Forgot your password?
typodupeerror
Space ISS Security

International Space Station Infected With Malware Carried By Russian Astronauts 226

Posted by samzenpus
from the click-here-if-you-want-air dept.
DavidGilbert99 writes "Nowhere is safe. Even in the cold expanse of space, computer malware manages to find a way. According to Russian security expert Eugene Kaspersky, the SCADA systems on board the International Space Station have been infected by malware which was carried into space on USB sticks by Russian astronauts."
This discussion has been archived. No new comments can be posted.

International Space Station Infected With Malware Carried By Russian Astronauts

Comments Filter:
  • by nospam007 (722110) * on Monday November 11, 2013 @12:09PM (#45391691)

    Skynet transported into space by sneakernet.

    • Re:Oh, the irony... (Score:5, Interesting)

      by girlintraining (1395911) on Monday November 11, 2013 @12:47PM (#45392075)

      Skynet transported into space by sneakernet.

      More seriously... those SCADA systems control life support. That's a problem if you're one of those types of people that would rather go on sucking nitrogen/oxygen mixtures instead of vaccum up there. Now, I'm pretty sure that unlike in the movies there's no computer control that lets them just vent all the atmosphere into space in a few seconds, but if those systems were programmed to damage the ISS, it might force it to be abandoned. That would be bad.. especially if it de-orbited suddenly. That's a very, very big thing to be coming down to Earth, and it wouldn't break apart in a tight pattern either.

      • That's a problem if you're one of those types of people that would rather go on sucking nitrogen/oxygen mixtures instead of vaccum up there.

        Okay that's going to cause some confusion, because in Soviet Russia, vacuum sucks you.

      • More seriously... those SCADA systems control life support.

        The actual critical systems on ISS are heavily custom, up to and including using participants' own CPU designs (ESA's Leon is powering the redundant DMS-R computers, I believe). I'm not sure how you would go about "randomly" infecting such a system.

      • by Samantha Wright (1324923) on Monday November 11, 2013 @03:38PM (#45393659) Homepage Journal
        When you see "Russian", "USB key", "malware" and "SCADA" in a sentence you should automatically think Stuxnet, which TFA talks about at length. Stuxnet, happily, only attacks centrifuges, and is generally very sophisticated about staying out of the way. The chances of any complications happening spontaneously are somewhere between "Hollywood movie plot" and "political promise."
    • Skynet transported into space by sneakernet.

      That would be spacesuitbootnet, right? I found sneakers difficult to pressurize.

  • Linux... (Score:5, Insightful)

    by ZiakII (829432) on Monday November 11, 2013 @12:11PM (#45391701)
    From the article As these systems are based on Linux, they are open to infection.

    What system is not open to infection...
    • Re:Linux... (Score:5, Insightful)

      by dukeblue219 (212029) <dukeblue219@aol.COWcom minus herbivore> on Monday November 11, 2013 @12:16PM (#45391753) Homepage

      To geeks it sounds like an uninformed attack on linux's security, but I think what the author means to say is "these are not proprietary custom-designed systems, but are based on a common Earthly operating system and thus may have known vulnerabilities."

      • Re:Linux... (Score:5, Insightful)

        by freezin fat guy (713417) on Monday November 11, 2013 @12:34PM (#45391941)

        If the author of the comments were as unbiased as you it might indeed mean that.

        However, he makes money telling Windows users they will be safe if they remember to pay him their fees. Not the same protection racket from the Linux crowd so I'm sure he's pleased to take any swipe he can.

        • Re:Linux... (Score:5, Informative)

          by roc97007 (608802) on Monday November 11, 2013 @02:14PM (#45392983) Journal

          If the author of the comments were as unbiased as you it might indeed mean that.

          However, he makes money telling Windows users they will be safe if they remember to pay him their fees. Not the same protection racket from the Linux crowd so I'm sure he's pleased to take any swipe he can.

          Very good point. And if the ISS was running Windows for Spaceships and got infected, it wouldn't even be news.

          • I can hear them calling tech support already... "Have you tried turning it off and on again?"

    • Re: (Score:2, Funny)

      by Anonymous Coward
      A Commodore 64.
    • Re:Linux... (Score:5, Insightful)

      by UnknowingFool (672806) on Monday November 11, 2013 @12:23PM (#45391819)
      I took that as either a lack of knowledge or bias. In the next few paragraphs they talk about Stuxner which was a Windows worm. Linux is by no means perfectly secure. Nothing is. I would take the track record of Linux over Windows any day.
      • The difference between Linux and Windows is, it takes a hacker to break into Linux. Any snot-nosed script kiddie can do Windows. The one thing I got from TFA is, the space station was never configured for security. It seems to be ASSumed that anyone arriving onboard is cleared to use the computers, and there is nothing to defend against. Oh well - no system can be secure when idiots run them!

