Stolen NASA Laptop Had Space Station Control Code

← Back to Stories (view on slashdot.org)

Stolen NASA Laptop Had Space Station Control Code

Posted by Soulskill on Thursday March 1, 2012 @05:20AM from the a-bit-more-serious-than-an-iphone-prototype dept.

astroengine writes "NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station, the agency's inspector general told Congress Wednesday. According to his statement (PDF), 'These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.'"

57 of 79 comments (clear)

Min score:

Reason:

Sort:

Set your controls by Anonymous Coward · 2012-03-01 05:21 · Score: 5, Funny

to the heart of the first post!
1. Re:Set your controls by Anonymous Coward · 2012-03-01 05:34 · Score: 2, Funny
  
  Careful with that downmod, Eugene.
2. Re:Set your controls by forkfail · 2012-03-01 05:49 · Score: 4, Funny
  
  To most folks, that reference will make about as much sense as someone typing ummagumma.
  
  --
  Check your premises.
3. Re:Set your controls by ibutsu · 2012-03-01 05:59 · Score: 1
  
  Most folks aren't worth paying attention to.
4. Re:Set your controls by silverspell · 2012-03-01 06:28 · Score: 2
  
  Careful with that downmod, Eugene.
  Yes, one of these days our fearless mods will learn not to meddle. Me, I remember a day when things were different -- and it would be so nice if we could let there be more light humor and, well, free-for-all (when you're in the mood, anyway), and have fewer people burning bridges wherever they go. I'm just biding my time until then.
5. Re:Set your controls by Anonymous Coward · 2012-03-01 07:06 · Score: 1
  
  And relaxing in San Tropez...
6. Re:Set your controls by tunapez · 2012-03-01 11:03 · Score: 2
  
  ahhh, sounds like several species of small furry animals gathering in a cave with a pict
  
  on lsd
  
  that is all
  
  --
  Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
7. Re:Set your controls by tunapez · 2012-03-01 11:04 · Score: 1
  
  'gathered together in a cave and grooving with a pict'
  
  damn!
  
  --
  Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
Cue HAL 9000... by Okomokochoko · 2012-03-01 05:24 · Score: 5, Funny

Coming soon to the ISS: "I'm afraid I can't do that, Dave."
1. Re:Cue HAL 9000... by Anonymous Coward · 2012-03-01 06:38 · Score: 1
  
  All your space are belong to us
Meh, just some source code by ShooterNeo · 2012-03-01 05:27 · Score: 4, Insightful

I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level language).
And, whatever system we are talking about : ventilation, communications, power, water recycling : you can safely bet that the way NASA designed it is TOTALLY unsuitable for commercial use. It probably uses the most expensive possible parts, made by hand, for crucial components of the systems.
1. Re:Meh, just some source code by Samantha+Wright · 2012-03-01 05:33 · Score: 1
  
  I believe you're missing the "evil supervillain holding the world for ransom by manipulating bugs" part. In 5,408 security breaches, surely someone found the password? And has a target in mind that they'd like to drop a space station on?
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
2. Re:Meh, just some source code by Andy+Dodd · 2012-03-01 05:34 · Score: 1
  
  Yeah... Wonderful how the article makes it sounds like this was some horrible loss when, in fact, it was code that is likely nearly worthless to anyone outside of NASA.
  The worst impact of a lot of government source code leaks is likely to be embarassment - "That system is THAT primitive?" or "How the hell is this thing actually usable?"
  
  --
  retrorocket.o not found, launch anyway?
3. Re:Meh, just some source code by v1 · 2012-03-01 05:38 · Score: 5, Insightful
  
  I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever.
  
  Reuse of the code is probably not what they're worried about. Give any sufficiently large amount of code to a group of skilled hackers and they are very likely to find a few exploitable bugs. It's just a matter of playing against the odds in the long run. They may discover a few buffer overflows in obscure places, and after a lot of research, find a way to turn one of them into a privilege escalation via a very complex sequence of steps. And further find a way to abuse that, all the way up to something genuinely dangerous remotely. Systems of this complexity and review typically are only compromised by using a combination of different bugs to "chain" in from the front door to the kernel, and starts with a deep knowledge of the system, and that's exactly what they have now.
  Anyone that thinks any large, complex chunk of code is 100% bug-free is delusional. There was a story here on /. recently about a kernel escalation bug that had been committed for years without anyone noticing it, despite all the kernel hackers and that "many eyes make for shallow bugs" theory. Look at all the review that code had over the years.
  
