When you think of NASA, you think of the cutting edge of science and space exploration. These are the people who were responsible for the moon landing, the Mars missions, and countless technological innovations that have defined the world as we know it today.
What you might not think of is inadequate and out-of-date security, but here we are.
In June of 2019, NASA confirmed that its Jet Propulsion Laboratory (JPL) was hacked back in April 2018. What’s worse is that this hack remained undetected for almost one year. It doesn’t exactly fill you with confidence about our nation’s space agency, does it?
While the final extent of the damage is not (and may never be) known, NASA has confirmed that malicious actors stole approximately 500 MB of data related to the Mars missions. If you follow the news, these missions involve sending unmanned drones (such as the Curiosity rover) to the red planet to gather information. If things go well, the plan is to send a crewed mission at some point in the 2020s.
So, how was this high-tech cyber heist accomplished? Through espionage worthy of a Mission: Impossible movie? Nope. What if we told you that it was all because of an unauthorized Raspberry Pi?
While it is currently unknown how this device became connected to the JPL network, the hacker targeted it to gain access to the information contained within. The attacker used an external user account to download the information about the Mars missions, as well as gain access to the Deep Space Network array of radio telescopes used to transmit and receive information from NASA spacecraft.
After the intrusion was detected, many other NASA divisions disconnected from the affected networks to prevent their own systems from being infiltrated. Unbelievably, this is not the first time that someone has hacked into the JPL, as there have been other intrusions several times since the turn of the century. Back in December, for example, a data breach exposed the personal information of many employees, including social security numbers and addresses.
Needless to say, NASA network security seems to be in a sorry state. Not only did they not keep the Information Technology Security Database up to date (the Raspberry Pi wasn’t even entered into it), but there were long-standing security issues with tickets lasting longer than half a year. Furthermore, their internet network was in no way segmented, meaning that once hackers were in, they had access to just about everything.
So, what could have been done differently?
As security experts, it’s very difficult for us to read about high-profile hacks such as these. We know firsthand how difficult it can be to secure networks, especially ones that countless entities would love to get a foothold in. What really drives us nuts is that we know EXACTLY how they could have prevented this kind of cyberintrusion and it’s one of the most valuable and effective tools in our arsenal: the ORIUS® Wi-Fi Hunter.
The ORIUS® Wi-Fi Hunter passively scans the 2.4 GHz and 5.8 GHz bands to locate, identify, and analyze any wi-fi access points and wi-fi connected and enabled devices. With this information, you can profile all devices within range, green for authorized devices, red for unknown or rogue devices. Even better, you can use ORIUS® to direction find targets using audio and visual indicators, then deauthorize them remotely. It doesn’t matter if it’s a smartphone, micro PC, smartwatch, IP camera, or an IP bug, ORIUS® will track it down.
Even better, you don’t need a massive amount of equipment for ORIUS® to work. All you need is a cell phone, tablet, or computer to view the ORIUS® GUI. If there is any suspicious activity on the network, such as new networks appearing, encrypted networks suddenly becoming unencrypted, access point duplication, and any other potential issue, ORIUS will alert you, giving you the chance to address the problem before it even becomes a problem!
With the ORIUS® Wi-Fi Hunter Kit, you get the device itself, two Dual Band 2.4 GHz (8dBi) 5GHz (10dBi) Panel Antennas, two Dual Band 8 dBi Omni Directional Rubber Antennas, one 12V Power Adapter & Cable, and a pelican case to hold the entire package!
In short, NASA could have either hired ComSec to prefer TSCM services with the ORIUS®, or even just purchased and used the device themselves. It would have detected the unauthorized device quickly and efficiently, stopping the hackers before they were ever able to get access to the valuable information they were after. For the cost of the ORIUS®, they could have saved that priceless information about the Mars missions. Our fingers are crossed that they have learned their lesson.
Of course, it’s easy to look back on the mistakes made and see what was done wrong. Hindsight is 20-20, after all. But at ComSec, we are big believers in making sure that hindsight is unnecessary because you took all of the preventative steps ahead of time! The ORIUS® is only one of the tools that we use to prevent security threats before they happen. If you’d like to learn more about what we do and how we can help protect your privacy and security, please feel free to contact us today!
About the Author:
J.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com