Forgot your password?
typodupeerror
ISS NASA Security Space

Stolen NASA Laptop Had Space Station Control Code 79

Posted by Soulskill
from the a-bit-more-serious-than-an-iphone-prototype dept.
astroengine writes "NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station, the agency's inspector general told Congress Wednesday. According to his statement (PDF), 'These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.'"
This discussion has been archived. No new comments can be posted.

Stolen NASA Laptop Had Space Station Control Code

Comments Filter:
  • by Anonymous Coward on Thursday March 01, 2012 @01:21PM (#39210751)
    to the heart of the first post!
  • by Okomokochoko (1490679) on Thursday March 01, 2012 @01:24PM (#39210791)
    Coming soon to the ISS: "I'm afraid I can't do that, Dave."
    • by Anonymous Coward

      All your space are belong to us

  • by ShooterNeo (555040) on Thursday March 01, 2012 @01:27PM (#39210847)

    I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level language).

    And, whatever system we are talking about : ventilation, communications, power, water recycling : you can safely bet that the way NASA designed it is TOTALLY unsuitable for commercial use. It probably uses the most expensive possible parts, made by hand, for crucial components of the systems.

    • I believe you're missing the "evil supervillain holding the world for ransom by manipulating bugs" part. In 5,408 security breaches, surely someone found the password? And has a target in mind that they'd like to drop a space station on?
      • by geekoid (135745)

        But do they have the technology to implement the control codes?

        I can have them all on my computer right now, and I couldn't really do squat with them.

        And good luck hitting anything smaller then Australia with it. The thing entry orbit would change radically as parts fell off in unpredictable ways..

        • by Rich0 (548339)

          I doubt the space station has sufficient propulsion to actually de-orbit. Plus, it de-orbits on its own anyway due to drag - it needs re-boosts to keep it up there, from spacecraft.

          You probably could put it into a spin and burn up all the propellant, making it almost impossible to recover. Maybe you could even get it to fly apart that way. However, a controlled de-orbit is likely not possible except over the course of years.

    • by Andy Dodd (701)

      Yeah... Wonderful how the article makes it sounds like this was some horrible loss when, in fact, it was code that is likely nearly worthless to anyone outside of NASA.

      The worst impact of a lot of government source code leaks is likely to be embarassment - "That system is THAT primitive?" or "How the hell is this thing actually usable?"

      • by V!NCENT (1105021)

        The simpler and more 'primative' the better. And it's codes; not source code.

        So what I'd do is the most 'primative' and effective thing there is; unhook the reciever from any actuators and unhook the neutral stuff, attached to actuators (except transmittors), from any actuators too.

        Let some gifted minds go at a interim system for a week and send a technician with the interim device to the ISS. After that only the most basic stuff should be handled for interim survival of the station and the crew.

        While the i

    • by v1 (525388) on Thursday March 01, 2012 @01:38PM (#39211029) Homepage Journal

      I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever.

      Reuse of the code is probably not what they're worried about. Give any sufficiently large amount of code to a group of skilled hackers and they are very likely to find a few exploitable bugs. It's just a matter of playing against the odds in the long run. They may discover a few buffer overflows in obscure places, and after a lot of research, find a way to turn one of them into a privilege escalation via a very complex sequence of steps. And further find a way to abuse that, all the way up to something genuinely dangerous remotely. Systems of this complexity and review typically are only compromised by using a combination of different bugs to "chain" in from the front door to the kernel, and starts with a deep knowledge of the system, and that's exactly what they have now.

      Anyone that thinks any large, complex chunk of code is 100% bug-free is delusional. There was a story here on /. recently about a kernel escalation bug that had been committed for years without anyone noticing it, despite all the kernel hackers and that "many eyes make for shallow bugs" theory. Look at all the review that code had over the years.

      • by ColdWetDog (752185) on Thursday March 01, 2012 @01:52PM (#39211261) Homepage

        So they're going to find an alien fighter in the bowels of Area 51, fly it up to the ISS and upload a virus?

        Sounds like the plot of a dumb science fiction movie.

      • by steelfood (895457)

        This is why you decentralize and compartmentalize. The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human. Validation that the communication was properly passed on can happen using a passive third system that only accepts input and does not send output.

        Centralization and consolidation are cost-savings measures. They g

        • The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human.

          Just like The Old Man's Battlestar!

