Stolen NASA Laptop Had Space Station Control Code

astroengine writes "NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station, the agency's inspector general told Congress Wednesday. According to his statement (PDF), 'These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.'"

Set your controls

[Anonymous Coward]

to the heart of the first post!

Re:

[Anonymous Coward]

Careful with that downmod, Eugene.

Re:Set your controls

[forkfail]

To most folks, that reference will make about as much sense as someone typing ummagumma.

Re:

[ibutsu]

Most folks aren't worth paying attention to.

Re:

[tunapez]

ahhh, sounds like several species of small furry animals gathering in a cave with a pict
 
on lsd
 
that is all

Re:

[tunapez]

'gathered together in a cave and grooving with a pict'

damn!

Re:Set your controls to whoosh

[TheInternetGuy]

That makes perfect sense, ummagumma (ãã¾ãã¾ã or é¦çS) means bearhorse in Japanese.

Re:

[TheInternetGuy]

That would have been funnier if Slashdot would have supported Unicode in posts. Oh well, live and learn ... . (and then forget).

Re:

[silverspell]

Careful with that downmod, Eugene.

Yes, one of these days our fearless mods will learn not to meddle. Me, I remember a day when things were different -- and it would be so nice if we could let there be more light humor and, well, free-for-all (when you're in the mood, anyway), and have fewer people burning bridges wherever they go. I'm just biding my time until then.

Re:

[Anonymous Coward]

And relaxing in San Tropez...

Cue HAL 9000...

[Okomokochoko]

Coming soon to the ISS: "I'm afraid I can't do that, Dave."

Re:

[Anonymous Coward]

All your space are belong to us

Meh, just some source code

[ShooterNeo]

I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level language).

And, whatever system we are talking about : ventilation, communications, power, water recycling : you can safely bet that the way NASA designed it is TOTALLY unsuitable for commercial use. It probably uses the most expensive possible parts, made by hand, for crucial components of the systems.

Re:

[Samantha Wright]

I believe you're missing the "evil supervillain holding the world for ransom by manipulating bugs" part. In 5,408 security breaches, surely someone found the password? And has a target in mind that they'd like to drop a space station on?

Re:

[geekoid]

But do they have the technology to implement the control codes?

I can have them all on my computer right now, and I couldn't really do squat with them.

And good luck hitting anything smaller then Australia with it. The thing entry orbit would change radically as parts fell off in unpredictable ways..

Re:

[Rich0]

I doubt the space station has sufficient propulsion to actually de-orbit. Plus, it de-orbits on its own anyway due to drag - it needs re-boosts to keep it up there, from spacecraft.

You probably could put it into a spin and burn up all the propellant, making it almost impossible to recover. Maybe you could even get it to fly apart that way. However, a controlled de-orbit is likely not possible except over the course of years.

Re:

[Andy Dodd]

Yeah... Wonderful how the article makes it sounds like this was some horrible loss when, in fact, it was code that is likely nearly worthless to anyone outside of NASA.

The worst impact of a lot of government source code leaks is likely to be embarassment - "That system is THAT primitive?" or "How the hell is this thing actually usable?"

Re:

[V!NCENT]

The simpler and more 'primative' the better. And it's codes; not source code.

So what I'd do is the most 'primative' and effective thing there is; unhook the reciever from any actuators and unhook the neutral stuff, attached to actuators (except transmittors), from any actuators too.

Let some gifted minds go at a interim system for a week and send a technician with the interim device to the ISS. After that only the most basic stuff should be handled for interim survival of the station and the crew.

While the i

Re:Meh, just some source code

[v1]

I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever.

Reuse of the code is probably not what they're worried about. Give any sufficiently large amount of code to a group of skilled hackers and they are very likely to find a few exploitable bugs. It's just a matter of playing against the odds in the long run. They may discover a few buffer overflows in obscure places, and after a lot of research, find a way to turn one of them into a privilege escalation via a very complex sequence of steps. And further find a way to abuse that, all the way up to something genuinely dangerous remotely. Systems of this complexity and review typically are only compromised by using a combination of different bugs to "chain" in from the front door to the kernel, and starts with a deep knowledge of the system, and that's exactly what they have now.

