International Space Station Infected With Malware Carried By Russian Astronauts 226
DavidGilbert99 writes "Nowhere is safe. Even in the cold expanse of space, computer malware manages to find a way. According to Russian security expert Eugene Kaspersky, the SCADA systems on board the International Space Station have been infected by malware which was carried into space on USB sticks by Russian astronauts."
Oh, the irony... (Score:5, Funny)
Skynet transported into space by sneakernet.
Re:Oh, the irony... (Score:5, Interesting)
Skynet transported into space by sneakernet.
More seriously... those SCADA systems control life support. That's a problem if you're one of those types of people that would rather go on sucking nitrogen/oxygen mixtures instead of vaccum up there. Now, I'm pretty sure that unlike in the movies there's no computer control that lets them just vent all the atmosphere into space in a few seconds, but if those systems were programmed to damage the ISS, it might force it to be abandoned. That would be bad.. especially if it de-orbited suddenly. That's a very, very big thing to be coming down to Earth, and it wouldn't break apart in a tight pattern either.
Re: (Score:3)
That's a problem if you're one of those types of people that would rather go on sucking nitrogen/oxygen mixtures instead of vaccum up there.
Okay that's going to cause some confusion, because in Soviet Russia, vacuum sucks you.
Re:Oh, the irony... (Score:4, Funny)
Okay that's going to cause some confusion, because in Soviet Russia, vacuum sucks you.
That's nothing. In Soviet America internet browses you! And apparently Soviet Britain too, given the post earlier today. :\
Re: (Score:2)
That seals it...I'm moving to Soviet Russia!
Re: (Score:2)
Re: (Score:2)
More seriously... those SCADA systems control life support.
The actual critical systems on ISS are heavily custom, up to and including using participants' own CPU designs (ESA's Leon is powering the redundant DMS-R computers, I believe). I'm not sure how you would go about "randomly" infecting such a system.
Re:Oh, the irony... (Score:4, Insightful)
Re: (Score:3)
Re: (Score:3)
Stuxnet was delivered to Iran by slipping it onto the equipment of the Russian contractors building the nuclear plant.
Gauss was discovered in Lebanon and appears to have been built with the same toolkit, not reverse-engineered, suggesting the Israelis were responsible for its release. The other known variant, Flame, is also not found anywhere near Russia [wired.com], and was also cut from the same cloth and targeted at Iran.
And, moreover, Kaspersky said it was Stuxnet [timesofisrael.com], with (I'm pretty sure but don't have the time to w
Re:Oh, the irony... (Score:5, Informative)
Not subtle enough. All you really need to do is drop the O2 Concentration by 2-3 percent while allowing CO2 to increase. Astronauts then make mistake that
Stop. Please. There are independently-alarmed sensors on the ISS in each compartment that check oxygen and Co2 levels, and there are emergency scrubbers present. All they need to do is go to the storage compartment, pull out the cylinder, twist, and let it float there. It will, via chemical reaction, eat up several days worth of Co2. And these people are given oxygen-deprivation training prior to assignment; They're professionals. They will realize the problem even without all those safeguards.
The risk is not to the people, the risk is to the equipment -- those SCADA systems control much of the automated systems on board, including thrusters that control yaw, roll, solar panel angles, etc. If you fuck with those, you could, say, twist up the solar panels like a cork and snap lines. You could disable the stabilization gyros and send the thing into a spin. Or you could just disable them at a key moment and allow the ISS to hit space debris -- it needs to adjusts its orbit on an irregular basis for just this reason. Even just tilting it so it's broadside with the sun and then disabling everything would be enough to bring it down in a few months if control couldn't be re-established... difficult if the thrusters were set to a mode where they burn fuel off as fast as possible at opposing points across the central axis, for example.
No country down here has the ability to rapidly build, assemble, transport, and launch, required repair supplies in time to salvage it if someone were to do this. The ISS would de-orbit. But the risk to the astronauts lives? Low. Risk of damage to property on the ground? Middleish; The world still is mostly ocean afterall.
