News Internet & Security Cybersecurity is Rocket Science NASA's JPL blunder is a warning for all of us By Lance Ulanoff Editor-in-Chief, Lifewire.com our editorial process Facebook Twitter LinkedIn Lance Ulanoff Updated August 12, 2019 Lifewire / Lance Ulanoff Internet & Security Phones Internet & Security Computers Smart & Connected Life Home Theater Software & Apps Social Media Streaming Gaming View More Tweet Share Email Space engineers, they’re just like us. Right now, NASA’s JPL (Jet Propulsion Laboratory) Insight spacecraft is probing beneath the surface of the Mars, seeking fresh understanding of the origins of the planet and its solar system neighbors. NASA excels at this kind of complex, detail-oriented work, but a few months before Insight landed on Mars in November 2018, JPL made an embarrassing, rookie cybersecurity error — one that reminds all of us that, to survive in this digital world, we have to be smart and remain vigilant. In the case of JPL, hackers detected and exploited an unauthorized Strawberry Pi minicomputer (it’s a full-blown, albeit keyboard- and screen-less computer, usually about the size of a credit card) connected to the spacecraft's system. Infiltrators ultimately walked away with details on a host of NASA missions, and JPL ended up with egg on its face, making promises to change procedures. I’m sure the intrepid Insight rover was a little embarrassed, but it knows better than to stop its work and start rolling around on the Red Planet in a fit of hysterics. It’s easy for us, though, to chuckle at NASA’s JPL as long as we’re not taking a good look at ourselves or the myriad systems we rely on every day. Three years ago, an attack affected 3 billion Yahoo accounts.The 2017 Equifax breach hit 147.9 million accounts.The WannaCry malware infected hundreds of thousands of computers in 150 countries. I know it’s easy to blame corporations for not doing enough to protect us and that’s a fair criticism. Corporate systems, which invariably feature local computers connected to networks and servers containing all kinds of crucial data are especially vulnerable to attacks. The tiny JPL Raspberry Pi computer that likely pinged the Internet almost as soon as it was plugged in is not much different than an infected thumb drive that drops malware on a corporate PC as soon as you slot it in. Many administrators lock down system USB ports to close off this vulnerability. It's Your Job, After All Max DeRoin / Pexels However, before you laugh at NASA and corporate America’s ineptitude, it’s probably worth taking a good look in the mirror. I still believe that many consumers are not doing the basic work to protect themselves and their digital connections. Let’s start with the world’s most popular operating system. According to StatCounter, the decade-old Windows 7 maintains a 33% desktop market share (the derided Windows 8.1, by the way, has less than 6%). Microsoft’s mainstream support for Windows 7, meaning when they would still deliver feature updates, ended in 2015. Extended support, which is primarily security updates, ends next year. When that happens, those millions of Windows 7 users will be flying without parachutes. Hackers, knowing that the platform will slowly devolve into a buggy, vulnerability-ridden mess that’s still running in homes and businesses around the world, will likely increase their attacks. I know people who still haven’t updated to Windows 10 because they don’t like the interface – or change in general – but the built-in Windows Defender Security System is as good as most mainstream security software packages. Also, grow up. If you don’t upgrade and end up infected or hacked, it’s kind of your fault. Let’s say you’re on the right side of platform updates, but you’re on the wrong side of social engineering. For most consumers, this is by far a bigger threat than a USB-, app-, or site-borne virus or malware. Social engineering is the opposite of technology, it’s a threat that targets, literally, your humanity. It’s as if a psychiatrist programmed a virus: What’s your biggest fear? What makes you sad? What do you want the most? Instead of filling spammy email, random texts, and even unexpected Google Calendar invites with actual malware, social engineers fill them with fears, come-ons, and requests, or what’s better known as Phish. It’s the power of these words and your desire to solve or fulfill some needs that triggers you and then you trigger the attack, usually by clicking a link or, even worse, dumping your personal data into a form on some random web site (people really need to learn to start looking at URLs, they are dead giveaways for a phishing attack). If you don't think this is important, remember, you are likely the last line of defense for a disruptive and often costly Ransomware attack. It's Not Just You, Either Highwaystarz-Photography / Getty Images I’ve explained this scenario in articles, speeches, on TV, and in living rooms and kitchens. I beg people to be smarter and to think before they click, fill in, and share dangerous links on social media. Banks and the IRS keep telling us that they won’t send us emails with clickable links (the IRS prefers snail mail), but do we listen? To be fair, hackers usually succeed with the most vulnerable: the elderly. Unlike their digital native grandchildren, they grew up without technology and have trouble recognizing the difference between legitimate requests and attacks. Even when they try to get their digital homes in order, hackers are waiting to fool them, offering system repairs that steal their funds and cause more harm than good. Being a good tech citizen is not just about protecting yourself, it’s about looking out for the most vulnerable among us. When your aunt, grandfather or friend asks for your tech help, do what you can, or at least point them in the right direction (I know a good site 😉). Without you, they will end up in the wrong place, asking the wrong person for the wrong help. Lately, we’ve spent a lot of time decrying social media and video platforms for letting us down, harming our children and playing fast and loose with our data. These are all valid criticisms. But that doesn’t mean we can ignore our own cybersecurity responsibilities. The systems are complex and require common sense and vigilance. Just ask JPL.