The cyberattackers got away with mission-critical data.
NASA's famed Jet Propulsion Laboratory (JPL) might have been able to land multiple remotely-controlled robots on Mars — but when it comes to its cybersecurity track record, things look a lot less rosy.
According to a new 82 page investigation by NASA's Office of Inspector General, the JPL team's cybersecurity systems is plagued by flaws. In fact, the report outlines an event in which 23 files of mission-critical data was stolen by hackers — the culprit: a Raspberry Pi nano-computer "that was not authorized to be attached to the JPL network." The attack went unnoticed for ten whole months.
The Raspberry Pi was not vetted by IT security staff prior to being connected. The report points out that JPL administrators failed to add any new devices, including the Raspberry Pi, into official inventory spreadsheets.
The device was later cut off from JPL's network, but not before the hackers were able to move laterally across the network, picking up valuable data.
Even worse, a separate software vulnerability, allow "cyberattackers to remotely execute malicious code, encrypt data on a targeted system, and demand payments to unlock the data" — and it was not fully addressed.
READ MORE: A rogue Raspberry Pi helped hackers access NASA JPL systems [Engadget]
More on cybersecurity: Hackers Are Threatening Elections Around the World