  --
  I work for the Department of Redundancy Department.
4. Re:Meh, just some source code by tlhIngan · 2012-03-01 05:43 · Score: 1
  
  I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level language).
  And, whatever system we are talking about : ventilation, communications, power, water recycling : you can safely bet that the way NASA designed it is TOTALLY unsuitable for commercial use. It probably uses the most expensive possible parts, made by hand, for crucial components of the systems.
  Not to mention that given the requirements of the systems (safety-critical) there's probably a ton of work and documentation that has to go into even doing a checkin, so even having the code doesn't mean you can check it into NASA's code repository unnoticed.
  The only real value is if the theft consisted of other stuff like datasheets and documentation of the various parts and how they work moreso than the code itself. At least with the latter you have the designs of the system which has commercial value.
  Or if there was other classified data on it.
  The source code? Not so much. I know, some of us like to run the old Apollo code (which is readily available) on our PCs just for kicks, but that's really all it is.
5. Re:Meh, just some source code by geekoid · 2012-03-01 05:47 · Score: 1
  
  But do they have the technology to implement the control codes?
  I can have them all on my computer right now, and I couldn't really do squat with them.
  And good luck hitting anything smaller then Australia with it. The thing entry orbit would change radically as parts fell off in unpredictable ways..
  
  --
  The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
6. Re:Meh, just some source code by ColdWetDog · 2012-03-01 05:52 · Score: 4, Funny
  
  So they're going to find an alien fighter in the bowels of Area 51, fly it up to the ISS and upload a virus?
  Sounds like the plot of a dumb science fiction movie.
  
  --
  Faster! Faster! Faster would be better!
7. Re:Meh, just some source code by steelfood · 2012-03-01 06:47 · Score: 2
  
  This is why you decentralize and compartmentalize. The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human. Validation that the communication was properly passed on can happen using a passive third system that only accepts input and does not send output.
  Centralization and consolidation are cost-savings measures. They give up protections and redundancy in favor of efficiency. Sometimes, it's appropriate, and sometimes, it's not. In cases where lives are dependent on the proper functioning of the system, I'd say it's not.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
8. Re:Meh, just some source code by CohibaVancouver · 2012-03-01 09:40 · Score: 1
  
  The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human.
  Just like The Old Man's Battlestar!
9. Re:Meh, just some source code by lightknight · 2012-03-01 10:14 · Score: 1
  
  That depends. There are a number of things you can do with it, as highlighted by others earlier. Probably even more useful than controlling a satellite.
  Had I access to the thing, and were I in a particularly dark mood (complete with super villain costume), I'd try to calculate some re-entry trajectories that would put the thing somewhere where people would care, with a quiet fax to NASA asking for more "ammunition."
  I mean, it would probably take a super-computer to calculate the re-entry to the point where you could get it within 100 hundred miles of your target, but yeah, a pissed off power might be able to pull it off. And hey, if you somehow manage to slap the Eiffel Tower or the Statue of Liberty with it, people will care.
  Or I guess I could just find a way to remotely disconnect + pilot that Russian re-entry vehicle. Not quite the ISS, but easier to fly. There's a fair chance that if I hooked up the feeds to something approaching real-time, and had a general idea of what I was doing, you could actually hit something with it.
  Or I could remotely vent the ISS atmosphere to space. You know how much NASA hates losing astronauts.
  Or, if I controlled a space-faring power, I could dock my own vehicle to the ISS.
  Or I could introduce intermittent errors to the ISS, to slowly drive the astronauts insane. They'll never know if there's a wiring fault, or someone screwing with them, when it comes to the lamps frying their experiments (gotta sleep sometime, and there's too much to do to task one of your friends to watch them) and what not.
  Long list of things you could do with it, had you enough time, motivation, and general resources. Hell, NASA could trash the thing themselves, if they prescribed to the Machiavellian way of doing things, claim it's a national tragedy, and demand that Congress put a newer, bigger one into orbit, or "the terrorists will win." Just be sure to keep the wheels on the boat (ISS) long enough for your lone astronaut to get off that day (30 seconds to make it to the lifeboat).
  And yes, while many countries will condemn the action, a fair number of smaller ones / various freedom fighter groups would probably cherish the outcome. But it's unlikely any of this will ever happen: you need a closet full of Einsteins & Feynmans to do it, and those kinds of people already have competitive bides for their services (window office, nice pay, no persistent fear of G-men knocking down their doors and saying "There he is!").
  Am I a mal-adjusted individual? No, I've just worked in IT for too long. It's always amazing to me how some people manage to get new laptops, every 6 months, almost to the dot.
  