        • it takes a hacker to break into Linux. Any snot-nosed script kiddie can do Windows.

          Unfortunately, those same snot-nosed kiddies can do Linux too providing they're able to use a search engine.
        • by Lumpy (12016)

          In space, no one can hear you sudo.

    • Re:Linux... (Score:5, Interesting)

      by marcello_dl (667940) on Monday November 11, 2013 @12:24PM (#45391825) Homepage Journal

      My question instead is "What linux system automounts usb drives without the noexec flag", or "how on hell did whatever program get executed by the onboard systems". Did the malware reside on some personal device and exploited some remote weakness on the systems which i guess give network access to get the much needed email and lolcat pic of the day?

      But I'm too lazy for TFA so I'll pass with a "meh".

      • Re:Linux... (Score:5, Informative)

        by thue (121682) on Monday November 11, 2013 @12:39PM (#45392007) Homepage

        There is a whole class of vulnerabilities related to maliciously crafted filesystem structures. You necessarily don't need to execute or open any files, you just need to try to mount it.

        There is another class of vulnerabilities related to the preview feature of some Linux file managers. So you don't even need to open any non-executable files to be vulnerable either.

        And then there if of course standard buffer overflows when opening non-executable files.

        • Wasn't there a privilege escalation bug in the usb filessystem code in the Linux kernel a few years ago? If it's in space now, it's probably running a 5-10 year old kernel at best, with that vulnerability still there.
          • by Rich0 (548339)

            Wasn't there a privilege escalation bug in the usb filessystem code in the Linux kernel a few years ago? If it's in space now, it's probably running a 5-10 year old kernel at best, with that vulnerability still there.

            I'm sure. And that is just passive attacks based on the filesystem data itself. Now imagine if the flash drive contained active circuitry that could send arbitrary data over the USB bus. That means you could target any driver available to the kernel which contained an exploit.

        • Yes, but all of these vulnerabilities should be patched in later revisions or used by a zero-day, which can happen to any OS. The article seemed (to me at least) hinting at a linux-specific way of doing things wrong.

        • by Lumpy (12016)

          Or the fact that only a complete moron would have the C&C computers on the same network as user computers. and what idiot is trying to edit his files on the C&C systems?

          Viruses cant magically jump a real airgap, no they cant no matter what some recent fiction passed off as real wants it to exist. So all ofthis is wild speculation on the part of a guy trying to scare people into buying his products.

      • mounting /noexec can help protect dumb users from themselves but won't help against a virus, since nothing as stupid as Autorun exists in Linux (I'm sure Canonical will take that as a challenge). Once the virus is running its unauthorized code somehow (on Linux the only attacks are basically against graphical file browsers), /noexec is barely a speedbump.

      • Re:Linux... (Score:5, Informative)

        by mcgrew (92797) * on Monday November 11, 2013 @02:03PM (#45392873) Homepage Journal

        But I'm too lazy for TFA

        Don't bother, it's garbage. Linux has nothing to do with it, it isn't affecting C&C (NASA says it's simply a nuisance) and TFA got every single thing wrong. It's a worm, not a virus. They don't know how it got there, there are both Linux and Windows laptops up there and NASA says they have to check all the Windows (not Linux since it's a Windows worm) laptops for it.

        From now on I'm checking closer before voting stories up. Any story posted by DavidGilbert99 gets downvoted by me. David Gilbert, article author and submitter, is a troll. ibTimes should fire him, that article is pure unadulterated bullshit, see here. [space.com]

    • Re:Linux... (Score:5, Insightful)

      by Skiron (735617) on Monday November 11, 2013 @12:29PM (#45391875) Homepage
      Yes, WTF is that all about? Sounds to me like a MS wedge of money went to the reporter to sneak that in [quote below]

      The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.
      • Re:Linux... (Score:5, Informative)

        by mcgrew (92797) * on Monday November 11, 2013 @01:42PM (#45392619) Homepage Journal

        TFA was bad, I read it. I wish I'd read it before I voted in the firehose :(

        Sorry, guys. That one line "As these systems are based on Linux, they are open to infection" discredits the author and the rest of the article. Since Windows viruses like the Stuxnet virus they say infected the station, Linux has nothing to do with it.