Re:Oh, the irony... (Score:5, Funny)
Wait, are you saying that a computer virus can't stop lithium hydroxide from chemically absorbing CO2?
What a shitty virus.
Re: (Score:2)
Wait, are you saying that a computer virus can't stop lithium hydroxide from chemically absorbing CO2? What a shitty virus.
No, but I can write one that hacks the SCADA systems into overvolting multiple systems and starting dozens of fires in the ISS, creating a choking, venomous fume that forces everyone into the escape pod and ejects... and then deorbit the damn thing into the nearest populated continent.
That's the concern here. It's not the lives up there we're worried about. It's the ones down here if someone decides to turn the ISS into a few hundred tons of flaming death from the sky... though it's more likely it would sim
Re:Oh, the irony... (Score:5, Insightful)
The ISS is nothing more than a thinly veiled weapons platform cloaked as a space station. Rods from God is the ultimate weapon, inflicting nuclear scale devastation without the pesky fallout. Within our lifetimes expect to see an attack launched and the USA will claim that they had no part in it, when in reality they will be the instigating party with plausible deniability.
Why would the Rods from God [popsci.com] project require a manned platform? Especially an international crew that would be likely to discover the device and report it back to their own respective countries?
Re:Oh, the irony... (Score:5, Funny)
Sure, go and inject reason and logic to a perfectly good paranoid rant. I hope you're proud of yourself.
Re: (Score:2)
You *DO* know Iron Sky was just a movie, right ?
http://www.imdb.com/title/tt1034314/?ref_=fn_al_tt_1 [imdb.com]
Re: Oh, the irony... (Score:4, Insightful)
Re: Oh, the irony... (Score:4, Informative)
It's the Fulton's Folly argument. They laughed at Fulton, and he was proven correct. They're laughing at me, therefore I will be proven to be correct.
The people who make this argument don't seem to understand the basic flaw. Or, they hope their listeners won't.
Re: Oh, the irony... (Score:5, Insightful)
Re: (Score:2)
Skynet transported into space by sneakernet.
That would be spacesuitbootnet, right? I found sneakers difficult to pressurize.
Re:Oh, the irony... (Score:5, Informative)
Really, how do you know that? The article doesn't identify the malware.
Kaspersky compares the situation to the Stuxnet virus where even without internet access, malware can infect systems but he has no apparent knowledge of the actual virus(s) that are on ISS.
[John]
Re:Oh, the irony... (Score:4, Funny)
"...where even without internet access, malware can infect systems..."
What a preposterous thought! There is absolutely no way a virus could spread to other computers without ... The Internet!
Linux... (Score:5, Insightful)
What system is not open to infection...
Re:Linux... (Score:5, Insightful)
To geeks it sounds like an uninformed attack on linux's security, but I think what the author means to say is "these are not proprietary custom-designed systems, but are based on a common Earthly operating system and thus may have known vulnerabilities."
Re:Linux... (Score:5, Insightful)
If the author of the comments were as unbiased as you it might indeed mean that.
However, he makes money telling Windows users they will be safe if they remember to pay him their fees. Not the same protection racket from the Linux crowd so I'm sure he's pleased to take any swipe he can.
Re:Linux... (Score:5, Informative)
If the author of the comments were as unbiased as you it might indeed mean that.
However, he makes money telling Windows users they will be safe if they remember to pay him their fees. Not the same protection racket from the Linux crowd so I'm sure he's pleased to take any swipe he can.
Very good point. And if the ISS was running Windows for Spaceships and got infected, it wouldn't even be news.
Re: (Score:3)
I can hear them calling tech support already... "Have you tried turning it off and on again?"
Re: (Score:2, Funny)
Re: (Score:2)
Re:Linux... (Score:5, Insightful)
Re: (Score:2)
The difference between Linux and Windows is, it takes a hacker to break into Linux. Any snot-nosed script kiddie can do Windows. The one thing I got from TFA is, the space station was never configured for security. It seems to be ASSumed that anyone arriving onboard is cleared to use the computers, and there is nothing to defend against. Oh well - no system can be secure when idiots run them!