  --
  I am John Hurt.
10. Re:Meh, just some source code by V!NCENT · 2012-03-01 10:50 · Score: 1
  
  The simpler and more 'primative' the better. And it's codes; not source code.
  So what I'd do is the most 'primative' and effective thing there is; unhook the reciever from any actuators and unhook the neutral stuff, attached to actuators (except transmittors), from any actuators too.
  Let some gifted minds go at a interim system for a week and send a technician with the interim device to the ISS. After that only the most basic stuff should be handled for interim survival of the station and the crew.
  While the interim stuff is going on; let the On-board Shuttle Group rework the system along with the NSA, send that shit to the ISS and restart normal operations.
  And while the NSA is there anyway; let them fix the damn security problem on the ground.
  $0,02
  
  --
  Here be signatures
11. Re:Meh, just some source code by Concerned+Onlooker · 2012-03-01 17:48 · Score: 1
  
  Nice try, but I think everyone here has latched onto the "source code" idea. Knowing the opcodes are very, very different indeed.
  
  --
  http://www.rootstrikers.org/
12. Re:Meh, just some source code by ShooterNeo · 2012-03-01 23:39 · Score: 1
  
  The catch is, what happens if the astronauts become incapacitated or are forced to abandon the station without flipping a switch to put the station on to remote ground control? More than likely, there is a way for the station on the ground to remotely broadcast commands to control the crucial systems on the station. (the power systems and all of the rocket engines, as well as perhaps cooling and life support)
13. Re:Meh, just some source code by Rich0 · 2012-03-02 07:02 · Score: 1
  
  I doubt the space station has sufficient propulsion to actually de-orbit. Plus, it de-orbits on its own anyway due to drag - it needs re-boosts to keep it up there, from spacecraft.
  You probably could put it into a spin and burn up all the propellant, making it almost impossible to recover. Maybe you could even get it to fly apart that way. However, a controlled de-orbit is likely not possible except over the course of years.
So? by Thanshin · 2012-03-01 05:28 · Score: 1

It's a physical object so, if there was no consequence before they discovered the theft, there won't be one after.
Unless that control code allowed the user to manipulate the space station and hide the manipulation, which would be kind of retarded on NASA's side.
Stop using the LCARS Operating System by jfalcon · 2012-03-01 05:28 · Score: 2, Funny

Seriously, what do you expect for security when a 8 year old can "override the security protocols" at a whim? The engineers who designed that system need to get bitch slapped - repeatedly.

--
boom goes the dynamite....
Ah,,, by Extremus · 2012-03-01 05:29 · Score: 3

Now I can be all the time under a good shade during the summer.
Algorithm != control by mbone · 2012-03-01 05:30 · Score: 3, Funny

This doesn't sound like much of an actual threat. If you can't physically access the machine, what good does having its "algorithms" do you ? What, is Elon Musk going to carry this up to the ISS on the Dragon and take over the air handling system ?
1. Re:Algorithm != control by jfalcon · 2012-03-01 05:32 · Score: 3, Funny
  
  It could mean the Command and Control authentication for remote administration of the station. I'm sure there are SATCOM pirates who would love to screw with the attitude controls of something like the space station.
  
  --
  boom goes the dynamite....
Hmmm... by wbr1 · 2012-03-01 05:34 · Score: 4, Funny

This laptop I bought on craigslist with the JPL asset tag and wallpaper is starting to look interesting.
What is this "Plumbing Subroutines" folder? And why does ZoneAlarm have it allowed to connect to ISS.nasa.gov?
Whoops...

