Could this be the first space-borne computer virus ever discovered? It would appear that the International Space Station, orbiting at over 330 km (180 miles) above the planet, is not immune to software problems more commonly associated with computers down here on Earth. Over the last few days, astronauts on board the ISS have been tracking down a fairly benign gaming worm used by hackers to gather personal information. Although this type of virus is not considered a threat to space station operations, it does raise some questions about how the virus got up there and why the station’s computers were not protected.
The virus in question is the W32.Gammima.AG worm and it is used to automatically gather user information of people accessing online games. According to Symantec, the W32.Gammima.AG worm has a “risk level” of 1, or “very low.” Once infected with this worm, it will copy itself onto several files on the host computer, modify the operating system’s registry and then steal user data from a number of installed online games. The main point to remember about a computer worm, is that it embeds itself into a computer’s software, executes its task and then transmits sensitive data via the Internet to a remote attacker. It is not intended to do obvious harm to the host computer, it is intended to hide in the background, waiting to carry out its task.
Unless the ISS crew have been connecting to the Internet to play online games recently, it is very doubtful the personal information of the astronauts will be at risk. But this isn’t the main concern; how did the virus get there in the first place? Is the ISS vulnerable to future infection (whether it is an accidental or malicious attack)?
According to the transcript released by NASA at a space operations meeting last week (ISS 30P SORR), they very briefly outline the situation and offer some explanation as to how the infection may have happened:
Special Topic on Virus detected onboard
– W32.Gammima.AG worm. This is a level 0 gaming virus intended to gather personal information.
– Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.
– Theory is virus either in initial software load or possibly transferred from personal compact flash card.
– Working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future.
– It was noted that most of the IP laptops and some of the payload laptops do NOT provide virus protection/detection software
What I find surprising is that most of the computers on board the ISS do not carry basic anti-virus software. Although space is at a premium on the station, surely provision should be made to protect against viruses from Earth, especially if personal compact flash cards are coming close to operational systems?
NASA may have dodged a bullet on this one. There are many more malicious and aggressive viruses on terrestrial computers that could cause serious damage in space, especially on unprotected station systems, the crew were lucky the W32.Gammima.AG worm was not a more virile entity.
On briefly looking through the space station daily reports from the NASA operation web pages, it would appear that cosmonaut Sergey Volkov has taken charge of purging the ISS computers of any trace of the worm using Norton AntiVirus:
- Working on the Russian RSS-2 laptop, Sergey Volkov ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application. – ISS Daily Reports (Aug. 14th)
- Sergey checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk with the Norton AntiVirus application. – ISS Daily Reports (Aug. 21st)
- CDR Volkov began his day by downlinking yesterday’s Norton AntiVirus (NAV) data from the RSK-1 laptop scan. Later in the day, FE-2 Chamitoff also ran the scan on the SSC (Station Support Computer) to be used for downloading today’s 1553-bus comm files of the JEMRMS (Japanese Experiment Module/Robotic Manipulator System) Checkout #4 from the RLT (RMS Laptop Terminal) to the OpsLAN for downlinking. [All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.] – ISS Daily Reports (Aug. 22nd)
Let’s hope this will be a lesson to space station operations to tighten up the use of unregulated personal software (i.e. personal compact flash cards) and install basic anti-virus software the combat this problem from happening in the future.