        Wondering if it even happened I googled. space.com: [space.com]

        A virus designed to swipe passwords from online gamers has inexplicably popped up in some laptop computers aboard the International Space Station.

        The low-risk virus was detected on July 25, but did not infect the space station?s command and control computers and poses no threat to the orbiting laboratory, NASA officials said.

        ?This is basically a nuisance,? NASA spokesperson Kelly Humphries told SPACE.com from the agency?s Johnson Space Center in Houston

        According to a NASA planning document obtained by SPACE.com, the virus was identified as W32.Gammima.AG. The California-based retail anti-virus software manufacturer Symantec describes it as a Windows-based worm which spreads by copying itself onto removable media.

        It has nothing to do with Linux, TFA is either a troll or an MS shill. The submitter should be ashamed of himself for submitting such a piss-poor article (and I'm ashamed I voted before reading). TFA linked in the summary is garbage. It didn't even get the damned virus right. There are far better accounts, including the one I linked above.

        • It's more than that: Kaspersky is a self-promoter. Where else has this information been disclosed? Anywhere?

          • by melikamp (631205)
            Kaspersky is not just a self-promoter, he is a scam artist: he is selling a closed source "security" solution for an operating system which is pre-rooted by its manufacturer. Everything that comes out of his mouth is meant to increase FUD about the actual security solutions, which are based on free and open source software, and so provide security for the user, as opposed to the software producer.
      • by mcgrew (92797) *

        That article is the worst piece of shit on the internet, everything except the fact that the ISS was infected contradicts what space.com and everyone else says, including that Linux bullshit. The entire article was made up, including SCADA being infected and that the Russians brought it up there. It infected Windows laptops, Not the SDADA, it's a minor nuisance and it isn't the first time [wired.com] there were viruses on the ISS.

        Don't believe everything you read, kids. Check different sources. Gilbert's story is ficti

    • Re:Linux... (Score:5, Insightful)

      by kesuki (321456) on Monday November 11, 2013 @12:30PM (#45391891) Journal

      there are two problems with this http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org] according to wikipedia stuxnet was to be self deleting in 2012 but is mentioned in TFA, and stuxnet doesn't affect linux systems at all. also the space station only uses linux for their laptops. so TFA is very poorly written and with no fact checking. scada is not based on linux either it is windows based so tfa is way off base. http://en.wikipedia.org/wiki/SCADA [wikipedia.org]

      • scada is not based on linux either it is windows based so tfa is way off base. http://en.wikipedia.org/wiki/SCADA [wikipedia.org]

        Uh, what? SCADA (supervisory control and data acquisition) is a type of system, not a particular software package that's specific to an OS. Saying that "scada is not based on linux" [sic] makes about as much sense as saying that word processors are not based on Linux, since in both cases we're talking about a class of programs, rather than a specific one. Just because the SCADA systems that Stuxnet attacked were on Windows does not by any means suggest that there are not Linux SCADA systems out there, becau

    • From the article As these systems are based on Linux, they are open to infection.

      What system is not open to infection...

      Probably as opposed to the old NASA Space Shuttles which, at least I'd heard, really really old 70s/80s tech instead of modern computer systems.

    • Re:Linux... (Score:5, Informative)

      by sl4shd0rk (755837) on Monday November 11, 2013 @12:41PM (#45392027)

      Strange, Stuxnet is a Windows program*.

      The worm consists of a layered attack against three different systems:
              The Windows operating system,
              Siemens PCS 7, WinCC and STEP7 industrial software applications that run on Windows and
              One or more Siemens S7 PLCs.

      Perhaps ISS is running Wine, or there was an error in translation? Not saying Linux is impenetrable, just pointing out the facts (at least as I know them).

      [*] - http://en.wikipedia.org/wiki/Stuxnet [wikipedia.org]

      • by mcgrew (92797) *

        Strange, Stuxnet is a Windows program

        The article was fiction, made up out of whole cloth. I googled, and what David Gilbert says contradicts Wired and Space.com on every detail. It not only isn't stuxnet, it isn't a virus; it's the W32.Gammima.AG worm, a worm that steals credentials for online games. It isn't the ISS's first infection and it's only a nuisance.

      • by Bigbutt (65939)

        It actually seemed like he was comparing the connectivity of ISS and the Iran Nuclear Facilities. I don't think he knew what virus/malware was actually on ISS.

        "See, just like the Iranians, air gap doesn't mean you can't be infected."

