25.4 C
Accra
Sunday, September 25, 2022

Raspberry Pi used to steal data from Nasa lab

Must Read

Fitch downgrades Ghana from ‘CCC’ to ‘CC’

Fitch Ratings has downgraded Ghana’s Long-Term Local- and Foreign-Currency Issuer Default Ratings (IDRs) to ‘CC’, from ‘CCC’. Fitch typically does...

Ghana suffered 3-0 defeat to Brazil in pre-World Cup friendly

Ghana suffered a 3-0 defeat in the hands of five-time world champions Brazil during a friendly match at the...

Craft information on ”right to know” basis- Security Expert Adib Sani tells Police  

By Rebecca Ekpe Security Expert Adib Sani says there should be a deeper collaboration between the Police and the Media,...

A tiny Raspberry Pi computer has been used to steal data from Nasa’s Jet Propulsion Laboratory, the space agency has revealed.An audit report reveals the gadget was used to take about 500MB of data.

It said two of the files that were taken dealt with the international transfer of restricted military and space technology.The attacker who used the device to hack the network went undetected for about 10 months.

The malicious hacker won access to the Jet Propulsion Lab internal network via the Raspberry Pi by hijacking its user account.

Although the Pi had been attached to the network by the employee, lax controls over logging meant Nasa administrators did not know it was present, said the report.

This oversight left the vulnerable device unmonitored on the network, allowing the attacker to take control of it and use it to steal data.

The Raspberry Pi is a credit-card sized computer that costs about $30 (£24). It has found a role in many computer education initiatives and is also a popular choice for small-scale computing projects because it is tiny and easy to use.

Once the attacker had won access, they then moved around the internal network by taking advantage of weak internal security controls that should have made it impossible to jump between different departmental systems.

The attacker has not been identified or caught.The stolen data came from 23 files, but little detail was given about the type of information that went astray.

The audit process revealed several other devices on the JPL network that system administrators did not know about. None of these other devices was believed to be malicious.

“It’s extremely hard for large, complex organisations such as Nasa to be perfect in maintaining full visibility and control of all their devices.” said Nik Whitfield, head of security company Panaseer. “Typically this is because they depend on manual processes and human beings to continually inventory all devices connected to the network and the specific vulnerabilities they suffer.”

When the breach became known about within Nasa, it prompted some parts of the agency, including the Johnson Space Center, to stop using a core gateway that gave employees and contractors access to its other labs and locations.

This was done because it was feared the attacker could exploit their widespread access to get at flight systems controlling currently active spacecraft.

The audit report recommended that Nasa do a better job of monitoring its network and tighten up its hack attack policies.

SourceBBC

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Fitch downgrades Ghana from ‘CCC’ to ‘CC’

Fitch Ratings has downgraded Ghana’s Long-Term Local- and Foreign-Currency Issuer Default Ratings (IDRs) to ‘CC’, from ‘CCC’. Fitch typically does...

Ghana suffered 3-0 defeat to Brazil in pre-World Cup friendly

Ghana suffered a 3-0 defeat in the hands of five-time world champions Brazil during a friendly match at the Stade Oceane in Le Havre,...

Craft information on ”right to know” basis- Security Expert Adib Sani tells Police  

By Rebecca Ekpe Security Expert Adib Sani says there should be a deeper collaboration between the Police and the Media, especially in the dissemination of...

First batch of 300 Riverguards begin Training at Eastern Naval Command

One Hundred persons, from various parts of the country, have begun a one-month training as part of efforts to protect Ghana's river bodies from...

GJA asks the Police Administration to review ”Centralisation of Information Dissemination Policy”

By Ewurabena Paha The Ghana Journalists Association (GJA) says despite the magnitude of the challenges the Police Administration encounters in its bid to share information...

More Articles Like This