Two of the files that were taken dealt with the international transfer of restricted military and space technology. The attacker who used the device to hack the network went undetected for about 10 months.
The Pi had been attached to the network by an employee, lax controls over logging meant Nasa administrators did not know it was present, said the NASA report. This oversight left the vulnerable device unmonitored on the network, allowing the attacker to take control of it and use it to steal data.
Once the attacker had won access, they then moved around the internal network by taking advantage of weak internal security controls that should have made it impossible to jump between different departmental systems.
The attacker has not been identified or caught. The stolen data came from 23 files, but little detail was given about the type of information that went astray.
The audit process revealed several other devices on the JPL network that system administrators did not know about. None of these other devices was believed to be malicious.
When the breach became known about within NASA, it prompted some parts of the agency, including the Johnson Space Center, to stop using a core gateway that gave employees and contractors access to its other labs and locations. This was done because it was feared the attacker could exploit their widespread access to get at flight systems controlling currently active spacecraft.
The audit report recommended that NASA does a better job of monitoring its network and tighten up its hack attack policies.