• United States




A worm on the space station

Aug 29, 20084 mins
Data and Information SecuritySecurity

A malware outbreak on the International Space Station doesn't boost our confidence in NASA I.T. procedures

I’m not making this up. A computer worm has been found on some astronaut’s laptop on the International Space Station, and NASA says it isn’t the first time malware has infected one of their space missions!

The news has been covered by the international press, technology blogs, space Web sites, and mass-market technology magazines, among many others.

The worm, known as Gammima or Taterf, was discovered last July, and is a generic password-stealing trojan. NASA spokespeople want to reassure us that the trojan didn’t access any mission data, disrupt any missions, or do anything we should be worried about. Besides, it’s happened before.

I don’t know where to start. Hey, maybe I can’t completely trust the spokesperson of the organization that allowed malware to spread in space. There seems to be a long-term change control issue. How is malware getting anywhere near the International Space Station? Even if the detected malware didn’t access any systems’ critical data or harm a mission, how are we to know that other, more devious malware hasn’t been installed, used, and then silently removed without a trace? The answer is, we and they, can’t give that assurance.

It’s like recovering a lost or stolen laptop and then claiming that none of the data was accessed. You can’t guarantee that. You can determine that the data was accessed, but you can’t do the reverse. In the stolen laptop scenario, who’s to say the attacker didn’t open up the laptop, remove its hard drive, clone it, and put it back in?

And NASA is telling us to relax; that it’s happened before. Boy, they don’t know when to leave out additional information that just makes the problem even worse.

We have no way of knowing whether malicious intruders copied sensitive data or accessed sensitive systems. Let’s even suppose that bad hackers never got to the space station’s critical systems. Maybe they only stayed on the astronaut’s personal laptop, which perhaps only has the astronauts’ e-mail, personal data, and (I’m on a pure speculation run here), maybe some scientific experiment data?

Even supposing that I as an evil doer couldn’t access critical systems, I can still learn a lot of information and cause a lot of harm. First, no matter how much I’m told that the astronaut’s laptop didn’t contain critical systems information, there is almost always sensitive information leakage between the secure and non-secure systems, especially with the controls that seem to be in place in this scenario.

If I can only get access to the astronaut’s personal data, can I maybe kidnap a loved one and put pressure on the astronaut to do something he or she otherwise wouldn’t? This may sound crazy, but we’ve got real astronauts driving in diapers across the country to perform kidnappings, so I’m not out of the realm of possibility. I can transfer money out of their bank accounts or maybe transfer large sums of money into it, causing the astronaut to come under a veil of suspicion.

Or maybe I learn their e-mail address and the e-mail addresses they frequently correspond with, and at an opportune time I send out bogus e-mails to all the involved parties putting into play a technical scenario not condoned by the NASA command center. Or I massage their scientific data in such a way that NASA ends up spending billions of dollars in a futile effort.

Readers, let’s have fun with this. Give me your best doomsday scenarios. Don’t make up scenarios that have the space station plummeting from orbit and crashing into the Earth’s atmosphere. We’ve all already thought of that one. Be more creative.

I shouldn’t be throwing stones when I live in a glass house. All humans are imperfect and certainly, in the computer field, that axiom is reaffirmed on a daily basis. This column is more of a humorous poke at the powers that be because of the unexpected location of this malware. I mean no harm and I love space exploration. But if NASA wants to make me feel more comfortable with the malware situation, tell me that some new controls are being put in place to prevent future occurrences. Tell me something besides how it isn’t really a problem and we all should relax.

Realistically, if no real harm was done, it was only because the controlling hackers didn’t know about the assets they had. Imagine what could have happened if they did know what they had infected? And I’m guessing that our enemies might see a new opportunity opening up here, so I hope new, better, controls are in place.


Roger A. Grimes is a contributing editor. Roger holds more than 40 computer certifications and has authored ten books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. He specializes in protecting host computers from hackers and malware, and consults to companies from the Fortune 100 to small businesses. A frequent industry speaker and educator, Roger currently works for KnowBe4 as the Data-Driven Defense Evangelist and is the author of Cryptography Apocalypse.

More from this author