500MB Worth Of NASA's Mission Data Has Been Stolen By Hackers, Audits Found

18/06/2019

The National Aeronautics and Space Administration confirmed that its Jet Propulsion Laboratory (JPL) was hacked. The incident happened in April 2018.

At that time, hackers were able to compromise an external user's account and steal data related to the space agency "major mission systems", using just a cheap Raspberry Pi computer. The news was announced after NASA's audit report.

The hackers were able to take advantage of weaknesses found in the laboratory's network, which was undetected for 10 months.

In process, the hackers stole 23 files worth 500MB, two of which contained information on International Traffic in Arms Regulations, which controls the transfer of military and space-related technology, related to the Mars Science Laboratory Mission.

The auditors discovered that users on JPL’s network were able to enter its systems and applications that they were not approved to access. The system administrators also did not properly track the devices added to the network.

This allowed the hacker to deeply infiltrate the network and remain undetected for a long time, according to NASA Inspector General Office of Audits in a report published on June 18, 2019.

The Jet Propulsion Laboratory (JPL)
The Jet Propulsion Laboratory (JPL) is a federally funded research and development center and NASA field center in La Cañada Flintridge, California, United States

The report explains that NASA JPL utilizes a web application called Information Technology Security Database (ITSDB) for tracking and managing its network applications and physical assets.

The JPL internal network is only accessible to those "IT resources" that have been registered in this database and approved by the lab.

According to NASA, when the team receives receipt of a new equipment notification, line managers are given 30 days to assign the new property to system security plans, and to "implement required security controls."

However, during the investigation and among other security issues, the officials found that:

"…system administrators did not consistently update the inventory system when they added devices to the network. Specifically, we found that 8 of 11 system administrators responsible for managing the 13 systems in our sample maintain a separate inventory spreadsheet of their systems from which they periodically update the information manually in the ITSDB. One system administrator told us he does not regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work and he later forgets to enter the asset information. Consequently, assets can be added to the network without being properly identified and vetted by security officials."

The report blamed the JPL's failure to segment its internal network into smaller segments. This is considered a basic security practice that makes it difficult for hackers to move inside compromised networks with relative ease.

The NASA OIG also blamed the JPL for failing to keep the ITSDB up to date. As a database for the JPL IT staff, system administrators are supposed to log every device connected to the JPL network.

The OIG also found that the database inventory was incomplete and inaccurate, and in addition, the investigators also found that the JPL IT staff was lagging behind when it came to fixing any security-related issues.

"We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time-sometimes longer than 180 days," the report said.

Due to the widespread breach, the Johnson Space Center that is responsible for programs such as the International Space Station, has disconnected itself from the gateway.

The space center’s officials were concerned that the hackers could "move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."

NASA and its laboratories are lucrative targets for hackers due to the agency’s research and development, which includes patents on cutting-edge technology.