A malware infected computer of ISRO exposed India’s premier space research agency to hackers, claimed Indian and French security researchers on Sunday. The researchers also claimed that hackers could have taken control of ISRO’s command rocket launches using the vulnerability. Express has not been able to independently verify this claim.
The trojan malware, known as XtremeRAT, was detected in ISRO servers in December 2017 and was reported to the agency by an Indian researcher. ISRO reportedly responded and resolved the issue only after French researcher Robert Baptiste reached out to the agency on Twitter.
“ISRO in their conversation with me informed that that investigated and found a UTM login port that was not mapped internally to any systems.They claimed to have disabled that port for now,” said Baptiste quoting ISRO’s communication with him that Express has seen.
The XtremeRAT malware was found in ISRO’s Telemetry, Tracking and Command Networks (ISTRAC) that provides tracking support for all the satellite and launch vehicle missions of ISRO. “The malware was probably infected on a computer that had access to servers used for Tracking and Command (TTC) services that help launch vehicle lift-off till injection of a satellite. A computer which was probably used to command rocket launches and separation of a satellite. I say ‘probably infected’ because no one knows which computer was used,” said the Indian researcher in December 2017.
The researcher says he stumbled on the ISRO vulnerability while using the search engine Shodan, that lets users find specific types of computers connected to internet using a variety of filters. “If Shodan can be used for searching hacked sites, I thought, why not search for infected servers? I filtered it down to region and ISRO showed up in the scan results,” said the Indian researcher.ISRO has not yet responded to Express’ request for a comment on the issue.
Resercher says search engine Shodan led him to ISRO’s vulnerability. “I did not dig any further as anything beyond that will probably be illegal,” he added. So what is XtremeRAT? It’s a commercially available remote access Trojan (RATs) used by hackers to conduct cyber espionage. There are numerous RATs that are available for free and can be purchased online, mostly from hacker forums or the dark web. The malware allows the hacker to dig deep into a specific target’s servers and databases and even sell off the access rights of their victims’ systems and their data to others.
“If infected with a trojan, the attacker owns the computer. The hacker can command the computer to do absolutely anything he wants. He just has to use the Remote Desktop Protocol (RDP) to access a computer. Has there been a data loss? most likely yes,” says the Indian researcher. Express reached out to ISRO’s public relations officer for a confirmation but did not receive a response. The Indian researcher claims he also tried to reach out to ISRO multiple times but got no response. He reached out to Computer Emergency Response Team and they responded to his email saying they will look into the issue. “However, no action was taken. I was about to give up and then I thought of contacting Robert Baptiste. He tweeted about it and then they seemed to magically care about it as the issue was in the public,” he says. Researcher says, the malware has hit sectors like –Energy, utilities, and petroleum refining.