International Space Station Infected With USB Flash Drive Malware Carried on Board by Russian Astronauts

Software security expert Eugene Kaspersky recently admitted that the International Space Station was infected by a USB flash drive into space by a Russian astronaut. The Russian security expert Eugene Kaspersky has also told journalists that the infamous Stuxnet had infected an unnamed Russian nuclear plant and that in terms of cyber-espionage “all the data is stolen globally… at least twice.” Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not go into detail on the impact of the infection on operations of the International Space Station (ISS). Kaspersky said he had been informed that occasional there were “virus epidemics” on the station.

Kaspersky didn’t give any additional details about when the infection he was told about actually took place, but it appears as if it was before May 2013 when the United Space Alliance, the group which oversees the operation of the ISS, moved all systems entirely to Linux to make them more “stable and reliable.” Prior to this move the “dozens of laptops” used on board the space station had been using Windows XP, which is inherently more vulnerable to infection from malware than Linux. According the representatives from Kaspersky the infections occurred on laptops used by scientists who used Windows as their main platform and carried USB flash drives into space when visiting the ISS. The ISS’s control systems (known as SCADA systems) were already running various flavors of Linux prior to this switch for laptops last May. According to a report on ExtremeTech, as far back as 2008 a Windows XP laptop was brought onto the ISS by a Russian astronaut infected with the W32.Gammima.AG worm, which quickly spread to other laptops on the station – all of which were running Windows XP.

The Russian said this example shows that no being connected to the internet does not prevent you from being infected. In another example, Kaspersky revealed that an unnamed Russian nuclear facility, which is also cut off from the public internet, was infected with the infamous Stuxnet malware. Quoting an employee of the plant, Kaspersky said: “Their nuclear plant network which was disconnected from the internet … was badly infected by Stuxnet. So unfortunately these people who were responsible for offensive technologies, they recognize cyber weapons as an opportunity.”

Stuxnet is considered one of the most infamous strains of malware ever created, though it was never designed to come to the attention of the public. Never officially confirmed by any government, the widely held belief is that Stuxnet was created by both the US and Israeli governments to target and disable the Natanz nuclear enrichment facility in Iran, in a bid to disrupt the country’s development of nuclear weapons. The malware was originally introduced to the Natanz facility, which is also disconnected from the internet, through a USB flash drive and went on to force centrifuges to spin out of control and cause physical damage to the plant. The Stuxnet malware became known to the public when an employee of the Natanz facility took an infected work laptop home and connected to the internet, with the malware quickly spreading around the globe infecting millions of PCs.

Kaspersky went on to tell the Press Club that creating malware like Stuxnet, Gauss, Flame and Red October is a highly complex process which would cost up to $10 million to develop. Speaking about cyber-crime Kaspersky said that half of all criminal malware currently available was originally written in Chinese, with a third written in either Spanish or Portuguese. Kaspersky added that Russian-based malware was the next in line in terms of danger, but that it was also the most sophisticated. He also added that Chinese malware authors were not very interested in security with some adding social media accounts and personal photos on servers hosting the malware.