Anyone that thinks any large, complex chunk of code is 100% bug-free is delusional. There was a story here on /. recently about a kernel escalation bug that had been committed for years without anyone noticing it, despite all the kernel hackers and that "many eyes make for shallow bugs" theory. Look at all the review that code had over the years.

Re:Meh, just some source code

[ColdWetDog]

So they're going to find an alien fighter in the bowels of Area 51, fly it up to the ISS and upload a virus?

Sounds like the plot of a dumb science fiction movie.

Re:

[steelfood]

This is why you decentralize and compartmentalize. The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human. Validation that the communication was properly passed on can happen using a passive third system that only accepts input and does not send output.

Centralization and consolidation are cost-savings measures. They g

Re:

[CohibaVancouver]

The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human.

Just like The Old Man's Battlestar!

Re:

[ShooterNeo]

The catch is, what happens if the astronauts become incapacitated or are forced to abandon the station without flipping a switch to put the station on to remote ground control? More than likely, there is a way for the station on the ground to remotely broadcast commands to control the crucial systems on the station. (the power systems and all of the rocket engines, as well as perhaps cooling and life support)

Re:

[lightknight]

That depends. There are a number of things you can do with it, as highlighted by others earlier. Probably even more useful than controlling a satellite.

Had I access to the thing, and were I in a particularly dark mood (complete with super villain costume), I'd try to calculate some re-entry trajectories that would put the thing somewhere where people would care, with a quiet fax to NASA asking for more "ammunition."

I mean, it would probably take a super-computer to calculate the re-entry to the point where

Let me explain something to you!

[Anonymous Coward]

YOu see, hackers could get a hold of that code and design a worm and virus around it. Then, by uplinking to a satellite and hacking into the ISS' control systems from that, they could implant the virus and take over the ISS. Then from there, they order the ISS to fire its thrusters and crash into the Whitehouse. BUT, it will be stopped because Chris Pine, after getting his ass kicked by oen of the Russian astronauts, will get up there and stop it with some clever out witting of the astronauts.

So, don't you

Re:

[tlhIngan]

I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level languag

Re:

[Concerned Onlooker]

Nice try, but I think everyone here has latched onto the "source code" idea. Knowing the opcodes are very, very different indeed.

So?

[Thanshin]

It's a physical object so, if there was no consequence before they discovered the theft, there won't be one after.

Unless that control code allowed the user to manipulate the space station and hide the manipulation, which would be kind of retarded on NASA's side.

Stop using the LCARS Operating System

[jfalcon]

Seriously, what do you expect for security when a 8 year old can "override the security protocols" at a whim? The engineers who designed that system need to get bitch slapped - repeatedly.

Ah,,,

[Extremus]

Now I can be all the time under a good shade during the summer.

Algorithm != control

[mbone]

This doesn't sound like much of an actual threat. If you can't physically access the machine, what good does having its "algorithms" do you ? What, is Elon Musk going to carry this up to the ISS on the Dragon and take over the air handling system ?

Re:

[jfalcon]

It could mean the Command and Control authentication for remote administration of the station. I'm sure there are SATCOM pirates who would love to screw with the attitude controls of something like the space station.

Hmmm...

[wbr1]

This laptop I bought on craigslist with the JPL asset tag and wallpaper is starting to look interesting.
What is this "Plumbing Subroutines" folder? And why does ZoneAlarm have it allowed to connect to ISS.nasa.gov?
Whoops... [space.com]

Re:

[MartinSchou]

Could be worse. Could be MUCH worse [youtube.com].

So what if space aliens stole it?

[oakgrove]

What if space aliens stole it as part of their nefarious plot of taking it over and killing us all? Just a thought. Too bad nuclear bombs are banned in space or we could just nuke it in orbit. You know, just to be sure.

Re:

[Macrat]

Too bad nuclear bombs are banned in space....

That we know of...

