The NASA (National Aeronautics and Space Administration) disclosed information about the hacking of its internal infrastructure, which was not detected for about a year. It should be noted that the network was isolated from external threats and that the attack by hackers was carried out from inside using a Raspberry Pi board, connected without permission at the Jet Propulsion Laboratory (JPL).
This board was used by employees as an entry point to the local network. During the hacking of an external user system with access to the gateway, the attackers were able to access the dashboard and through it, the entire internal network of the Jet Propulsion Laboratory that developed the mobile vehicle Curiosity and space telescopes.
Traces of intruders on the internal network were identified in April 2018. During the attack, unknown persons they were able to intercept 23 files, with a total size of about 500 MB, associated with missions to Mars.
Two of these files they contained information subject to a ban on exporting dual-use technologies. In addition, the attackers gained access to the network from a satellite dish DSN (Deep Space Network) used to receive and send data to the spacecraft used in NASA missions.
Of the reasons that contributed to the implementation of hacking, the late removal of vulnerabilities in internal systems was called.
However, the audit found that the database inventory was incomplete and inaccurate, a situation that jeopardizes JPL's ability to effectively monitor, report, and respond to security incidents.
System administrators do not systematically update inventory when adding new devices to the network. In particular, some of the current vulnerabilities remained uncorrected for more than 180 days.
The division also incorrectly maintained the ITSDB inventory database (Information technology security database), in which all devices connected to the internal network should be reflected.
Specifically, it was found that 8 of the 11 system administrators responsible for managing the 13 study sample systems maintain a separate inventory table of their systems, from which they periodically and manually update information in the ITSDB database.
In addition, a sysadmin stated that he was not regularly entering new devices into the database ITSDB because the update database function sometimes did not work.
Analysis showed that this database was carelessly filled and did not reflect the actual state of the network, including the one that didn't take into account the Raspberry Pi board used by employees.
The internal network itself was not divided into smaller segments, simplifying the attackers' activities.
Officials feared cyberattacks would laterally cross the bridge into their mission systems, potentially gaining access and sending malicious signals to manned spaceflight missions using these systems.
At the same time, IT security officers stopped using DSN data because they feared it was corrupt and unreliable.
Having said that, NASA did not mention any names directly related to the attack April 2018. However, some suppose this could be related to the actions of the Chinese hacker group known as Advanced Persistent Threat 10, or APT10.
According to the complaint, investigations showed that a phishing campaign allowed spies to steal hundreds of gigabytes of data by accessing at least 90 computers, including computers from seven aviation, space and satellite technology companies, from three companies.
This attack makes it very clear that even organizations with the highest levels of security can suffer this type of event.
Commonly, these types of attackers tend to take advantage of the weakest links in computer security, that is, the users themselves.
You can change the numbering of the board and the MAC address, change the name of the OS, the agent and others, I don't think it was from a raspberry, you can hack a server from the best machine and make it look like it was from a cell phone .
What a cloth, if they can do this, they can also control medical equipment and their patients in less protected environments. Now comes 5G and hyperconnection. What a danger.
Amazing, the hacker on duty used the same method as in the series 'Mr. Robot' in an episode of the first season…. and it worked just as well. As they say, sometimes reality is stranger than fiction.