Forgot your password?
typodupeerror
ISS NASA Security Space

Stolen NASA Laptop Had Space Station Control Code 79

Posted by Soulskill
from the a-bit-more-serious-than-an-iphone-prototype dept.
astroengine writes "NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station, the agency's inspector general told Congress Wednesday. According to his statement (PDF), 'These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.'"
This discussion has been archived. No new comments can be posted.

Stolen NASA Laptop Had Space Station Control Code

Comments Filter:
  • by ShooterNeo (555040) on Thursday March 01, 2012 @01:27PM (#39210847)

    I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level language).

    And, whatever system we are talking about : ventilation, communications, power, water recycling : you can safely bet that the way NASA designed it is TOTALLY unsuitable for commercial use. It probably uses the most expensive possible parts, made by hand, for crucial components of the systems.

  • by v1 (525388) on Thursday March 01, 2012 @01:38PM (#39211029) Homepage Journal

    I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever.

    Reuse of the code is probably not what they're worried about. Give any sufficiently large amount of code to a group of skilled hackers and they are very likely to find a few exploitable bugs. It's just a matter of playing against the odds in the long run. They may discover a few buffer overflows in obscure places, and after a lot of research, find a way to turn one of them into a privilege escalation via a very complex sequence of steps. And further find a way to abuse that, all the way up to something genuinely dangerous remotely. Systems of this complexity and review typically are only compromised by using a combination of different bugs to "chain" in from the front door to the kernel, and starts with a deep knowledge of the system, and that's exactly what they have now.

    Anyone that thinks any large, complex chunk of code is 100% bug-free is delusional. There was a story here on /. recently about a kernel escalation bug that had been committed for years without anyone noticing it, despite all the kernel hackers and that "many eyes make for shallow bugs" theory. Look at all the review that code had over the years.

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Working...