Tuesday, November 25, 2008

Avocado: NASA's Titan Rain

Via BusinessWeek -

America's military and scientific institutions—along with the defense industry that serves them—are being robbed of secret information on satellites, rocket engines, launch systems, and even the Space Shuttle. The thieves operate via the Internet from Asia and Europe, penetrating U.S. computer networks. Some of the intruders are suspected of having ties to the governments of China and Russia, interviews and documents show. Of all the arms of the U.S. government, few are more vulnerable than NASA, the civilian space agency, which also works closely with the Pentagon and American intelligence services.

In April 2005, cyber-burglars slipped into the digital network of NASA's supposedly super-secure Kennedy Space Center east of Orlando, according to internal NASA documents reviewed by BusinessWeek and never before disclosed. While hundreds of government workers were preparing for a launch of the Space Shuttle Discovery that July, a malignant software program surreptitiously gathered data from computers in the vast Vehicle Assembly Building, where the Shuttle is maintained. The violated network is managed by a joint venture owned by NASA contractors Boeing (BA) and Lockheed Martin (LMT).

Undetected by the space agency or the companies, the program, called stame.exe, sent a still-undetermined amount of information about the Shuttle to a computer system in Taiwan. That nation is often used by the Chinese government as a digital way station, according to U.S. security specialists.

By December 2005, the rupture had spread to a NASA satellite control complex in suburban Maryland and to the Johnson Space Center in Houston, home of Mission Control. At least 20 gigabytes of compressed data—the equivalent of 30 million pages—were routed from the Johnson center to the system in Taiwan, NASA documents show. Much of the data came from a computer server connected to a network that tracks malfunctions that could threaten the International Space Station.

Seven months after the initial April intrusion, NASA officials and employees at the Boeing-Lockheed venture finally discovered the flow of information to Taiwan. Investigators halted all work at the Vehicle Assembly Building for several days, combed hundreds of computer systems, and tallied the damage. NASA documents reviewed by BusinessWeek do not refer to any specific interference with operations of the Shuttle, which was aloft from July 26 to Aug. 9, or the Space Station, which orbits 250 miles above the earth.

The startling episode in 2005 added to a pattern of significant electronic intrusions dating at least to the late 1990s. These invasions went far beyond the vandalism of hackers who periodically deface government Web sites or sneak into computer systems just to show they can do it. One reason NASA is so vulnerable is that many of its thousands of computers and Web sites are built to be accessible to outside researchers and contractors. Another reason is that the agency at times seems more concerned about minimizing public embarrassment over data theft than preventing breaches in the first place.

In 1998 a U.S.-German satellite known as ROSAT, used for peering into deep space, was rendered useless after it turned suddenly toward the sun. NASA investigators later determined that the accident was linked to a cyber-intrusion at the Goddard Space Flight Center in the Maryland suburbs of Washington. The interloper sent information to computers in Moscow, NASA documents show. U.S. investigators fear the data ended up in the hands of a Russian spy agency.

[...]

The agency refers internally to its efforts to stop intrusions linked to China under the code name "Avocado," according to interviews. Despite this formal recognition of the problem, at least some senior NASA officials have seemed determined publicly to minimize the seriousness of the security threat.

--------------------------------

The breaches keep happening...and happening ...and happening. Check out the full article for all the details.

2 comments:

  1. Thanks! I was doing some research on Titan Rain for a paper, and the BusinessWeek link was not just timely, it was absolutely helpful.

    ReplyDelete
  2. Thanks Jessica! Just remember that "Titan Rain" was the name used back in 2003...but it has most likely been given a new classified name now.

    Avocado is the name used by NASA internally for breaches (as stated by BusinessWeek) and might include probes from non-Chinese sources - that is something you might want to verify before connecting it to Titan Rain of 2003.

    http://en.wikipedia.org/wiki/Titan_Rain

    ReplyDelete