Re: (Score:3)
Unfortunately, those same snot-nosed kiddies can do Linux too providing they're able to use a search engine.
Re: (Score:3)
In space, no one can hear you sudo.
Re:Linux... (Score:5, Interesting)
My question instead is "What linux system automounts usb drives without the noexec flag", or "how on hell did whatever program get executed by the onboard systems". Did the malware reside on some personal device and exploited some remote weakness on the systems which i guess give network access to get the much needed email and lolcat pic of the day?
But I'm too lazy for TFA so I'll pass with a "meh".
Re:Linux... (Score:5, Informative)
There is a whole class of vulnerabilities related to maliciously crafted filesystem structures. You necessarily don't need to execute or open any files, you just need to try to mount it.
There is another class of vulnerabilities related to the preview feature of some Linux file managers. So you don't even need to open any non-executable files to be vulnerable either.
And then there if of course standard buffer overflows when opening non-executable files.
Re: (Score:3)
Re: (Score:2)
Wasn't there a privilege escalation bug in the usb filessystem code in the Linux kernel a few years ago? If it's in space now, it's probably running a 5-10 year old kernel at best, with that vulnerability still there.
I'm sure. And that is just passive attacks based on the filesystem data itself. Now imagine if the flash drive contained active circuitry that could send arbitrary data over the USB bus. That means you could target any driver available to the kernel which contained an exploit.
Re: (Score:2)
Yes, but all of these vulnerabilities should be patched in later revisions or used by a zero-day, which can happen to any OS. The article seemed (to me at least) hinting at a linux-specific way of doing things wrong.
Re: (Score:2)
Or the fact that only a complete moron would have the C&C computers on the same network as user computers. and what idiot is trying to edit his files on the C&C systems?
Viruses cant magically jump a real airgap, no they cant no matter what some recent fiction passed off as real wants it to exist. So all ofthis is wild speculation on the part of a guy trying to scare people into buying his products.
Re: (Score:2)
mounting /noexec can help protect dumb users from themselves but won't help against a virus, since nothing as stupid as Autorun exists in Linux (I'm sure Canonical will take that as a challenge). Once the virus is running its unauthorized code somehow (on Linux the only attacks are basically against graphical file browsers), /noexec is barely a speedbump.
Re:Linux... (Score:5, Informative)
But I'm too lazy for TFA
Don't bother, it's garbage. Linux has nothing to do with it, it isn't affecting C&C (NASA says it's simply a nuisance) and TFA got every single thing wrong. It's a worm, not a virus. They don't know how it got there, there are both Linux and Windows laptops up there and NASA says they have to check all the Windows (not Linux since it's a Windows worm) laptops for it.
From now on I'm checking closer before voting stories up. Any story posted by DavidGilbert99 gets downvoted by me. David Gilbert, article author and submitter, is a troll. ibTimes should fire him, that article is pure unadulterated bullshit, see here. [space.com]
Re:Linux... (Score:5, Insightful)
The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.
Re:Linux... (Score:5, Informative)
TFA was bad, I read it. I wish I'd read it before I voted in the firehose :(
Sorry, guys. That one line "As these systems are based on Linux, they are open to infection" discredits the author and the rest of the article. Since Windows viruses like the Stuxnet virus they say infected the station, Linux has nothing to do with it.
Wondering if it even happened I googled. space.com: [space.com]
It has nothing to do with Linux, TFA is either a troll or an MS shill. The submitter should be ashamed of himself for submitting such a piss-poor article (and I'm ashamed I voted before reading). TFA linked in the summary is garbage. It didn't even get the damned virus right. There are far better accounts, including the one I linked above.
Re: (Score:2)
It's more than that: Kaspersky is a self-promoter. Where else has this information been disclosed? Anywhere?
