Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
NASA Mars Network Privacy Security IT Technology

NASA Hacked Because of Unauthorized Raspberry Pi Connected To Its Network 134

An anonymous reader quotes a report from ZDNet: A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency's network and stole approximately 500 MB of data related to Mars missions. The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review. NASA described the hackers as an "advanced persistent threat," a term generally used for nation-state hacking groups.
This discussion has been archived. No new comments can be posted.

NASA Hacked Because of Unauthorized Raspberry Pi Connected To Its Network

Comments Filter:
  • Iâ(TM)m sure it was t an accident.

  • Shouldn't a major organization have configuration in place to prevent this sort of thing by now? Ye olde AH?

    • by gweihir ( 88907 )

      If they have that level of security needs, 802.1x would be the minimal requirement. Obviously they did not have that. And obviously styling the attackers as large, dangerous monsters is a transparent attempt to minimize their own screw-up.

      And seeing that nothing of any value was stolen...

      • by guruevi ( 827432 )

        802.1X on the latest Cisco gear with multiple authentication sources (eg multiple AD domains and LDAP servers) doesn't work yet. You'd think that major organizations have figured this out but they haven't. Between relying on single sourced equipment and having to rely on both 30yo tech and the latest that Microsoft and Oracle are pushing as well as internal infighting, nothing ever gets done.

        The DMV in my neighborhood literally put up a (very hackable and default-passworded) Netgear to provide WiFi which th

    • A Raspberry Pi setup could live in a space about as big as a cell phone, or credit card with the zero version. They're cheap, easy to hide and easy to deploy, except maybe electric power to the board. I'm just surprised it took until now for someone to do it.

      • by jonwil ( 467024 ) on Friday June 21, 2019 @09:29PM (#58802622)

        The problem here is that the network admin clearly didn't have measures in place to stop unauthorized devices connecting to the network.

        • by Anonymous Coward

          Yeah, MIcrosoft's advice to defend against this? IPSEC.

          If everything on your network is IPSEC signed, and keys caerfully handed out, then physically plugging in a new device gets ignored by other devices.

        • by AmiMoJo ( 196126 ) on Saturday June 22, 2019 @04:19AM (#58803374) Homepage Journal

          Reading the report it seems like they opted not to go that route because it would have been difficult to handle with various contractors and foreign space agencies needing to connect remotely (presumably via VPN) or when on-site. Instead they tried to segment everything, so that they could only access the data they needed and nothing else, but screwed that up.

          • IT is hard, but life is even harder when you lose your IT job because you didn't do the IT.

            Of course, it's probably a union job [washingtonpost.com], so they can likely fail at it for years with no come-uppance.

        • by Anonymous Coward

          NAC and other solutions are pretty simple to bypass. Look up 'pwnplug', their implementation kind of sucks for this but it's a good reference for using the pass through technique to get around pesky solutions. If they're decent they also hooked up a GSM dongle to it so they can C2 + exfil without traversing the target's normal egress which may be stringent or monitored... In my experience once you're this embedded into an internal network, it's pretty straight forward most times to get the data you want wit

      • by Dunbal ( 464142 ) *
        Or it just took until now for someone to get caught.
    • by Junta ( 36770 )

      Well, I have seen some well-meaning people trying to do work in the face of the most draconian networking requirements ever resort to an LTE connected device, connected to a computer they had (which was authorized) connected to the network.

      While all this sucks and should be strongly discouraged, IT departments need to also consider how they can provide a sane alternative. Too many IT departments fall into the trap of 'I just denied the request, my work here is done!' rather than actually helping such peopl

  • by kenh ( 9056 ) on Friday June 21, 2019 @09:27PM (#58802608) Homepage Journal

    Seriously? What are we talking about? A couple hi-res renderings of proposed Mars rockets, rovers, and facilities?

    A half a gigabyte? That's it?

  • Or was it connected for other reasons?

    What is the solution here? Hardware Mac filtering?

    • by beckett ( 27524 )
      I am hoping the solution will have something involving magnets.
    • What is the solution here? Hardware Mac filtering?

      MAC filtering is useless by itself, because you can change MACs. All you have to do is insert yourself between a machine and the network using dual NICs and you can spoof the host. You need to use 802.1X, or IPsec AH. Then you can simply block all non-authenticated traffic, or at least funnel it over to a less-trusted network, depending on your use case, with no need for MAC filtering at all. That does mean having to manage certs (or at least PSKs, but use certs) but you don't have to manage MACs.

  • The Martian ambassador denies any involvement in the security breach, although, to be fair, any acknowledgement of agency on their part would surely result in catastrophic scalation of violence (again).
  • Do NASA still have the data? Backups?

    Are we talking "data loss" or "secrecy loss"?
  • Thanks for letting us know at year later guys.
  • ...the password was 3.14159

  • Seriously, in so many ways, this is our OWN fault. The device was not an accident. It was put on the network and left there. Somebody knew it and moved it around. IOW, there is a spy inside of JPL.

    This is why I continue to say that we are destroying our own-selves. Our security has become a joke. Trump is an ass, but I am hoping that the conservatives/neo-cons that are operating under him will tighten up security back to what we had in the 60s.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...