A Nasa report on cyber security at the Jet Propulsion Laboratory (JPL) has described how the facility's systems were penetrated by hackers using an inexpensive computer as their point of entry.

According to the report, unknown hackers extracted data from a Nasa network in April 2018. The hackers used a Raspberry Pi – an inexpensive single-board computer popular with hobbyists and educators – as their point of entry, hijacking its user account. Through the device, they were able to break through a shared network gateway, pivot inside JPL’s infrastructure and access a network storing data relating to Nasa missions.

JPL, which is owned by Nasa and managed by the California Institute of Technology (aka Caltech), is primarily engaged in designing, constructing and maintaining satellites and robotic spacecraft for Nasa missions. JPL is home to the Mars Science Laboratory, which - among other projects - is investigating whether Mars could be a hospitable climate for humans, using the robotic Curiosity rover.

The hackers targeting JPL were able to acquire approximately 500Mb of data relating to Nasa’s Mars missions: “The attack exfiltrated approximately 500 megabytes of data from 23 files, two of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission,” the Nasa report said.

According to the report, the same hacker also accessed the JPL’s Deep Space Network (DSN) IT network. The breach went undiscovered for 10 months.

“Classified as an advanced persistent threat, the attack went undetected for nearly a year,” the report said. “The investigation into this incident is ongoing.”

The report stated that JPL could have posed a tougher challenge to hackers if its internal network was split into smaller networks (preventing hackers from hopping effortlessly between systems) and if its IT security database (on which every device connected to the local network is logged) had been kept up to date; several benign devices, as well as the nefarious Raspberry Pi used as the hackers’ entry point, had not been logged on this database. IT staff were also found to be falling behind when it came to fixing security issues, with some issues going unresolved for longer than 180 days.

After the attack had been discovered, some Nasa facilities, including the Johnson Space Centre, stopped using a core gateway which allowed users to access Nasa data and systems remotely.

The identity of the hacker(s) is not yet known.