A hacker accessed a NASA lab’s network by targeting an unauthorized Raspberry Pi, a pocket-sized computer which connects to the Internet.
From 23 files, two of which contained sensitive information, the hacker stole about 500 megabytes of data during the April 2018 attack. The hacker used an outside user account and moved unnoticed within JPL’s network for about ten months, according to a June Office of the Inspector General report about cybersecurity at NASA’s Jet Propulsion Laboratory in California.
Even though the employee had connected to the community the Pi, lax controls over logging meant NASA administrators did not know it was present, stated the report. This supervision left the device unmonitored on the system, allowing the attacker.
The weaknesses in security are exemplified by this, the report says that devices can be added to the network without being identified and vetted by security officials. This device should not have been allowed on the network.
The report also found when devices are added to the network, that the inventory system was not consistently updated by system administrators. They may not do so if system administrators neglect to do so or if the database isn’t working, and must update this inventory spreadsheet manually.
The Raspberry Pi is a credit-card sized computer that costs about $30. Since it’s tiny and simple to use it is also a popular selection for small-scale computing projects and has found a role in several computer education initiatives.
The Raspberry Pi is used to learn to code. This computer can be used to build DIY projects. Some projects that were built with a Raspberry Pi comprise arcade games, coffee machines, and dog treat dispensers.