In an audit report recently published by NASA, announced that in April 2018 that hackers accessed the space agency network and They stole about 500 MB of data related to the Mars missions.
According to the study report, Hackers infiltrated the Jet Propulsion Laboratory (JPL), a NASA-funded research and development facility in Pasadena, California. The report also identifies other incidents of data breaches and information theft across the agency's various missions.
The NASA, Over the past 10 years, JPL has experienced several notable cybersecurity incidents They have compromised significant segments of your computer network.
Since in 2011, hackers gained full access to 18 servers that supported key JPL missions and allegedly stole approximately 87 GB of data.
Most recently, in April 2018, JPL it discovered that an external user account had been compromised and used to steal some 500MB of data from one of its main mission systems.
The OIG reported through the report that JPL is plagued with numerous control deficiencies of computer security that limit your ability to prevent, detect and mitigate attacks directed at your systems and networks.
This weakness in the JPL security system exposes NASA's various systems and data to various attacks by hackers.
JPL uses its Information Technology Security database (ITSDB) to track and manage physical assets and applications on its network.
However, the audit found the database inventory to be incomplete and inaccurate, a situation that jeopardizes JPL's ability to effectively monitor, report, and respond to security incidents.
Sysadmins don't systematically update inventory when adding new devices to the network.
Specifically, 8 of the 11 system administrators responsible for managing the 13 study sample systems were found to maintain a separate inventory table of their systems, from which they update the information periodically and manually in the ITSDB database.
Also, a systems administrator stated that he did not regularly enter new devices into the ITSDB database because the update function of the database was sometimes not working.
Then you forgot to enter the resource information.
As a result, resources can be added to the network without being properly identified and verified by security officials.
Eg for the April 2018 cyberattack, which allowed the attackers to steal about 500 MB of data on the different NASA missions on the planet Mars exploited this particular weakness when the hacker accessed the JPL network with a Raspberry Pi not authorized to connect to the JPL network.
Hackers used this entry point to infiltrate the JPL network while hacking into a shared network gateway.
This action allowed the attackers to gain access to the servers that store information about missions to Mars carried out by NASA's JPL laboratory, from where they leaked about 500 MB of data.
The April 2018 incident cyberattack took advantage of the JPL network's lack of segmentation to move between various systems connected to the gateway, including various JPL mission operations and the DSN.
As a resultIn May 2018, IT Security Managers at the Johnson Space Center who run programs like the Orion All-Wheel Crew Vehicle and the International Space Station They decided to temporarily disconnect from the bridge for security reasons.
Officials feared cyberattacks would laterally cross the bridge into their mission systems, potentially gaining access.
That said, NASA did not mention any names directly related to the April 2018 attack. However, some assume that this could be related to the actions of the Chinese hacking group known as the name Advanced Persistent Threat 10, or APT10.