Password Stealing Worm Catches NASA Napping
Houston, we have a virus.
You'd think the United States' space agency, which conducts highly sensitive research and has had its servers hacked before would be extremely thorough about computer security, but that does not appear to be the case. A worm that steals online gamers' user names and passwords has been running rampant on laptops on the International Space Station (ISS).
Fortunately, there is no risk of the ISS hurtling out of control back to Earth. Antivirus vendor Symantec's malware database entry said the code is only used to steal account information to online games.
The worm, known as W32.Gammima.AG, is spread through removable media such as USB drives and external hard drives. Gamimma steals sensitive information for various online games, including ROHAN, R2 (Reign of Revolution), Talesweaver, Seal Online, and several games popular mainly in China, including ZhengTu and HuangYi Online, according to Symantec, which wrote up the Gamimma worm on August 27, the day it was discovered.
In its paper on Gamimma, Symantec said the worm offers a very low risk. It affects all Windows systems, copying itself to all drives from C through Z and modifying the registry so it executes whenever Windows starts.
This is not the first infection at the space agency, either. "It has happened before, but it's not a frequent occurrence," National Aeronautics and Space Administration (NASA) spokesperson Kelly Humphries told InternetNews.com. He confirmed that NASA is a high-security organization, but would not discuss why its computers keep on getting infected if that's the case. "We continually refine and update our procedures and do our best to protect the systems on the station," Humphries said.
However, Humphries would not discuss how the laptops were infected. "I'm not going to speculate on how this could have happened," Humphries said. He would not confirm the type of malware that hit the laptops either, "because of IT security."
Humphries said that security would be tightened up. "Our Expedition 17 crew on the station is working with flight control and engineering teams and with our international partners to identify and eradicate the virus that's on board and we'll look for any actions we can take to prevent that from happening again," he added.
NASA partners with the Russians, Canadians, the Japanese Space Agency and the European Space Agency. Humphries said the European Space Agency is a multinational organization.
Perhaps NASA should try harder, said one security researcher. "This issue could be a whole lot worse," security research organization McAfee Avert Labs' director of security research and communications, Dave Marcus, told InternetNews.com. "Gamers are the second most targeted group malware authors go after, and chances are that any password and account combination that's stolen could be reused on other sites."
Password stealing malware accounts for 90 to 95 percent of the approximately 3,000 pieces of malware Avert Labs sees every day, Marcus said. NASA "needs to look at this as a wake up call, and they need to look closely at their policies."
By Lyne Bourque
August 27, 2008
Soon students and faculty will put many schools' IT departments to the test. Schools (and businesses, too) can take steps to keep their users and their data safe.