--
Silence is a state of mime.
1. Re:Hmmm... by MartinSchou · 2012-03-01 09:40 · Score: 1
  
  Could be worse. Could be MUCH worse.
So what if space aliens stole it? by oakgrove · 2012-03-01 05:35 · Score: 2

What if space aliens stole it as part of their nefarious plot of taking it over and killing us all? Just a thought. Too bad nuclear bombs are banned in space or we could just nuke it in orbit. You know, just to be sure.

--
The soylentnews experiment has been a dismal failure.
1. Re:So what if space aliens stole it? by Macrat · 2012-03-01 10:49 · Score: 1
  
  Too bad nuclear bombs are banned in space....
  That we know of...
2. Re:So what if space aliens stole it? by youn · 2012-03-02 03:17 · Score: 1
  
  I believe to aliens that got here all the way from the blahtopian galaxy, the ISS looks like an expensive space dumpster with technology so 1000 years ago... I would not worry about them :)... If they did anything to the ISS control code, they would probably improve it and maybe we could use the station to finally go to mars - with all due respect to Nasa engineers, which after all have built a huge house in freaking space.... the only thing I launch into space is ugly farts... to be fair, people need space suits to survive that :p
  
  --
  Never antropomorphize computers, they do not like that :p
3. Re:So what if space aliens stole it? by cellocgw · 2012-03-02 05:43 · Score: 1
  
  That we know of...>
  Oh, they're banned all right. That just didn't stop MLB from putting them up in their spy satellites.
  
  --
  https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
Two words: interstellar aerobatics! by theoriginalturtle · 2012-03-01 05:37 · Score: 1

This could be spectacular! Tossing water droplets around in zero-G pales in comparison to getting that thing twirling like a baton at a Texas halftime show...

--
---------------------------------------
Rotate the pod, please, HAL....
Let me explain something to you! by Anonymous Coward · 2012-03-01 05:38 · Score: 2, Funny

YOu see, hackers could get a hold of that code and design a worm and virus around it. Then, by uplinking to a satellite and hacking into the ISS' control systems from that, they could implant the virus and take over the ISS. Then from there, they order the ISS to fire its thrusters and crash into the Whitehouse. BUT, it will be stopped because Chris Pine, after getting his ass kicked by oen of the Russian astronauts, will get up there and stop it with some clever out witting of the astronauts.
So, don't you see?! This has some serious reprocussions in regards to some really really shitty Hollywood script being written and causing all of us much SciFi or SyFy pain. Actually, if it were SyFy, there's be ghosts involved.
Big Bang by Laser_47 · 2012-03-01 05:43 · Score: 2

Somehow, I think Wolowitz is responsible....
1. Re:Big Bang by Kozar_The_Malignant · 2012-03-01 06:35 · Score: 1
  
  No, Wolowitz only has the toilet control codes.
  
  --
  Some mornings it's hardly worth chewing through the restraints to get out of bed.
So what? by Hentes · 2012-03-01 05:45 · Score: 1

Why are the control algorithms of the ISS so secret?
1. Re:So what? by NoNonAlphaCharsHere · 2012-03-01 05:56 · Score: 1
  
  Because someone could use them to override the security protocols, obviously.
2. Re:So what? by Hentes · 2012-03-01 06:13 · Score: 2
  
  Only if they rely on security through obscurity.
Another of the thousand grains of sand by Anonymous Coward · 2012-03-01 05:46 · Score: 1

http://www.strategypage.com/htmw/htintel/articles/20061110.aspx
Just like how they targeted the US's nuclear weapons research programs for the previous couple decades, they are now targeting NASA and aerospace contractors as they build up their own space program. Hell, this theft probably just gave them a good head start on the control systems for their own private space station.
God forbid someone hacks 40 year old tech by alen · 2012-03-01 06:11 · Score: 2, Interesting

seriously, how old is the tech in the space station? i bet my iphone is faster than most of the computers on there
1. Re:God forbid someone hacks 40 year old tech by steelfood · 2012-03-01 06:55 · Score: 4, Funny
  
  Bet your iPhone would have trouble surivivng a class M flare too.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Oh Great! by Kozar_The_Malignant · 2012-03-01 06:39 · Score: 1

Now we'll have to deal with Dr. Evil running the place.

