NASA has recently published a report written by the space agency’s Office Inspector General which reveals that, in April of 2018 hackers have not only penetrated the agency’s Jet Propulsion Laboratory network but have taken away from it around 500 MB of data related to the NASA Mars missions.
According to the report, NASA’s Jet Propulsion Laboratory uses an application called Technology Security Database that allows the agency to track and manage all of its network applications. It’s also the one responsible for allowing only NASA’s IT resources to access the internal network.
When NASA’s IT team receives a new piece of equipment, the line managers have 30 days to assign to the device the required security controls.
However, during the investigation that followed the data theft, the officials found that the system administrators did not always update the inventory system.
“One system administrator told us he does not regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work and he later forgets to enter the asset information.” The report says. “Consequently, assets can be added to the network without being properly identified and vetted by security officials.”
The April hack comes as a direct consequence of these actions, as a Raspberry Pi that did not go through the necessary Jet Propulsion Lab authorizations was the one to access the network and steal the data.
Shortly after discovering the hack, the NASA Johnson Space Center disconnected from the gateway in order to keep its own network protected but has since re-connected about seven months later.
In December of 2018, two Chinese nationals were charged for hacking cloud providers. According to the U.S Department of Justice, the two hackers were part of a Chinese government elite hacking unit known as APT10.
The two hackers were charged for hacking both the Jet Propulsion Laboratory as well as the NASA Goddard Space Center but the indictment doesn’t specifically mention a date for the Jet Propulsion Lab hack. So it’s unclear if these specific hackers are actually responsible for the April hack too.
It was stated in the court documents that the hackers started their attacks back in 2006 and used spear-phishing to collect employee credentials from various companies. Via those credentials, they managed to plans malware on the networks of the companies and subsequently gained access to intellectual property, which they swiftly stole.
The hackers have also stolen, among other things, the personal details of over 100,000 Navy personnel, after having breached the U.S Navy’s cloud service.