NASA hackers used cheap Raspberry Pi computer in lab cyber attack, auditors say

NASA’s Jet Propulsion Laboratory was the victim of a cyber attack last year — with hackers managing to steal about 500 megabytes of data, a government report revealed this week.

The federally funded research lab has contributed to missions including the Mars rovers, International Space Station experiments and the Voyager probes. The California Institute of Technology has managed the JPL since 1959 and is responsible for the lab’s network security.

In April 2018, someone using a Raspberry Pi — a cheap, credit card-sized computer that connects to servers — gained unauthorized access to the JPL network, according to a Tuesday report from auditors at the NASA Office of Inspector General. The attacker gained access to a user’s account and took advantage of weaknesses in the lab’s shared IT environment to expand their access and move across the network.

The attacker remained undetected in the JPL network for 10 months and made off with about 23 files, the agency said. Two of the files obtained in the attack contained International Traffic in Arms Regulations information related to the Mars Science Laboratory Mission.

Auditors found users on JPL's network hadn't been limited to just the systems and applications they’d been approved to access. That allowed the April 2018 attacker to gain unauthorized access to JPL’s mission network. Also, system administrators didn’t properly track devices added to the network, which is how the unauthorized computer in the attack remained undetected for so long.

JPL lacked some recommended cybersecurity industry practices and didn’t report certain types of IT security incidents to NASA, even though their contract requires it, according to the report.

“Collectively, these weaknesses leave NASA data and systems at risk,” auditors wrote.

The April 2018 incident wasn’t the only attack on the JPL network. The report highlighted five other “notable external attacks” dating back to 2009. Two of them involved Chinese IP addresses, with attackers extracting more than 100 gigabytes of data between the two incidents.

In one incident, an intruder uploaded malware to a JPL server, according to the report. In another, foreign hackers compromised a server that runs source code used in ground operations for scientific spacecraft.


In the report, auditors recommended nine steps to improve JPL’s IT security, including reviews of security procedures and the implementation of a new strategy for managing incidents.

NASA signed another contract with Caltech in October 2018 to manager JPL for the next five years. As of March, NASA hadn’t yet approved JPL’s plans for implementing new IT security.