A low-cost, barebones computer that can fit in your palms left NASA open to a cyberattack, according to a recent audit report by the space agency. In April 2018, NASA's Jet Propulsion Laboratory discovered that a hacker was able to gain access to one of its "major mission systems" by targeting a unauthorized Raspberry Pi computer that was attached to the JPL network,
hack went undetected for 10 months, according to the NASA Office of Inspector General, and the perpetrator stole 500 MB of data from 23 files. Two of those files contained information on the transfer of restricted military and space technology related to the mission, according to the June audit report. The JPL is dedicated to robotic spacecraft construction.
While the intruder has evaded authorities, the audit report highlights that other devices were also attached to the network without NASA's knowledge. But none of the other devices have been marked as a security risk or an "advanced persistent threat," a term usually meant for nation-state hacking groups.
As a result of the hack, NASA stopped some of its agencies from using a core gateway due to fear that the hacker could harm currently active spacecraft.
This isn't the first time hackers have taken advantage of the space station's security flaws. As sister site ZDNet reports, last year the Department of Justice charged a pair of Chinese nationals for hacking NASA and the US Navy's cloud services. These hackers worked for Huaying Haitai Science and Technology Company located in Tianjin, China. Their goal included stealing intellectual property from top commercial and defense technology companies.
NASA didn't immediately respond to request for additional comment.