        [John]

    • Re:Linux... (Score:5, Informative)

      by echusarcana (832151) on Monday November 11, 2013 @01:08PM (#45392237)
      This story is factually incorrect and refers to an incident a number of years ago. At the time of the infection, the system was running Windows XP.

      http://www.extremetech.com/extreme/155392-international-space-station-switches-from-windows-to-linux-for-improved-reliability [extremetech.com]

      • by mcgrew (92797) *

        This story is factually incorrect and refers to an incident a number of years ago.

        It isn't "factually incorrect," It's fiction. The only thing they got right was the fact there there was an infection (a Windows worm, not a Linux virus) and it wasn't the first time. A lot of laptops up there run Windows and that's what was infected.

        The article's author, who submitted the fictitious story, is an anti-Linux troll who has submitted (spammed) a lot of articles to slashdot and made exactly three comments since he

    • by Lumpy (12016)

      The Lunar Lander was 100% virus proof.
      In fact run your software directly on the iron and you can make it virus proof, the OS is your attack vector. If you eliminate the OS then you dont have the problem.
      I dont see arduinos getting viruses.

  • by cold fjord (826450) on Monday November 11, 2013 @12:12PM (#45391719)

    They say that in space nobody can hear you scream, but I'll bet they can hear you curse. #$%@#$%!!! MALWARE!!!!

  • Even astronauts need porn in space.
  • Awesome! (Score:5, Funny)

    by mythosaz (572040) on Monday November 11, 2013 @12:21PM (#45391809)

    I can't be the first guy to read this today and go, "Seriously? We infected computers on the ISS? That's freakin' awesome."

  • WTF? (Score:5, Interesting)

    by Virtucon (127420) on Monday November 11, 2013 @12:23PM (#45391815)

    I use Kapersky and while I like the product I don't necessarily like this comment:

    The reason is that the space station uses computer-controlled SCADA systems in order to manage various physical components of the satellite. As these systems are based on Linux, they are open to infection.

    So even on the ISS there's no concept of an air gap when it comes to SCADA systems? I realize there's monitoring and management required but there are tools and policies for dealing with that but shit, what is being eluded to is that the Russian Astronauts gerfinkerpoked around with a USB thumb drive and now we have an F*d up multi-billion dollar, multi-ton object in orbit possibly out of control? I think that's a disservice to Russian Astronauts (Cosmonauts) everywhere.

    All systems can have vulnerabilities but if the systems onboard the ISS have been compromised by trojans, malware, viruses etc. I think the Linux community needs
    to be made aware of the vulnerabilities so that these issues can be addressed and code fixed. Not that ol Kaspersky here needs to make a but right, but if they're not inherently part of Linux and are just stupid admin pet tricks, then that needs to be brought to public attention so that the ISS partners can address their IT problem. Playing coy and providing anecdotal commentary on "infections" and "bad things happened at a Nuclear plant" only mean that there are still vulnerabilities and bad practices that need to be addressed. I mean it's not like we wouldn't have that happen here in the US, say on a major Website, right? [foxnews.com]

    On the other hand Microsoft should be smiling right now since it was announced that the ISS was going all Linux just this year. [redorbit.com] Maybe it was because the Astronauts couldn't find the Start Menu?

    • by mcgrew (92797) *

      Relax, the story's bullshit. It's a Windows worm that infected Windows laptops and NASA says is a "minor nuisance." Windows worms don't affect *nix and Kaspersky didn't say that, TFA's bullshitting author (the anti-Linux troll/MS shill who submitted the story) did.

  • Now even those in space can order male enhancement drugs and refinance their space houses with ease!
  • by tobiasly (524456) on Monday November 11, 2013 @12:31PM (#45391907) Homepage

    It's just part of an ongoing study [theonion.com].

  • And yet everyone is ignoring the possibility that aliens planted the malware. Interesting.

    • by mcgrew (92797) *

      Well, even though NASA says they don't know how it got there and the FA's author and submitter is a lying sack of shit, TF fictitious A says it was Russians. Russians are aliens, aren't they? I mean, unless you live in Russia?

  • by clickety6 (141178) on Monday November 11, 2013 @12:36PM (#45391969)
    ... I say Hiller and Levinson with an Apple Macintosh Powerbook 5300!
  • Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.
    Hudson: Fuckin' A!
  • Root access? (Score:5, Insightful)

    by Whammy666 (589169) on Monday November 11, 2013 @12:40PM (#45392011) Homepage
    So who's idea was it to to allow a foreign USB stick to get plugged into a ISS system with root access? This seems like a major security protocol problem rather than a weakness of Linux.
    • by mcgrew (92797) *

      It's a Windows worm that infected laptops and has nothing to do with Linux, the story's author who submitted it made the whole thing up. Every other site contradicts everything he says.