Re:

[cellocgw]

That we know of...>

Oh, they're banned all right. That just didn't stop MLB from putting them up in their spy satellites.

Re:

[youn]

I believe to aliens that got here all the way from the blahtopian galaxy, the ISS looks like an expensive space dumpster with technology so 1000 years ago... I would not worry about them :)... If they did anything to the ISS control code, they would probably improve it and maybe we could use the station to finally go to mars - with all due respect to Nasa engineers, which after all have built a huge house in freaking space.... the only thing I launch into space is ugly farts... to be fair, people need space

Two words: interstellar aerobatics!

[theoriginalturtle]

This could be spectacular! Tossing water droplets around in zero-G pales in comparison to getting that thing twirling like a baton at a Texas halftime show...

Big Bang

[Laser_47]

Somehow, I think Wolowitz is responsible....

Re:

[Kozar_The_Malignant]

No, Wolowitz only has the toilet control codes.

So what?

[Hentes]

Why are the control algorithms of the ISS so secret?

Re:

[NoNonAlphaCharsHere]

Because someone could use them to override the security protocols, obviously.

Re:

[Hentes]

Only if they rely on security through obscurity.

Another of the thousand grains of sand

[Anonymous Coward]

http://www.strategypage.com/htmw/htintel/articles/20061110.aspx

Just like how they targeted the US's nuclear weapons research programs for the previous couple decades, they are now targeting NASA and aerospace contractors as they build up their own space program. Hell, this theft probably just gave them a good head start on the control systems for their own private space station.

God forbid someone hacks 40 year old tech

[alen]

seriously, how old is the tech in the space station? i bet my iphone is faster than most of the computers on there

Re:God forbid someone hacks 40 year old tech

[steelfood]

Bet your iPhone would have trouble surivivng a class M flare too.

Not a phone

[xded]

Do you realize that space stations are not sold in stores? And do you realize that you do not want to hack one to jailbreak it, but to potentially gater intelligence or hold it to ransom?

Re:

[mlts]

Instead of the handcuffs, why not take the humble BitLocker functionality with a TPM chip available in business line laptops, desktops, and servers, and add a smart card reader to that for a CAC.

Then, when the laptop boots up, it asks for the CAC, the passphrase for that, and boots up. No authorized public key, the laptop won't boot.

PGP Whole Disk Encryption had this functionality with cryptographic tokens like Safenet's eTokens. This way, a thief would have to not just steal the laptop, but steal the tok

Re:

[postbigbang]

Realistically, like managers of the big banks, the NASA employee in charge of the laptop will go unpunished.

Using Citrix or VMware or Microsoft or other kvm solutions aren't as secure as you might think. Yes, their transports can be pretty tough to crack, but that's after the initial authentication process, which still has those messy humans involved.

One of those messy humans, irresponsible, allowed the machine to be lost. This particular human ought to be waiting without bond on Rikers Island, awaiting arr

Re:

[ndege]

I wish I could mod this comment +5

Oh Great!

[Kozar_The_Malignant]

Now we'll have to deal with Dr. Evil running the place.

What's the worst that could happen?

[viperidaenz]

Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!

Re:

[Maow]

Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!

Then the RIAA & MPIA bring their full influence to bear on the US Government and next thing we all know, it's WWIII.

Yes, IP violations *are* the worse thing in the whole history of forevar .

At least according to the current way of thinking in some parts...

Re:

[cashman73]

CPE-1704-TKS? Let's play global thermonuclear war.

It's coming through, now.

[cstacy]

You've got to learn WHY things work on an international space station...

Laptop Encryption?

[gravis777]

All I can say is, big deal. So what, they lost a few laptops. The laptops were most likely encrypted - seriously, every govenrment agency and contractor for years has been encrypting laptops. Even if they used a weak encryption scheme, when the thief realized they were encrypted, he probably just formatted the harddrive, installed a bootlegged OS, and sold it on ebay. I think the bigger issue is here that NASA needs to teach their employees to take better care of their laptops - this probably cost NASA a wh