Re: (Score:2)
Re: (Score:2)
That article is the worst piece of shit on the internet, everything except the fact that the ISS was infected contradicts what space.com and everyone else says, including that Linux bullshit. The entire article was made up, including SCADA being infected and that the Russians brought it up there. It infected Windows laptops, Not the SDADA, it's a minor nuisance and it isn't the first time [wired.com] there were viruses on the ISS.
Don't believe everything you read, kids. Check different sources. Gilbert's story is ficti
Re:Linux... (Score:5, Insightful)
there are two problems with this http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org] according to wikipedia stuxnet was to be self deleting in 2012 but is mentioned in TFA, and stuxnet doesn't affect linux systems at all. also the space station only uses linux for their laptops. so TFA is very poorly written and with no fact checking. scada is not based on linux either it is windows based so tfa is way off base. http://en.wikipedia.org/wiki/SCADA [wikipedia.org]
Re: (Score:3)
scada is not based on linux either it is windows based so tfa is way off base. http://en.wikipedia.org/wiki/SCADA [wikipedia.org]
Uh, what? SCADA (supervisory control and data acquisition) is a type of system, not a particular software package that's specific to an OS. Saying that "scada is not based on linux" [sic] makes about as much sense as saying that word processors are not based on Linux, since in both cases we're talking about a class of programs, rather than a specific one. Just because the SCADA systems that Stuxnet attacked were on Windows does not by any means suggest that there are not Linux SCADA systems out there, becau
Re: (Score:2)
From the article As these systems are based on Linux, they are open to infection.
What system is not open to infection...
Probably as opposed to the old NASA Space Shuttles which, at least I'd heard, really really old 70s/80s tech instead of modern computer systems.
Re:Linux... (Score:5, Informative)
Strange, Stuxnet is a Windows program*.
The worm consists of a layered attack against three different systems:
The Windows operating system,
Siemens PCS 7, WinCC and STEP7 industrial software applications that run on Windows and
One or more Siemens S7 PLCs.
Perhaps ISS is running Wine, or there was an error in translation? Not saying Linux is impenetrable, just pointing out the facts (at least as I know them).
[*] - http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org]
Re: (Score:3)
Strange, Stuxnet is a Windows program
The article was fiction, made up out of whole cloth. I googled, and what David Gilbert says contradicts Wired and Space.com on every detail. It not only isn't stuxnet, it isn't a virus; it's the W32.Gammima.AG worm, a worm that steals credentials for online games. It isn't the ISS's first infection and it's only a nuisance.
Re: (Score:2)
It actually seemed like he was comparing the connectivity of ISS and the Iran Nuclear Facilities. I don't think he knew what virus/malware was actually on ISS.
"See, just like the Iranians, air gap doesn't mean you can't be infected."
[John]
Re:Linux... (Score:5, Informative)
http://www.extremetech.com/extreme/155392-international-space-station-switches-from-windows-to-linux-for-improved-reliability [extremetech.com]
Re: (Score:2)
This story is factually incorrect and refers to an incident a number of years ago.
It isn't "factually incorrect," It's fiction. The only thing they got right was the fact there there was an infection (a Windows worm, not a Linux virus) and it wasn't the first time. A lot of laptops up there run Windows and that's what was infected.
The article's author, who submitted the fictitious story, is an anti-Linux troll who has submitted (spammed) a lot of articles to slashdot and made exactly three comments since he
Re: (Score:2)
The Lunar Lander was 100% virus proof.
In fact run your software directly on the iron and you can make it virus proof, the OS is your attack vector. If you eliminate the OS then you dont have the problem.
I dont see arduinos getting viruses.
In space.... (Score:5, Funny)
They say that in space nobody can hear you scream, but I'll bet they can hear you curse. #$%@#$%!!! MALWARE!!!!
Effects of zero gravity on congruent hemispheres (Score:2)
Re: (Score:3)
In space, nobody can hear you fap...
