NASA Confirms Its Deep Space Network Has Been Hacked
NASA has confirmed its Jet Propulsion Laboratory (JPL) has been hacked, with those responsible reportedly gaining access to the Deep Space Network (DSN).
The federal agency revealed an unauthorised computer connected to the JPL servers was targeted by hackers, who then moved further into the NASA network.
Further to breaching the DSN, which is the largest and most sensitive scientific telecommunications system in the world, the cyber threat also targeted numerous other JPL systems.
NASA published an audit document from the US Office of the Inspector General earlier this week (June 18), which revealed an unauthorised Raspberry Pi computer enabled hackers to move further into its network.
The breach happened in April 2018, and led to the Johnson Space Center disconnecting from the gateway altogether, Forbes reports.
The audit report states:
Johnson officials were concerned the cyber attackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems.
In fact, Johnson still had not restored its use of all communications data by March this year, when the use of limited spacecraft data was restored, because it was still concerned about the integrity of its systems.
So what went wrong for such a huge security breach to take place? According to the audit, the way JPL’s network gateway was set up meant users were not limited only to the systems and applications for which they had approved access.
The audit report continued:
This shortcoming enabled an attacker to gain unauthorized access to JPL’s mission network through a compromised external user system.
Not only that, but NASA admits to having poor IT asset visibility, along with security violation ticket resolution shortcomings and a lack of security certifications.
All of these shortcomings meant the Raspberry Pi computer which hacked NASA’s system should never have even been permitted on the JPL network without prior review and approval. But it was.
For those of you wondering why hackers might want to target NASA in the first place, information security analyst Mike Thompson told Forbes the federal agency is an extremely high-profile target.
Many purely associate them with space related activities, but their depth of research and development includes patents covering cutting edge science that nation states would literally kill for.
NASA’s problems may not yet be over, with the report stating that in spite of the agency’s best efforts, ‘critical vulnerabilities remain’ that place JPL at risk of cyber intrusions.
UNILAD has reached out to NASA for a comment.
If you have a story you want to tell send it to UNILAD via [email protected]