Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stolen NASA Laptop Had Space Station Control Code

Posted by Soulskill on from the a-bit-more-serious-than-an-iphone-prototype dept.

astroengine writes "NASA had 5,408 computer security lapses in 2010 and 2011, including the March 2011 loss of a laptop computer that contained algorithms used to command and control the International Space Station, the agency's inspector general told Congress Wednesday. According to his statement (PDF), 'These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives.'"

22 of 79 comments (clear)

  1. Set your controls by Anonymous Coward · · Score: 5, Funny

    to the heart of the first post!

    1. Re:Set your controls by Anonymous Coward · · Score: 2, Funny

      Careful with that downmod, Eugene.

    2. Re:Set your controls by forkfail · · Score: 4, Funny

      To most folks, that reference will make about as much sense as someone typing ummagumma.

      --
      Check your premises.
    3. Re:Set your controls by silverspell · · Score: 2

      Careful with that downmod, Eugene.

      Yes, one of these days our fearless mods will learn not to meddle. Me, I remember a day when things were different -- and it would be so nice if we could let there be more light humor and, well, free-for-all (when you're in the mood, anyway), and have fewer people burning bridges wherever they go. I'm just biding my time until then.

    4. Re:Set your controls by tunapez · · Score: 2

      ahhh, sounds like several species of small furry animals gathering in a cave with a pict
       
      on lsd
       
      that is all

      --
      Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
  2. Cue HAL 9000... by Okomokochoko · · Score: 5, Funny

    Coming soon to the ISS: "I'm afraid I can't do that, Dave."

  3. Meh, just some source code by ShooterNeo · · Score: 4, Insightful

    I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever. That code is most likely extremely specialized, designed JUST for whatever system on the ISS in question, and probably had millions of dollars put into refining, optimizing, and debugging it. I bet the code is completely unsuitable for any other purpose for that reason (one way to reduce bugs is to make the code as specific as possible in a low level language).

    And, whatever system we are talking about : ventilation, communications, power, water recycling : you can safely bet that the way NASA designed it is TOTALLY unsuitable for commercial use. It probably uses the most expensive possible parts, made by hand, for crucial components of the systems.

    1. Re:Meh, just some source code by v1 · · Score: 5, Insightful

      I would say that losing the source code to some of the embedded control systems in the ISS is just about the LEAST valuable theft of source code, ever.

      Reuse of the code is probably not what they're worried about. Give any sufficiently large amount of code to a group of skilled hackers and they are very likely to find a few exploitable bugs. It's just a matter of playing against the odds in the long run. They may discover a few buffer overflows in obscure places, and after a lot of research, find a way to turn one of them into a privilege escalation via a very complex sequence of steps. And further find a way to abuse that, all the way up to something genuinely dangerous remotely. Systems of this complexity and review typically are only compromised by using a combination of different bugs to "chain" in from the front door to the kernel, and starts with a deep knowledge of the system, and that's exactly what they have now.

      Anyone that thinks any large, complex chunk of code is 100% bug-free is delusional. There was a story here on /. recently about a kernel escalation bug that had been committed for years without anyone noticing it, despite all the kernel hackers and that "many eyes make for shallow bugs" theory. Look at all the review that code had over the years.

      --
      I work for the Department of Redundancy Department.
    2. Re:Meh, just some source code by ColdWetDog · · Score: 4, Funny

      So they're going to find an alien fighter in the bowels of Area 51, fly it up to the ISS and upload a virus?

      Sounds like the plot of a dumb science fiction movie.

      --
      Faster! Faster! Faster would be better!
    3. Re:Meh, just some source code by steelfood · · Score: 2

      This is why you decentralize and compartmentalize. The life support doesn't talk to the food dispenser. The boosters responsible for orbital adjustments don't talk to the communications array. Likewise, the solar panel controls are separated, even from each other. Communication happens via a human. Validation that the communication was properly passed on can happen using a passive third system that only accepts input and does not send output.

      Centralization and consolidation are cost-savings measures. They give up protections and redundancy in favor of efficiency. Sometimes, it's appropriate, and sometimes, it's not. In cases where lives are dependent on the proper functioning of the system, I'd say it's not.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  4. Stop using the LCARS Operating System by jfalcon · · Score: 2, Funny

    Seriously, what do you expect for security when a 8 year old can "override the security protocols" at a whim? The engineers who designed that system need to get bitch slapped - repeatedly.

    --
    boom goes the dynamite....
  5. Ah,,, by Extremus · · Score: 3

    Now I can be all the time under a good shade during the summer.

  6. Algorithm != control by mbone · · Score: 3, Funny

    This doesn't sound like much of an actual threat. If you can't physically access the machine, what good does having its "algorithms" do you ? What, is Elon Musk going to carry this up to the ISS on the Dragon and take over the air handling system ?

    1. Re:Algorithm != control by jfalcon · · Score: 3, Funny

      It could mean the Command and Control authentication for remote administration of the station. I'm sure there are SATCOM pirates who would love to screw with the attitude controls of something like the space station.

      --
      boom goes the dynamite....
  7. Hmmm... by wbr1 · · Score: 4, Funny

    This laptop I bought on craigslist with the JPL asset tag and wallpaper is starting to look interesting.
    What is this "Plumbing Subroutines" folder? And why does ZoneAlarm have it allowed to connect to ISS.nasa.gov?
    Whoops...

    --
    Silence is a state of mime.
  8. So what if space aliens stole it? by oakgrove · · Score: 2

    What if space aliens stole it as part of their nefarious plot of taking it over and killing us all? Just a thought. Too bad nuclear bombs are banned in space or we could just nuke it in orbit. You know, just to be sure.

    --
    The soylentnews experiment has been a dismal failure.
  9. Let me explain something to you! by Anonymous Coward · · Score: 2, Funny

    YOu see, hackers could get a hold of that code and design a worm and virus around it. Then, by uplinking to a satellite and hacking into the ISS' control systems from that, they could implant the virus and take over the ISS. Then from there, they order the ISS to fire its thrusters and crash into the Whitehouse. BUT, it will be stopped because Chris Pine, after getting his ass kicked by oen of the Russian astronauts, will get up there and stop it with some clever out witting of the astronauts.

    So, don't you see?! This has some serious reprocussions in regards to some really really shitty Hollywood script being written and causing all of us much SciFi or SyFy pain. Actually, if it were SyFy, there's be ghosts involved.

  10. Big Bang by Laser_47 · · Score: 2

    Somehow, I think Wolowitz is responsible....

  11. God forbid someone hacks 40 year old tech by alen · · Score: 2, Interesting

    seriously, how old is the tech in the space station? i bet my iphone is faster than most of the computers on there

    1. Re:God forbid someone hacks 40 year old tech by steelfood · · Score: 4, Funny

      Bet your iPhone would have trouble surivivng a class M flare too.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  12. Re:So what? by Hentes · · Score: 2

    Only if they rely on security through obscurity.

  13. What's the worst that could happen? by viperidaenz · · Score: 2

    Someone else builds a space station and uses the stolen algorithms to control it? Oh No! IP violations!