Trojan may have stolen data from Japanese space agency

Trojan may have stolen data from Japanese space agency

JAXAJapanese space engineers have discovered a Trojan on an employee’s computer and confirmed that hackers may have smuggled out login information to gain access to a cargo shuttle that carries food and equipment to the International Space Station (ISS).

The compromised information may have included up to 1,000 email addresses, login details for the Japanese space agency’s intranet, and NASA documents covering operation of the ISS, according to a statement from the Japanese Aerospace Exploration Agency (JAXA).

On January 6th, JAXA found the virus on a terminal used by an employee who works with the H-II Transfer Vehicle (HTV), an unmanned cargo shuttle.

This isn’t the first time the computer acted up. Back on August 11th, JAXA found the initial virus.

According to news reports, the employee picked up the Trojan by opening an infected email attachment. JAXA immediately took the computer offline and scrubbed it clean, at least in theory.

The computer kept glitching, though – JAXA described it as being “unstable” and said that since they discovered the first round of infection, it “displayed abnormalities.”

On January 6th, engineers found footprints of a second virus that gathered information that it then beamed out to its controllers sometime between July 6th and August 11th.

JAXA said it immediately changed passwords and began checking other terminals. JAXA’s now bolting down information security and working to ensure the leak doesn’t recur. From the statement:

With the above backdrop, passwords for all accessible systems from the computer have been immediately changed in order to prevent any abuse of possibly leaked information, and we are currently investigating the scale of damage and the impact. Also, all other computer terminals are being checked for virus infections.

We sincerely apologize over such trouble, and we will promptly address the following measures while strengthening our information security in order to prevent any recurrence, as we gravely regret this incident.

Called Kounotori, or White Stork, the spacecraft was developed and built in Japan. It carries in food, clothes and equipment for experiments and takes away waste from the ISS, which has been continuously occupied for more than 11 years.

That’s the longest time for an inhabited space station since Mir, which was home to space scientists for almost 10 years.

Kounotori was first launched in 2009. Its second take-off was scheduled for this coming Sunday, January 22.

Earth orbit

JAXA chose the name Kounotori because “a white stork carries an image of conveying an important thing (a baby, happiness, and other joyful things), therefore, it precisely expresses the HTV’s mission to transport essential materials to the ISS.”

As far as unjoyful things go, this is only the latest of a rash of hacking and data breaches to NASA and to the infrastructure of the United States as a whole.

In November 2011, a Romanian man was arrested for hacking into NASA servers since December 2010.

And NASA confirmed in 2008 that a worm had managed to make it to the International Space Station, carried most likely by an astronaut on a memory stick.

At the time of the Romanian NASA hacker incident, Sophos’s Chester Wisniewski pondered, logically enough, whether NASA shouldn’t be asking some serious questions about its systems security, given that the damages incurred in that incident alone were estimated to run as high as $500,000. As Chester put it:

If NASA is repeatedly being hacked to the tune of half a million dollars plus each time, shouldn't we be asking serious questions about the security of their systems?

While I agree that unauthorized access to a system is a punishable offense, isn't there an even bigger problem lurking behind the firewalls at Cape Canaveral?

By my calculations $500,000 buys you a few top notch security experts with a fair bit of money left over for tools/software.

Fair enough. But when you consider the sprawling nature of such a truly international technological venture as a space station, it’s clear that security must have to take one hell of a polyglot form.

Beyond the US and Japan, also involved in the station and its maintenance are Russia, Canada and eleven member states of the European Space Agency: Belgium, Denmark, France, Germany, Italy, The Netherlands, Norway, Spain, Sweden, Switzerland, and the United Kingdom.

I don’t envy NASA or JAXA its job when it comes to information security. But as far as opening infected attachments goes, one would think that decent antivirus software and/or familiarity with basic computer hygiene might go a long way.