A small Raspberry Pi computer was used to steal sensitive data from NASA’s Jet Propulsion Laboratory (JPL), it emerged.
The credit card sized computer costs around £ 30 and has been touted as a way to teach basic computing in schools.
However, one of the devices ended up on the JPL network and was used to steal 23 files containing around 500MB of data.
NASA said two of the files that were recovered contained information on international arms trafficking regulations related to the Mars Science Laboratory mission.
These files are particularly sensitive because they concern the international transfer of restricted military and space technologies.
The hacker allegedly accessed the JPL’s internal network via the Raspberry Pi by hijacking his user account.
Once inside, he or she was able to exploit weaknesses in JPL’s security control system to move around undetected, gaining access to two of the three main JPL networks.
The attacker was undetected for about 10 months before the Raspberry Pi was discovered. He still has not been identified or caught.
The audit process revealed several other devices on the JPL network that system administrators were unaware of. However, none of them are considered malicious.
In his audit report , NASA admitted that “multiple weaknesses in computer security control reduce JPL’s ability to prevent, detect and mitigate attacks targeting its systems and networks.”
These vulnerabilities “expose the JPL to cyber intrusions leading to the theft of critical information.”
The US space agency is now taking steps to strengthen its cybersecurity defenses to prevent a repeat of the hack.