Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday June 20 2019, @07:26PM   Printer-friendly
from the Pi-in-their-face dept.

Feds: Cyberattack on NASA's JPL Threatened Mission-Control Data

NASA's Jet Propulsion Laboratory (JPL) may know how to send delicate equipment to Mars, but basic cybersecurity best practices appear to pose an issue for it. A comprehensive federal review has detailed an April 2018 security incident that compromised mission systems – stemming from multiple IT security-control weaknesses exposing NASA systems and data. The review, released Tuesday and carried out by the U.S. Office of the Inspector General, said that the weaknesses "reduce JPL's ability to prevent, detect and mitigate attacks targeting its systems and networks."

Specifically, poor practices when it comes to network segmentation and third parties were source of a cyberattack in April 2018, OIG said. In that incident, hackers targeted a Raspberry Pi computer that was not authorized to be attached to the JPL network, exploited it, and then proceeded to take advantage of the network's lack of segmentation to find a network gateway and pivot deeper into the system.

The attack had deep-space repercussions (literally) that spread to mission control in Houston. The adversaries were able to move between various systems connected to the pwned gateway, including those involved in multiple JPL mission operations and the Deep Space Network (DSN), which is NASA's international array of giant radio antennas that supports interplanetary spacecraft missions. "As a result [of the hack], in May 2018 IT security officials from the Johnson Space Center (Johnson), which handles such programs as the Orion Multi-Purpose Crew Vehicle and International Space Station, elected to temporarily disconnect from the gateway due to security concerns," OIG explained.

Also at Engadget and PC Magazine.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by ElizabethGreene on Thursday June 20 2019, @08:39PM (1 child)

    by ElizabethGreene (6748) Subscriber Badge on Thursday June 20 2019, @08:39PM (#858209) Journal

    There are lots of ways to phone home. You can hide it in DNS requests, innocuous looking web requests, reverse ssh connections, and a bunch of other ways.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by c0lo on Friday June 21 2019, @12:41AM

    by c0lo (156) Subscriber Badge on Friday June 21 2019, @12:41AM (#858338) Journal

    https://en.wikipedia.org/wiki/HTTP_tunnel [wikipedia.org]
    Heck, even https://en.wikipedia.org/wiki/ICMP_tunnel [wikipedia.org] - anyone interested in a FTPing for file transfer,?

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford