
International Space Station Infected With USB Stick Malware - fn
http://www.ibtimes.co.uk/articles/521246/20131111/international-space-station-infected-malware-russian-astronaut.htm
======
jccooper
ISS had a documented infection from W32.Gammima.AG worm in 2008 from the
Russian segment, back when they were running Windows.

[http://www.extremetech.com/extreme/155392-international-
spac...](http://www.extremetech.com/extreme/155392-international-space-
station-switches-from-windows-to-linux-for-improved-reliability)

Kaspersky never specifically claims a recent or Stuxnet infection of the ISS,
just of a power plant, so he's probably referring to the above as an example
of air gap not being enough to prevent attacks.

The commercial laptops (originally running Win98, then NT, then XP, now moving
to Debian 6) are used for normal computing and interfacing with segment
control. The segment computers (60+) which actually run the station are
heterogeneous and bespoke aerospace-heritage hardware and software. The
Russian side and American side especially are very different and almost
entirely independent. Pretty darn sure there's no Siemens systems running up
there, so Stuxnet wouldn't be a problem.

The embedded systems are probably not all that hardened, but they are not
widely-distributed (to say the least) and are hard to get to, so it would be
awful hard to target them. Possible, but mostly through attacking the
developers on the ground, I should think.

------
cs702
As almost everyone reading this knows, software is going to "eat the world"
\-- to quote Marc Andreessen.[1]

The corollary to that prediction: wherever one finds software, one will also
find bugs and malware.

So, bugs and malware everywhere -- in our phones, TVs, ovens, vehicles,
factories... and space stations.

\--

[1]
[http://online.wsj.com/news/articles/SB1000142405311190348090...](http://online.wsj.com/news/articles/SB10001424053111903480904576512250915629460)

~~~
astrodust
This is not unlike how where there's biological life, there's parasites and
viruses.

~~~
Florin_Andrei
Moreover, everything has evolved to the point where we can't live without some
"parasites" \- see gut bacteria.

Perhaps some sort of a similar homeostasis will also be reached by software.

~~~
kbenson
Sure, I can see a few ways of this happening:

1) A virus provides some additional benefit. For example, if a virus' first
stage acts as a sort of installer and pulls in some additional libraries for
use, at some point of public infection rate there's a pretty good chance those
libraries are available to anyone targeting programming for those systems.
This becomes more feasible if AV cleaned the infectious and malicious portion
while leaving libraries. Imagine, every system has libpcap one it...

2) Viruses start opening previously locked down portions of the OS to achieve
their goals, and developers start taking advantage of these opening to extract
more value for what they provide (in fact, being somewhat malicious
themselves). This is already the case to some small degree with browser
exploits. Keygen utilities that install malware seem to fit this somewhat.

This all presupposes a much more computer integrated and yet less computer
aware society, which is where I think we are heading. More and more items have
integrated computers and operating systems, yet we are much less aware of when
this is the case (of course certain groups, such HN regulars, are more likely
to be a aware of these items).

Edit: Here's a sample scenario for you: You turn on your new computer and
attempt to use it to watch videos on your favorite site, but it doesn't work.
You try again tomorrow and it does. What happened is that between then and
now, a virus has infected your system and installed a hacked divx codec and
made some changes in your browser to redirect you to some specific sites
often. The author gets information about your system far beyond what is
normally allowed, and you get access to videos as you normally did (possibly
illegally).

~~~
meowface
It seems illogical to discuss possible benefits of real malware.

I work as a malware and enterprise security analyst, and I can certainly see
no current or future benefits to malware. I think the "cons" of them
harvesting your email, banking, and social networking credentials, abusing
your system resources to spam and DoS, and siphoning important information
from your hard drive to a remote server certainly outweigh any incidental
benefits that may occur.

~~~
kbenson
Of course. I made no argument towards it being beneficial, just scenarios in
which we could _possibly_ come to a homeostatic situation with malware, and as
I note it assumes a fairly different software ecology than today. Imagine a
world more in the vein of classic Neal Stephenson or Charles Stross as a
prerequisite, if that helps.

Edit: s/Stephens/Stephenson/, + classic

------
darklajid
Warning:

This link auto-plays a video with sound enabled for me (about Snowden, in the
upper right corner, totally unrelated to the fine article about the ISS).

~~~
ajre
And the page also pops up a giant like button every few minutes.

~~~
wrongc0ntinent
[https://web.archive.org/web/20131111162541/http://www.ibtime...](https://web.archive.org/web/20131111162541/http://www.ibtimes.co.uk/articles/521246/20131111/international-
space-station-infected-malware-russian-astronaut.htm)

This doesn't do either.

------
dinosaurs
"As these systems are based on Linux, they are open to infection."

Edit: This part seems to have been removed.

~~~
tmerr
I don't see what the fuss is all about. They are open to infection. They're
built on linux, rather than an entirely custom system. So they're vulnerable
to existing malware floating around.

~~~
jlgreco
Custom systems would also be "open to infection". It just probably wouldn't be
very likely.

It is very difficult to not read a strong implication into that line. If
nothing else, then the line is useless and states nothing at all.

------
leephillips
Now that's an air gap.

~~~
tcdent
Is it technically 'air' when it's that far out?

~~~
zymhan
Well, there's still the atmosphere between us.

------
gcb0
<quote>Expensive

Kaspersky told the Press Club that creating malware like Stuxnet, Gauss, Flame
and Red October is a highly complex process which would cost up to $10 million
to develop.</quote>

really, 10mi to disable one strategic facility (or maybe N facilities) is
expensive? that is probably the cost of a dozen smart bombs. And you can use
the digital counterpart much more stealthily.

Sounds like a bargain.

------
kylemaxwell
>Kaspersky revealed that Russian astronauts carried a removable device into
space which infected systems on the space station. He did not elaborate on the
impact of the infection on operations of the International Space Station
(ISS).

>Kaspersky said he had been told that from time to time there were "virus
epidemics" on the station.

Given the total lack of supporting evidence here, I'm going to stick a big ol'
[citation needed] sticker on this.

~~~
DanBC
It's not controversial. A tiny bit of web searching would have turned up
reliable sources. here's one from a while ago.
[http://www.zdnet.com/blog/security/malware-detected-at-
the-i...](http://www.zdnet.com/blog/security/malware-detected-at-the-
international-space-station/1806)

It's even been on HN before.

[https://news.ycombinator.com/item?id=5770145](https://news.ycombinator.com/item?id=5770145)

EDIT: Sorry! This is really grumpy.

~~~
kylemaxwell
Thanks for the references (and no worries on the "grumpiness" :) ) but I still
don't think this qualifies as an "epidemic", to use Kaspersky's wording.

------
mullingitover
s/'these systems are based on Linux'/'attackers have physical access'/g

------
markeganfuller
Hasn't this news already been released? I'm sure I recall seeing it somewhere
before? Or has it happened yet again?

~~~
ChuckMcM
Yes, I was thinking perhaps this was trying to get the Kaspersky name out
there in front of people when they are renewing their anti-virus packages.
Since a lot of students end up with computers at Chrismtas time, it seems
there is a renewal hump at the same time. It seems to correlate with people
who make such systems trying to get into the press about how aware/good/active
they are. It looks like a great example of a self organizing system :-)

------
callesgg
[http://en.wikipedia.org/wiki/Stuxnet](http://en.wikipedia.org/wiki/Stuxnet)
Seams to me that Stuxnet infects Windows and SCADA (wich i guees might be
linux powered, not that it matters ).

~~~
dz0ny
scada controller (runs on windows as app) not the scada device (controlled by
windows app)

~~~
acqq
What do you talk about? Stuxnet eventually deploys the native infected code
for non-Windows PLC device, Windows is just a carrier not the final target:

[http://antivirus.about.com/od/virusdescriptions/p/Stuxnet-
Wo...](http://antivirus.about.com/od/virusdescriptions/p/Stuxnet-Worm.htm)

"the Stuxnet worm incorporates several sophisticated means of propagation with
the goal of eventually reaching and infecting STEP 7 project files used to
program the PLC devices.

For initial propagation purposes, the worm targets computers running the
Windows operating systems. However, the PLC itself is not a Windows-based
system but rather a proprietary machine-language device."

------
Andrenid
Lucky it wasn't the cryptolocker virus. Can't exactly connect to the net from
up there to pay the people.

------
JustStoppingBy
Is this "news" being passed-off as a current event? This happened _at least_ 2
years ago.

------
orenmazor
this is why on Galactica all of their computer systems were completely
disconnected from each other.

------
ChikkaChiChi
"As these systems are based on human creations, they are open to infection."

FTFY.

------
mkramlich
interesting because a common suggestion for increasing the security of a
sensitive system is to maintain an "air gap". they have an "off-the-planet
gap" and they still got compromised.

~~~
gizmo686
They also had a constant radio connection with the station, which is the
opposite of an "air gap".

