Trojan may have stolen data from Japanese space agency

Filed Under: Data loss, Featured, Malware, Vulnerability

JAXAJapanese space engineers have discovered a Trojan on an employee's computer and confirmed that hackers may have smuggled out login information to gain access to a cargo shuttle that carries food and equipment to the International Space Station (ISS).

The compromised information may have included up to 1,000 email addresses, login details for the Japanese space agency's intranet, and NASA documents covering operation of the ISS, according to a statement from the Japanese Aerospace Exploration Agency (JAXA).

On January 6th, JAXA found the virus on a terminal used by an employee who works with the H-II Transfer Vehicle (HTV), an unmanned cargo shuttle.

This isn't the first time the computer acted up. Back on August 11th, JAXA found the initial virus.

According to news reports, the employee picked up the Trojan by opening an infected email attachment. JAXA immediately took the computer offline and scrubbed it clean, at least in theory.

The computer kept glitching, though - JAXA described it as being "unstable" and said that since they discovered the first round of infection, it "displayed abnormalities."

On January 6th, engineers found footprints of a second virus that gathered information that it then beamed out to its controllers sometime between July 6th and August 11th.

JAXA said it immediately changed passwords and began checking other terminals. JAXA's now bolting down information security and working to ensure the leak doesn't recur. From the statement:

With the above backdrop, passwords for all accessible systems from the computer have been immediately changed in order to prevent any abuse of possibly leaked information, and we are currently investigating the scale of damage and the impact. Also, all other computer terminals are being checked for virus infections.

We sincerely apologize over such trouble, and we will promptly address the following measures while strengthening our information security in order to prevent any recurrence, as we gravely regret this incident.

Called Kounotori, or White Stork, the spacecraft was developed and built in Japan. It carries in food, clothes and equipment for experiments and takes away waste from the ISS, which has been continuously occupied for more than 11 years.

That's the longest time for an inhabited space station since Mir, which was home to space scientists for almost 10 years.

Kounotori was first launched in 2009. Its second take-off was scheduled for this coming Sunday, January 22.

Earth orbit

JAXA chose the name Kounotori because "a white stork carries an image of conveying an important thing (a baby, happiness, and other joyful things), therefore, it precisely expresses the HTV's mission to transport essential materials to the ISS."

As far as unjoyful things go, this is only the latest of a rash of hacking and data breaches to NASA and to the infrastructure of the United States as a whole.

In November 2011, a Romanian man was arrested for hacking into NASA servers since December 2010.

And NASA confirmed in 2008 that a worm had managed to make it to the International Space Station, carried most likely by an astronaut on a memory stick.

At the time of the Romanian NASA hacker incident, Sophos's Chester Wisniewski pondered, logically enough, whether NASA shouldn't be asking some serious questions about its systems security, given that the damages incurred in that incident alone were estimated to run as high as $500,000. As Chester put it:

If NASA is repeatedly being hacked to the tune of half a million dollars plus each time, shouldn't we be asking serious questions about the security of their systems?

While I agree that unauthorized access to a system is a punishable offense, isn't there an even bigger problem lurking behind the firewalls at Cape Canaveral?

By my calculations $500,000 buys you a few top notch security experts with a fair bit of money left over for tools/software.

Fair enough. But when you consider the sprawling nature of such a truly international technological venture as a space station, it's clear that security must have to take one hell of a polyglot form.

Beyond the US and Japan, also involved in the station and its maintenance are Russia, Canada and eleven member states of the European Space Agency: Belgium, Denmark, France, Germany, Italy, The Netherlands, Norway, Spain, Sweden, Switzerland, and the United Kingdom.

I don't envy NASA or JAXA its job when it comes to information security. But as far as opening infected attachments goes, one would think that decent antivirus software and/or familiarity with basic computer hygiene might go a long way.

, , , , , , , ,

You might like

One Response to Trojan may have stolen data from Japanese space agency

  1. Sounds like Conficker/Downadup/Kido doesn't it? JAXA should have visited Sophos for the software to protect against that one (and many others).

    What do you suppose the purpose was of gaining access to the cargo shuttle? Could it be used as a weapon to ram the ISS causing massive destruction & loss of life? You bet!

    JAXA better get busy and clean up their systems, AFTER they change all access/login codes. Hey, remember to boot up in Safe Mode...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.