  • I for one, volunteer my services as the on-site information security professional for diagnosis, cleanup, and protection. Space Suit Up!
  • by evil_aaronm (671521) on Monday November 11, 2013 @12:53PM (#45392123)
    That's a hell of an air gap to cross.
  • by OzPeter (195038) on Monday November 11, 2013 @12:54PM (#45392131)

    While I was digging around to try and find out what SCADA systems the ISS uses (which I never found), I did find this: international-space-station-switches-from-windows-to-linux-for-improved-reliability [extremetech.com] which has:

    in 2008, a Russian cosmonaut brought a laptop aboard with the W32.Gammima.AG worm, which quickly spread to the other laptops on board. Switching to Linux will essentially immunize the ISS against future infections.

  • From TFA:

    Stuxnet only became known to the public when an employee of the Natanz facility took an infected work laptop home and connected to the internet, with the malware quickly spreading around the globe infecting millions of PCs.

    Stuxnet never spread via the internet. It spread via USB only and then only up to 3 infections before it removed itself from the USB stick.

  • by dutchwhizzman (817898) on Monday November 11, 2013 @01:03PM (#45392203)
    Since TFA is obviously a load of bollocks, it'd be nice if someone would get us actual facts. Does NASA have anything to mention about this yet?
    • Carefully reading TFA, leads me to believe that Kasperski never said that ISS got infected with stuxnet, or that he implied that this infection was a recent event. It could very well be that he is referring to the original infection in 2009 or so that lead to the windows systems being replaced with linux. This still means that TFA is a load of bullocks and that the journalist writing it is bad at fact checking and biased as hell.
    • by willith (218835)

      Yes, I contacted JSC PAO and they unequivocally said that there are no "virus epidemics" on the ISS. There is no current outbreak of anything, stuxnet or otherwise. Kaspersky's comments weren't about an ongoing event—rather, they are off-the-cuff unsourced remarks that could refer to any number of past incidents [theregister.co.uk].

  • I specifically told them NOT to put a floppy disk drive in there (although I wasn't really thinking of the Russians at the time).

  • by Anonymous Coward

    So... Space Porn?

  • First, the reporter that wrote this article obviously doesn't understand the difference between Linux and Windows. Stuxnet is decidedly a *windows* issue and is not going to be a problem for a Linux SCADA system.

    Second, Who in their right mind lets a rouge USB stick even onto the station, much less inserted, mounted and code executed from it? I don't care if it's Linux, windows or anything else, you simply do not allow unknown USB devices to get mounted without at least doing some kind of scan before you

  • by madhatter256 (443326) on Monday November 11, 2013 @01:46PM (#45392667)

    The malware was uncovered when the astronauts started getting pop-up ads about girls within the area wanting to hook up.

    http://xkcd.com/713/ [xkcd.com]

  • The Russian said this example shows that not being connected to the internet does not prevent you from being infected.

    As any G20 attendees receiving a malware infested Russian USB stick would attest.

    For those of us alive before most had even heard of "Internet" viruses then had no problem running rampant thought the world often by sneaker net, BBS or by private networks with no outside connectivity.

    What is strange to me everything is so scripted astronauts often end up being more or less robots executing procedures from manuals or commanded to do so from ground.

    The second part of the puzzle you would think everything goi

  • by K. S. Kyosuke (729550) on Monday November 11, 2013 @03:02PM (#45393375)

    Kaspersky said that half of all criminal malware was written in Chinese, with a third written in Spanish or Portuguese.

    I didn't notice Microsoft introducing Visual Chinese++, nor did I notice a GNU Spanish Compiler.

  • by sjames (1099) on Monday November 11, 2013 @03:13PM (#45393479) Homepage

    First it spends a paragraph or two indicating that some unknown computer on ISS got a virus. That would probably be one of the Windows laptops used by the crew for personal email, general browsing, etc and NOT a mission critical part of the station itself. Those have gotten viruses before and probably will again. The mission critical systems never have.

    Then they went into the weeds spending a short segment talking about an unnamed system at an unnamed nuclear plant getting infected with stuxnet. For all we know it was the solitaire and minesweeper PC in the break room. From there they talk about government development of stuxnet and blah blah blah nothing to do with ISS, and so on.

The only function of economic forecasting is to make astrology look respectable. -- John Kenneth Galbraith

Working...