--
Some mornings it's hardly worth chewing through the restraints to get out of bed.
What's the worst that could happen? by viperidaenz · 2012-03-01 06:44 · Score: 2

Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!
1. Re:What's the worst that could happen? by Maow · 2012-03-01 15:09 · Score: 1
  
  Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!
  Then the RIAA & MPIA bring their full influence to bear on the US Government and next thing we all know, it's WWIII.
  Yes, IP violations *are* the worse thing in the whole history of forevar .
  At least according to the current way of thinking in some parts...
Not a phone by xded · 2012-03-01 07:55 · Score: 1

Do you realize that space stations are not sold in stores? And do you realize that you do not want to hack one to jailbreak it, but to potentially gater intelligence or hold it to ransom?
Re:Handcuffs by mlts · 2012-03-01 08:33 · Score: 1

Instead of the handcuffs, why not take the humble BitLocker functionality with a TPM chip available in business line laptops, desktops, and servers, and add a smart card reader to that for a CAC.
Then, when the laptop boots up, it asks for the CAC, the passphrase for that, and boots up. No authorized public key, the laptop won't boot.
PGP Whole Disk Encryption had this functionality with cryptographic tokens like Safenet's eTokens. This way, a thief would have to not just steal the laptop, but steal the token, and beat up the token's holder for the PIN (a la the XKCD strip) in order to get access.
Realistically, I just wonder why NASA just didn't go with a Citrix or remote access solution, so laptops can just have a plain OS on them and the Citrix Receiver with nothing else.
Re:Control Codes... by cashman73 · 2012-03-01 09:56 · Score: 1

CPE-1704-TKS? Let's play global thermonuclear war.
Re:Who cares? by ndege · 2012-03-01 10:05 · Score: 1

I wish I could mod this comment +5

--
Sig Return: 204 No Content
It's coming through, now. by cstacy · 2012-03-01 12:25 · Score: 1

You've got to learn WHY things work on an international space station...
Re:Set your controls to whoosh by TheInternetGuy · 2012-03-01 19:37 · Score: 1

That makes perfect sense, ummagumma (ãã¾ãã¾ã or é¦çS) means bearhorse in Japanese.

--
If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame
Re:Set your controls to whoosh by TheInternetGuy · 2012-03-01 19:39 · Score: 1

That would have been funnier if Slashdot would have supported Unicode in posts. Oh well, live and learn ... . (and then forget).

--
If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame
Re:Handcuffs by postbigbang · 2012-03-01 22:13 · Score: 1

Realistically, like managers of the big banks, the NASA employee in charge of the laptop will go unpunished.
Using Citrix or VMware or Microsoft or other kvm solutions aren't as secure as you might think. Yes, their transports can be pretty tough to crack, but that's after the initial authentication process, which still has those messy humans involved.
One of those messy humans, irresponsible, allowed the machine to be lost. This particular human ought to be waiting without bond on Rikers Island, awaiting arraignment on US Federal charges. I hope no one kicked the living crap out of him on the way for jeopardizing the lives and missions up there by allowing the machine to be "lost".
Whoever dreamed up the protocols for asset management ought to be sweating in front of a Congressional committee this morning, explaining exactly how THOSE worked. And the people whose lives and livings depend on the security of the lost information, well, I hope they get pretty damn vocal about the matter.
These are engineers for the costliest space effort we have going? Ye gawds what a mess we're in.

--
---- Teach Peace. It's Cheaper Than War.
Laptop Encryption? by gravis777 · 2012-03-02 02:46 · Score: 1

All I can say is, big deal. So what, they lost a few laptops. The laptops were most likely encrypted - seriously, every govenrment agency and contractor for years has been encrypting laptops. Even if they used a weak encryption scheme, when the thief realized they were encrypted, he probably just formatted the harddrive, installed a bootlegged OS, and sold it on ebay. I think the bigger issue is here that NASA needs to teach their employees to take better care of their laptops - this probably cost NASA a whole $1,000! :-)