Hackers exploited a credit card-size computer improperly connected to the Jet Propulsion Laboratorys network to access files undetected for 10 months, according to a report from NASAs Office of the Inspector General released this week.
Investigators found the La Canada Flintridge-based facility had multiple security weaknesses that reduced “JPLs ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals,” the report states.
JPL, managed by Caltech, is responsible for all of the Mars robotic missions, as well as probes sent to Jupiter, Saturn and beyond.
A spokesperson for JPL referred questions to the Inspector Generals Office.
According to the report, the hackers used a tiny computer called a Raspberry Pi, and a compromised external user account, to log in to JPLs mission network. They stole 500 megabytes of data across 23 files, including two that contained restricted information related to the Curiosity rovers mission.
The hack was discovered in April 2018, nearly a year later.
As a result, NASA questioned the integrity of data from the Deep Space Network and temporarily disconnected several space flight-related systems from the JPL network, the report states. NASAs Johnson Space Center had still not restored its use of certain data as of March 2019 because of continued concerns about its reliability.
The hack revealed JPL did not properly segregate its network. External users and partners, including foreign space agencies and contractors, were not limited to the approved systems and applications, and could access a variety of exploration and human space flight mission data.
This is the latest in a series of cyberattacks that have bypassed JPLs security over the years.
Chinese-based addresses stole 22 gigabytes of data in 2009 attacks anRead More – Source
[contf] [contfnew] 
daily news
[contfnewc] [contfnewc]