Re: (Score:2)
Awesome! (Score:5, Funny)
I can't be the first guy to read this today and go, "Seriously? We infected computers on the ISS? That's freakin' awesome."
Re:Awesome! (Score:5, Funny)
We?
Re: (Score:3)
We?
You are to disavow that previous post, Citizen. Cooperation is mandatory. Thank you for your cooperation.
Re: (Score:2)
I think the GP's in trouble... they probably tasered him and dragged him away already.
WTF? (Score:5, Interesting)
I use Kapersky and while I like the product I don't necessarily like this comment:
The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.
So even on the ISS there's no concept of an air gap when it comes to SCADA systems? I realize there's monitoring and management required but there are tools and policies for dealing with that but shit, what is being eluded to is that the Russian Astronauts gerfinkerpoked around with a USB thumb drive and now we have an F*d up multi-billion dollar, multi-ton object in orbit possibly out of control? I think that's a disservice to Russian Astronauts (Cosmonauts) everywhere.
All systems can have vulnerabilities but if the systems onboard the ISS have been compromised by trojans, malware, viruses etc. I think the Linux community needs
to be made aware of the vulnerabilities so that these issues can be addressed and code fixed. Not that ol Kaspersky here needs to make a but right, but if they're not inherently part of Linux and are just stupid admin pet tricks, then that needs to be brought to public attention so that the ISS partners can address their IT problem. Playing coy and providing anecdotal commentary on "infections" and "bad things happened at a Nuclear plant" only mean that there are still vulnerabilities and bad practices that need to be addressed. I mean it's not like we wouldn't have that happen here in the US, say on a major Website, right? [foxnews.com]
On the other hand Microsoft should be smiling right now since it was announced that the ISS was going all Linux just this year. [redorbit.com] Maybe it was because the Astronauts couldn't find the Start Menu?
Re: (Score:2)
Relax, the story's bullshit. It's a Windows worm that infected Windows laptops and NASA says is a "minor nuisance." Windows worms don't affect *nix and Kaspersky didn't say that, TFA's bullshitting author (the anti-Linux troll/MS shill who submitted the story) did.
Re:WTF? (Score:4, Funny)
Re: (Score:2)
Huh? I... I don't know that. Auuuuuuuugh!
Re: (Score:2)
I think the principle of isolation still applies. Not all devices on the ISS are equally critical. I'm sure the Astronauts watch TV and listen to music. The systems that handle that don't need to be able to talk to those that control the thrusters.
Defense in depth just makes sense when reliability is critical.
A Victory for Mass Consumerism! (Score:2)
Re:A Victory for Mass Consumerism! (Score:4, Funny)
Sure they can *order* stuff, it's just the *delivery* charges are out of this world.
Re: (Score:2)
Now even those in space can order male enhancement drugs
I don't think Karen Nyberg [wikipedia.org] would have much use for those...
Study (Score:3)
It's just part of an ongoing study [theonion.com].
Effect of zero gravity on malware? (Score:2)
And yet (Score:2)
And yet everyone is ignoring the possibility that aliens planted the malware. Interesting.
Re: (Score:2)
Well, even though NASA says they don't know how it got there and the FA's author and submitter is a lying sack of shit, TF fictitious A says it was Russians. Russians are aliens, aren't they? I mean, unless you live in Russia?
The article says cosmonauts with USB stick... (Score:5, Funny)
Re: (Score:2)
Root access? (Score:5, Insightful)
Re: (Score:2)
It's a Windows worm that infected laptops and has nothing to do with Linux, the story's author who submitted it made the whole thing up. Every other site contradicts everything he says.
Infosec Professionals on the ISS (Score:2)
Air gap (Score:3)
Not the first infection (Score:5, Interesting)
While I was digging around to try and find out what SCADA systems the ISS uses (which I never found), I did find this: international-space-station-switches-from-windows-to-linux-for-improved-reliability [extremetech.com] which has:
in 2008, a Russian cosmonaut brought a laptop aboard with the W32.Gammima.AG worm, which quickly spread to the other laptops on board. Switching to Linux will essentially immunize the ISS against future infections.
