NASA stands for cutting-edge science, the latest technology, and impervious security. However, the most technologically advanced organization on Earth recently got hacked with a $25 Raspberry Pi, a tiny computer anyone can buy.
NASA’s Jet Propulsion Laboratory (JPL) was breached ten months ago, according to the space agency’s recent report. The perpetrator managed to steal 23 files amounting to 500MB of data.
The files contained classified information about the Mars Science Laboratory mission, which handles the Curiosity Rover. It also had information related to the International Traffic in Arms Regulations, which restrict the export of US defense and military technologies.
One would think that a breach of this magnitude required massive technological resources. Nonetheless, the incident shows how easy it is to hack anything and anyone — even classified government secrets — with just a cheap mini computer. It’s also one of the reasons why public WiFi is so unsafe.
So how did an organization that holds some of the US’ most sensitive data get hacked with a device that anyone can buy?
According to the report, NASA had failed at even the most basic institutional security practices. Because their IT inventory was incomplete and inaccurate, the JPL couldn’t effectively monitor and report security incidents. Therefore, the cybercriminals were able to connect to the network without authorization and remained undiscovered.
Additionally, the agency did not separate its networks, so the hackers were able to move across them. They accessed two of the three primary JPL networks and got as far as the Deep Space Network. This is a global satellite network that sends and receives information to spacecraft on active missions. The system could be used to send malicious signals to human space flight missions.
The breach went undetected for nearly a year. Surprisingly, the NASA report admits that some of the security flaws are still not fixed.
The fact that hackers were able to breach JPL with a Raspberry Pi means that even the most technologically advanced organization in the world is not immune to a cheap, easy-to-use device. Just think what an amateur hacker could do to your networks with a little know-how.
Raspberry Pi, which was used as a point of entry to JPL’s network, is a single-board computer the size of a credit card. It’s widely popular for its diverse capabilities and low price. It’s often used to teach beginners how to code or when building various DIY projects. However, this time it was utilized for more nefarious purposes.
The incident drives home the point that hacking doesn’t require massive technological resources. If an organization like NASA was breached with a simple $25 device, imagine how vulnerable your unprotected networks are. Make sure you practice at least the basic security methods — create strong passwords, don’t connect to unfamiliar WiFi hotspots, and use a VPN. To protect your sensitive data, encrypt your files with NordLocker before you upload them to the cloud.
For more cybersecurity news and tips, subscribe to our monthly blog newsletter below!