        • The catch is, what happens if the astronauts become incapacitated or are forced to abandon the station without flipping a switch to put the station on to remote ground control? More than likely, there is a way for the station on the ground to remotely broadcast commands to control the crucial systems on the station. (the power systems and all of the rocket engines, as well as perhaps cooling and life support)

    • by Anonymous Coward

      YOu see, hackers could get a hold of that code and design a worm and virus around it. Then, by uplinking to a satellite and hacking into the ISS' control systems from that, they could implant the virus and take over the ISS. Then from there, they order the ISS to fire its thrusters and crash into the Whitehouse. BUT, it will be stopped because Chris Pine, after getting his ass kicked by oen of the Russian astronauts, will get up there and stop it with some clever out witting of the astronauts.

      So, don't you

    • by tlhIngan (30335)

      I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level languag

  • by Thanshin (1188877)

    It's a physical object so, if there was no consequence before they discovered the theft, there won't be one after.

    Unless that control code allowed the user to manipulate the space station and hide the manipulation, which would be kind of retarded on NASA's side.

  • Seriously, what do you expect for security when a 8 year old can "override the security protocols" at a whim? The engineers who designed that system need to get bitch slapped - repeatedly.
  • by Extremus (1043274) on Thursday March 01, 2012 @01:29PM (#39210887)

    Now I can be all the time under a good shade during the summer.

  • by mbone (558574) on Thursday March 01, 2012 @01:30PM (#39210913)

    This doesn't sound like much of an actual threat. If you can't physically access the machine, what good does having its "algorithms" do you ? What, is Elon Musk going to carry this up to the ISS on the Dragon and take over the air handling system ?

    • Re: (Score:3, Funny)

      by jfalcon (163956)
      It could mean the Command and Control authentication for remote administration of the station. I'm sure there are SATCOM pirates who would love to screw with the attitude controls of something like the space station.
  • Hmmm... (Score:5, Funny)

    by wbr1 (2538558) on Thursday March 01, 2012 @01:34PM (#39210969)
    This laptop I bought on craigslist with the JPL asset tag and wallpaper is starting to look interesting.
    What is this "Plumbing Subroutines" folder? And why does ZoneAlarm have it allowed to connect to ISS.nasa.gov?
    Whoops... [space.com]
  • by oakgrove (845019) on Thursday March 01, 2012 @01:35PM (#39210985)
    What if space aliens stole it as part of their nefarious plot of taking it over and killing us all? Just a thought. Too bad nuclear bombs are banned in space or we could just nuke it in orbit. You know, just to be sure.
    • by Macrat (638047)

      Too bad nuclear bombs are banned in space....

      That we know of...

      • by cellocgw (617879)

        That we know of...>

        Oh, they're banned all right. That just didn't stop MLB from putting them up in their spy satellites.

    • by youn (1516637)

      I believe to aliens that got here all the way from the blahtopian galaxy, the ISS looks like an expensive space dumpster with technology so 1000 years ago... I would not worry about them :)... If they did anything to the ISS control code, they would probably improve it and maybe we could use the station to finally go to mars - with all due respect to Nasa engineers, which after all have built a huge house in freaking space.... the only thing I launch into space is ugly farts... to be fair, people need space

  • This could be spectacular! Tossing water droplets around in zero-G pales in comparison to getting that thing twirling like a baton at a Texas halftime show...

  • Somehow, I think Wolowitz is responsible....

  • Why are the control algorithms of the ISS so secret?

  • by Anonymous Coward

    http://www.strategypage.com/htmw/htintel/articles/20061110.aspx

    Just like how they targeted the US's nuclear weapons research programs for the previous couple decades, they are now targeting NASA and aerospace contractors as they build up their own space program. Hell, this theft probably just gave them a good head start on the control systems for their own private space station.

  • by alen (225700) on Thursday March 01, 2012 @02:11PM (#39211587)

    seriously, how old is the tech in the space station? i bet my iphone is faster than most of the computers on there

  • Now we'll have to deal with Dr. Evil running the place.
  • by viperidaenz (2515578) on Thursday March 01, 2012 @02:44PM (#39212099)
    Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!
    • by Maow (620678)

      Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!

      Then the RIAA & MPIA bring their full influence to bear on the US Government and next thing we all know, it's WWIII.

      Yes, IP violations *are* the worse thing in the whole history of forevar .

      At least according to the current way of thinking in some parts...

  • You've got to learn WHY things work on an international space station...
  • All I can say is, big deal. So what, they lost a few laptops. The laptops were most likely encrypted - seriously, every govenrment agency and contractor for years has been encrypting laptops. Even if they used a weak encryption scheme, when the thief realized they were encrypted, he probably just formatted the harddrive, installed a bootlegged OS, and sold it on ebay. I think the bigger issue is here that NASA needs to teach their employees to take better care of their laptops - this probably cost NASA a wh

"One Architecture, One OS" also translates as "One Egg, One Basket".

Working...