Password Stealing Worm Catches NASA Napping

You’d think the United States’ space agency, which conducts highly sensitive research
and has had its servers hacked before would be
extremely thorough about computer security, but that does not appear to be the case. A
worm that steals online gamers’ user names and passwords has been running rampant on
laptops on the International Space Station (ISS).

Fortunately, there is no risk of the ISS hurtling out of control back to Earth.
Antivirus vendor Symantec’s malware database
entry
said the code is only used to steal account information to online games.

The worm, known as W32.Gammima.AG, is spread through removable media such as USB
drives and external hard drives. Gammima steals sensitive information for various online
games, including ROHAN, R2 (Reign of Revolution), Talesweaver, Seal Online, and several
games popular mainly in China, including ZhengTu and HuangYi Online, according to
Symantec, which wrote up the Gammima worm on August 27, the day it was discovered.

In its paper on Gammima, Symantec said the worm offers a very low risk. It affects all
Windows systems, copying itself to all drives from C through Z and modifying the registry
so it executes whenever Windows starts.

This is not the first infection at the space agency, either. “It has happened before,
but it’s not a frequent occurrence,” National Aeronautics and Space Administration (NASA)
spokesperson Kelly Humphries told InternetNews.com. He confirmed that NASA is a
high-security organization, but would not discuss why its computers keep on getting
infected if that’s the case. “We continually refine and update our procedures and do our
best to protect the systems on the station,” Humphries said.

However, Humphries would not discuss how the laptops were infected. “I’m not going to
speculate on how this could have happened,” Humphries said. He would not confirm the type
of malware that hit the laptops either, “because of IT security.”

Humphries said that security would be tightened up. “Our Expedition 17 crew on the
station is working with flight control and engineering teams and with our international
partners to identify and eradicate the virus that’s on board and we’ll look for any
actions we can take to prevent that from happening again,” he added.

NASA partners with the Russians, Canadians, the Japanese Space Agency and the European
Space Agency. Humphries said the European Space Agency is a multinational organization.

Perhaps NASA should try harder, said one security researcher. “This issue could be a
whole lot worse,” security research organization McAfee Avert Labs’ director of security
research and communications, Dave Marcus, told InternetNews.com. “Gamers are the
second most targeted group malware authors go after, and chances are that any password
and account combination that’s stolen could be reused on other sites.”

Password stealing malware accounts for 90 to 95 percent of the approximately 3,000
pieces of malware Avert Labs sees every day, Marcus said. NASA “needs to look at this as
a wake up call, and they need to look closely at their policies.”

According to a white paper by Avert Labs researcher Igor Muttik, data-stealing Trojans
(like Gammima) record user IDs and passwords as well as the IP addresses or the names of
the servers they use. This information lets cybercriminals log into the victims’ accounts
and steal anything of value, which they then sell.

Because NASA computers have been infected before, the agency needs to take a very
close look at what it’s doing, Marcus said. “Things are not locked down or as tight as
they should be,” and Marcus recommended NASA “look at real strong management and real
strong policy enforcement.”

Media reports say the infected laptops were used to run nutritional programs and let
the astronauts e-mail their families back on Earth occasionally, but Humphries declined
comment.

The Expedition 17 crew on board the ISS consists of flight commander Sergei Volkov;
flight engineer Oleg Kononenko; and the only American in the crew, flight engineer
Gregory Chamitoff. The crew launched for the ISS April 8.

On October 12, the next crew, consisting of Commander Mike Finks and flight engineer
Yuri Lonchekov, will take off for the ISS with a passenger, video game developer Richard
Garriott, according to NASA’s Humphries. After a week, Volkov, Kononenko and Garriott
will return to Earth and the rest will stay on the station.

Article courtesy of InternetNews.com

Latest Articles

Follow Us On Social Media

Explore More