Curiosity Mars Detector
Tencent Technology News, June 22, according to foreign media reports, NASA's Office of the Inspector General (OIG) released a report this week, showing that in April 2018, hackers had invaded the network and stole about 500MB. Data related to the Mars mission.
The entry point is the Raspberry Pi device, which is connected to the NASA Jet Propulsion Laboratory (JPL) IT network without authorization or through appropriate security review.
The 49-page OIG report claims that hackers use this entry point to hack into the JPL network by hacking the gateway of the shared network. Hackers used the network gateway to enter the JPL infrastructure and entered the network that stored their Mars mission information, stealing information from there.
OIG said in the report that hackers use a “destroyed external user system” to access the JPL task network. The hacker stole about 500MB of data from 23 files, two of which contained the “International Weapons Trade Regulations” related to the Mars Science Laboratory mission. ”
The Mars Science Laboratory is a JPL project that manages Mars & ldquo; Curiosity & rdquo; and other projects. NASA's JPL's main mission is to build and operate planetary robot spacecraft, such as the "Curious" Mars probe, or various satellites orbiting the planet in the solar system.
In addition, JPL manages NASA's Deep Space Network (DSN), a global network of satellite antennas used to send and receive information through NASA spacecraft in ongoing missions.
Investigators said that in April 2018, the intruders visited JPL's DSN IT network in addition to accessing JPL's mission network. After the invasion, several other NASA facilities disconnected from the JPL and DSN networks because of fear that the attackers would also switch to their systems.
NASA OIG said: “This attack was classified as a high-level persistent threat that has not been discovered in the past year. Investigations into this incident are ongoing. ”
The report blames JPL for failing to divide its internal network into smaller parts, a basic security practice that makes it harder for hackers to get inside the damaged network.
NASA OIG also accused JPL of not keeping the Information Technology Security Database (ITSDB) up to date. ITSDB is a database for JPL IT staff, where system administrators should log every device connected to the JPL network.
OIG found that the database list is incomplete and inaccurate. For example, the damaged Raspberry Pi board as an entry point does not have an ITSDB list entered.
In addition, investigators found that JPL IT's technology has lagged behind in addressing any security-related issues. The report stated: “We also found that the security issue log created by ITSDB when identifying potential or actual IT system security vulnerabilities has not been resolved for a long time (sometimes over 180 days). ”
In December 2018, the US Department of Justice accused two Chinese of invading the network of cloud providers, NASA, and the US Navy. The two were accused of invading the NASA subordinate Goddard Space Center and JPL. It is unclear whether these were the “Advanced Sustained Threats” that invaded JPL in April 2018, because the Ministry of Justice's indictment did not provide the date of the APT10 Jet Propulsion Laboratory invasion.
Also in December 2018, NASA announced another hacking attack. This was a hacking incident that was independent of April 2018, which was discovered by the agency in October 2018. The intruders only stole information about NASA employees. (Tencent Technology Review / Jinlu)