Information from the mighty NASA Jet Propulsion Laboratory was recently stolen by a Raspberry Pi computer and it was reportedly used to steal around 500 MB of data. The theft was revealed during a recent audit and it showed that they contained data dealing with international transfer of restricted space and military related technology. Apparently the theft remained undetected for nearly 10 months as the attacker used a device that was unnoticeable. The hacker gained access to internal network of Jet Propulsion Lab through Raspberry Pi by hacking the user account of the employee who had plugged the device into the network.
This reveals the lax security and logging controls of NASA as none of its administrators were aware that such a device was logged in their network by an employee. Their oversight made the device vulnerable to attack by the hacker who used it like an entry door to gain access to NASA’s data and stole data without their knowledge. The Raspberry Pi is a credit card sized mini-computer which costs just around $30 and is used in computer education projects. It is also popular among small scale computing projects as it is small and easy to use.
Once the attacker gained access to the computer it then moved around the internal network and took advantage of weak internal security controls to jump around various departmental computers till it found what it required. The stolen information was taken from 23 files and the attacker has not been identified as yet. The audit process has also revealed that there are several other devices on their network that administrators are not aware of but fortunately none of them are malicious. Experts say that it is hard for large organizations like NASA to be perfect in maintaining complete visibility of all their devices as they depend on manual processes and humans to inventory all devices to their network.