The US Space Agency confirmed that hackers managed to break into their computer systems. The attack was launched without a license from a Raspberry Pi microcomputer connected to NASA’s internal network, from the Jet Propulsion Laboratory (JPL).
Taking advantage of this loophole, hackers were able to penetrate deeply into other NASA subsystems. Among others
AVAILABLE TO THE DATA OF THE DEEP SPACE NETWORK RADIO TELECOMMUNICATIONS, INCLUDING ITS OTHER JPL STATIONS.
The attack took place in April last year, but it was only officially recognized. The extent of the damage is illustrated by the fact that the Johnson Space Center, which is directly responsible for space management (such as keeping in touch with the International Space Station), has decided to completely disrupt the network connection with JPL.
The now published internal due diligence report states that
The Johnson Space Center officials feared that cyber-attackers could reach mission management systems through the link and could even send malicious signals to manned space travel.
The report highlights that although in March this year the data on the operation of space assets was partially restored, JPL has not yet restored the communication data, fearing that the systems are still unsafe. The screening also revealed a lot of human omissions at JPL that helped make hacking so successful. Cyber security officials have been regularly delayed when vulnerabilities were detected in the system, and generally the security of JPL systems did not reach the level expected from an aerospace and space station authority.
System administrators did not undergo security screening, were not trained to handle such cyber attacks, or even had a system for 24-hour security incident reporting.
External experts also wonder why they have now made public penetration a reality, while so far it has not been confirmed that the systems are safe and the hackers have installed malicious programs from the internal network. In other words, attackers may have access to certain subsystems at the moment, so JPL does not know about it. But criminals now know exactly what they have discovered and can react to the attack.
NASA’S SYNTHESIS CANNOT BE DELIVERED FROM THE CERTIFICATE OF SAFETY