Some of you might be thinking that it being an IT security guy is not all that tough. All an expert has to do is block the bad stuff and grease the wheels for the good stuff.
But you’d be wrong. While yes, there are a growing number of tools out there to help IT security officers better manage their networks, the sheer complexity of the machines that basic users have at their fingertips can give a squirrelly attacker access to the real juicy confidential stuff.
And the thing is, in most occasions, these attacks are not due to malicious employees or even thoughtless ones. The attacks are increasingly designed to bypass human red flags. And if an employee has never been trained on what is dangerous, and you don’t have the proper systems and configurations to prevent piggyback or unauthorised remote access – or whatever route the attacker cracks open, well, you are a sitting duck.
You would be forgiven if you thought I was referring to the so-called mom-and-pop shops – you know, the smaller businesses that might not have appropriate knowledge resources or budget to invest into cybersecurity. But I am not talking about them.
I am talking about a recent attack that impacted NASA. Here are the high level facts:
An audit released by the NASA Office of Inspector General on June 18 reveals that an early 2018 cyberattack compromised a Raspberry Pi mini-computer and resulted in a hacker making off with restricted NASA documents.
The Raspberry Pi…plugs into a computer monitor or TV, and uses a standard keyboard and mouse. It is a capable little device that enables people of all ages to explore computing, and to learn how to program in languages like Scratch and Python. It’s capable of doing everything you’d expect a desktop computer to do, from browsing the internet and playing high-definition video, to making spreadsheets, word-processing, and playing games.
Unfortunately, despite this description, the Raspberry Pi can also be used for nefarious purposes.
The audit revealed that in April 2018, NASA’s Jet Propulsion Laboratory (JPL) uncovered that an attacker gained access to one of its “major mission systems.” They were able to gain access by targeting an unauthorized Raspberry Pi computer, which had been attached to the JPL network.
Worse, the Raspberry Pi hack went undetected for 10 months, according to the report, and the perpetrator stole 500 MB of data from 23 files. Two of those files contained information on the transfer of restricted military and space technology related to the Mars Curiosity Rover mission, it said. The JPL is dedicated to robotic spacecraft construction.
The report also said that other unauthorised devices were attached to the network, without NASA’s knowledge. but none of the other devices has been marked as a security risk.
Media reports say that NASA stopped some of its agencies from using a core gateway due to fear that the hacker could harm currently active spacecraft.
This is of course not the first time that NASA has been under attack, but let this attack serve as a wake up call to those of you who haven’t the right services and scripts in place to keep you informed about what is going on in your network.
Not only because you have to revisit your entire ecosystem to find further holes, but you have to suffer the embarrassment of telling the world – users, customers, third party providers, business contacts – that your security was not up to par.
If you want to discuss affordable solutions with an information security expert, get in touch. We are here to help.