people use this device for home media purpose, some people try to pursue completely different angles, for rather obvious reasons.
In April of 2018, NASA records indicated an external user account had been compromised. This user account was then used to access mission information and steal the associated data. This account access was established by using a Raspberry Pi to connect to the Jet Propulsion Laboratory’s network. It appears the lab’s network suffered from a few security vulnerabilities which could be leveraged by the culprit.
It is believed a total of 23 files were obtained during this process. While it seems unlikely the person responsible for this hack will cause any major havoc with the data itself, there are some key details regarding the Mars Science Laboratory Mission included. It is a bit unclear why this specific data was stolen or how it will be used exactly.
This incident also had some rather interesting consequences. At one point, the Johnson Space Center disconnected from the JPL’s gateway altogether as the risk of getting compromised was too great. It was a premature course of action, albeit the decision can easily be justified in the long run. As such, one now has to wonder if all of these security holes have been or will be addressed properly.
So far, that does not appear to be the case just yet. In the released audit report, it clearly states how JPL’s systems still have critical vulnerabilities which need to be resolved accordingly. How and when that will be taken care of exactly, is difficult to predict at this point. It is evident hackers will take interest in this report as well, primarily because there is now a precedent for infiltrating critical systems through very cheap devices.