Bad info in article (Score:2)
From TFA:
Stuxnet never spread via the internet. It spread via USB only and then only up to 3 infections before it removed itself from the USB stick.
Anyone has the real facts? (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3)
Yes, I contacted JSC PAO and they unequivocally said that there are no "virus epidemics" on the ISS. There is no current outbreak of anything, stuxnet or otherwise. Kaspersky's comments weren't about an ongoing event—rather, they are off-the-cuff unsourced remarks that could refer to any number of past incidents [theregister.co.uk].
Next time they will probably listen (Score:2)
I specifically told them NOT to put a floppy disk drive in there (although I wasn't really thinking of the Russians at the time).
So... Space Porn? (Score:2, Funny)
So... Space Porn?
Uh What? Who's minding the store here? (Score:2)
First, the reporter that wrote this article obviously doesn't understand the difference between Linux and Windows. Stuxnet is decidedly a *windows* issue and is not going to be a problem for a Linux SCADA system.
Second, Who in their right mind lets a rouge USB stick even onto the station, much less inserted, mounted and code executed from it? I don't care if it's Linux, windows or anything else, you simply do not allow unknown USB devices to get mounted without at least doing some kind of scan before you
Re: (Score:3)
Ban all rouge USB devices by policy
And ban the blue, silver, purple, grey, and every other damn color too!
Re: (Score:2)
Damn spell check...
The malwar was uncovered when... (Score:3)
The malware was uncovered when the astronauts started getting pop-up ads about girls within the area wanting to hook up.
http://xkcd.com/713/ [xkcd.com]
Hints of a lost era (Score:2)
The Russian said this example shows that not being connected to the internet does not prevent you from being infected.
As any G20 attendees receiving a malware infested Russian USB stick would attest.
For those of us alive before most had even heard of "Internet" viruses then had no problem running rampant thought the world often by sneaker net, BBS or by private networks with no outside connectivity.
What is strange to me everything is so scripted astronauts often end up being more or less robots executing procedures from manuals or commanded to do so from ground.
The second part of the puzzle you would think everything goi
The languages used (Score:3)
Kaspersky said that half of all criminal malware was written in Chinese, with a third written in Spanish or Portuguese.
I didn't notice Microsoft introducing Visual Chinese++, nor did I notice a GNU Spanish Compiler.
Terrible Atricle, read with care (Score:5, Insightful)
First it spends a paragraph or two indicating that some unknown computer on ISS got a virus. That would probably be one of the Windows laptops used by the crew for personal email, general browsing, etc and NOT a mission critical part of the station itself. Those have gotten viruses before and probably will again. The mission critical systems never have.
Then they went into the weeds spending a short segment talking about an unnamed system at an unnamed nuclear plant getting infected with stuxnet. For all we know it was the solitaire and minesweeper PC in the break room. From there they talk about government development of stuxnet and blah blah blah nothing to do with ISS, and so on.
Re: (Score:3)
How the fuck does that even happen?
Probably Vladimir downloaded some videos on his stick for the lonely hours. Staring at the stars makes you crave for other stars you know. The rest is history...
Re: (Score:2)
Some knucklehead did not turn off the autoplay for CDs and USBs. It's as simple as that.
Re: (Score:2)
The same way your own population might eventually pick up an engineered virus you released into an enemy population as a bioweapon, but with computers.
Re: (Score:3)
WHY DOES half the population of the world ruins shit and hold the other half back? (half being just an arbitrary number)
because 90% of anything is crap. count yourself lucky that it's only 50%
Re: (Score:2)
the truth is they weren't being lazy about patching it, they just didn't want to have to close the backdoor and only finally patched when the guys who found it went "full disclosure" on their ass
Distinct from laziness... how?
They were reluctant to do the work, right? Sounds like laziness to me.
Or are you saying Oracle had an interest in 'actively leaving holes in', as it were?