NASA, the biggest and most popular space agency in the world is not free from cyber attacks.

An audit published on June 18th by the National Aeronautic and Space Administration (NASA) revealed evidence of hackers breaching the agency’s networks and stealing more than 500 megabytes of information.

The General Inspector Office (GIO) from NASA presented evidence of hacking, in which 23 archives were stolen, among those files there are two confidential archives. More than 500 megabytes of data from the US missions to Mars were taken from the Jet Propulsion Lab.

The other set of information was linked to the exportation control law for technology with military uses.

“The hacker managed to infiltrate two of the main networks of the JPL”, said NASA informant.

The hacker infiltrated the computer network of one center in April last year with a US$35 small computer, forcing the agency to temporarily shutdown the control systems of space travel from the affected center.

The cyber attack to the Jet Propulsion Laboratory, in Pasadena, California, began on 2018 and lasted for almost a year. The biggest concern, besides the information stolen, is that it the fails in security from the agency were exposed, since the breach lasted more than 10 months. The auditing process revealed other devices in the JPL network that the administrators did not know about. None of those devices were considered harmful.

“It is extremely difficult for big and complex organization such as NASA to perfectly control and supervise all their devices”, said Nik Whitfield, chief of the security company Panaseer. He also states that: “Generally, is because they depend on the natural process and human staff to do a continuous inventory of all devices linked to the network, and their specific vulnerability.”

Even safer organizations can suffer these attacks; however, the real issue usually is in the weakest links of the chain which renders the whole infrastructure weak.

It must be highlighted this is not the first time NASA has been attacked. In other occasions, hackers have tried to enter their system, but this time they managed to breach in due to an open in security, and use the digital control called Raspberry PI.

The hacker used a small Raspberry Pi computer that can be linked to a TV, and used mainly by children in developing countries to learn how to program. The Raspberry Pi entered the JPL system without authorization.

This small computer has become a popular tool to learn basic programming, robotics, and to create DIY projects. Its small size and versatility can lead to users to not always use it with the best intentions.

It was known that hackers breached through a variant of important missions. For example, they entered to Deep Space Network mission, the network of communication installation for space ships. Following the breach, the security equipments of some of these space programs were disconnected from NASA’s network. And it was not the only thing researchers found.

The GIO found as well that, aside of having small visibility of the devices connected to the network; their individual parts were not divided. There were cases in which the security tickets produced were not solved for long periods of time. The resolution time for the tickets was 180 days, incredibly. There are also details of the response before incidents in JPL.

NASA has been working with the FBI to assess the reach of breach, to plan a strategy to reduce risks, and to find whoever may be responsible of this regrettable fact.

The JPL installed new monitoring agents in its firewalls, and it is checking with NASA the access permissions to the network its external partners have.

After GIO’s audit, 10 recommendations were issued. NASA agreed with nine of those, and promised to implement them between July 30th 2019 and January 15th 2020. The only recommendation NASA did not agree was to “establish a formal and recorded process of threat hunting”, since they claim that, Caltech, NASA contractor, cannot be responsible for that.

The breach made NASA fear that the hacker could enter from the California center to other centers in the country included the Johnson Space Center in Houston, where the control room for the International Space Station and American flight is.

Likewise, security equipments of some sensitive programs, such as Orion Multi-Purpose Crew Vehicle and the International Space Station, were disconnect form the agency’s network.