Russia’s ‘Sandworm’ Hack Has Been Spying on Foreign Governments for Years


Illustration: Patrick George/Getty Images

Patrick George/Getty



A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.


The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista.


Although iSight only has a small view of the number of victims targeted in the campaign, the victims include among others, the North Atlantic Treaty Organization, Ukrainian and European Union governments, energy and telecommunications firms, defense companies, as well as at least one academic in the US who was singled out for his focus on Ukrainian issues. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders from Europe and elsewhere each year.


It appears Sandworm is focused on nabbing documents and emails containing intelligence and diplomatic information about Ukraine, Russia and other topics of importance in the region. But it also attempts to steal SSL keys and code-signing certificates, which iSight says the attackers probably use to further their campaign and breach other systems.


The researchers dubbed the operation “Sandworm” because the attackers make multiple references to the science fiction series Dune in their code. Sandworms, in the Frank Herbert books, are desert creatures on the planet Arrakis who are worshipped as god-like entities.


iSight is not the first to spot the attackers in the wild. Other security firms, including F-Secure in Finland, have uncovered victims over the years. But iSight was able to tie various attacks together to expose commonalities in the five-year campaign. It was encoded references to Dune—which appear in URLs for the attackers’ command-and-control servers—that helped tie some of the attacks together. The URLs include base64 strings that when decoded translate to “arrakis02,” “houseatreides94,” and “epsiloneridani0,” among others.


“Some of the references were very obscure so whoever was writing the malware was a big Dune geek,” says John Hultquist, senior manager for iSight’s Cyber Espionage Threat Intelligence team.


The zero-day vulnerability used in some of the attacks was spotted in early September. The attackers use it to infect victims with malicious attachments, primarily PowerPoint files. iSight Partners has been working with Microsoft to fix the problem, a patch for which is being released today.


The zero-day affects the way Windows handles PowerPoint files and allows the attackers to execute remote code on targeted systems. When a victim clicks on a malicious PowerPoint file, the exploit in the file installs a malicious executable that opens a backdoor onto the system.


“They’ve had a high degree of success in terms of infiltration based on the use of the zero day,” says Hultquist.


Some Sandworm attacks also use five older vulnerabilities that have already been patched. The exploits are used to install various versions of BlackEnergy, a malicious tool used by cybercriminals. The tool gained notoriety in 2008 when botnets infected with the malware were used to launch denial-of-service attacks against systems in Georgia during a standoff between that country and Russia.


Researchers at iSight say the use of conventional criminal malware has helped the attackers blend in with other operations and remain under the radar, since any victims who uncovered infections probably believed their computers had been infected for a botnet to be used by spammers.


The first variant of BlackEnergy was created by a Russian national named Oleksiuk Dmytro, with limited functionality as a DDoS tool. A subsequent variant included modules for stealing banking credentials, though Dmytro has always denied involvement in developing later versions of the tool. The Sandworm team appears to be using the malware to collect intelligence. The researchers say their use of BlackEnergy indicates a link between the attackers and the criminal underground, although their campaign is more sophisticated.


The researchers have found samples of the malware that are built to communicate through the internal proxy servers on a victim’s network. Many companies install proxies between internal systems and the Internet to protect those internal systems and enforce internet usage policies. Outgoing communication gets routed through the servers, which use private internal IP addresses that are not advertised to the outside world. The researchers found proxy addresses belonging to victim networks coded into the malware to allow them to exfiltrate stolen data to their command-and-control servers. The attackers had obviously done reconnaissance and knew the layout of the internal network to know how to get the stolen data out.


“Some people might think they’re run-of-the-mill criminals,” says Hultquist. “But they’re not going after credentials. They want knowledge that only a few people can use. That’s security-related information and diplomatic information and intelligence on NATO and Ukraine and Poland.”


Two details of Sandworm lead the iSight Partners to conclude it’s originating from Russia, possibly as a state-sponsored operation. First, files used for the command-and-control servers are written in Russian; and second, the victims targeted and the type of information used to lure them into clicking on malicious attachments focus on topics that would be of interest to Russia’s adversaries. One attachment purports to be a list of pro-Russia “terrorists” that the victim is invited to view.


Other victims have been targeted with emails purporting to provide information about military and intelligence operations directed against Russia. In 2013, NATO was targeted with a phishing document focused on European diplomacy, and a Polish energy firm was targeted with an attachment purporting to be about shale gas. Earlier this year, high-level government officials attending the GlobSec conference in Bratislava, Slovakia, were targeted with a malicious email purporting to come from conference organizers. Ukrainian Prime Minister Arseniy Yatsenyuk and Vitali Klitschko, former heavyweight boxing champion and a candidate for the post of mayor of Kiev, were scheduled to attend the conference but cancelled at the last minute.



Russia’s ‘Sandworm’ Hack Has Been Spying on Foreign Governments for Years


Illustration: Patrick George/Getty Images

Patrick George/Getty



A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.


The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista.


Although iSight only has a small view of the number of victims targeted in the campaign, the victims include among others, the North Atlantic Treaty Organization, Ukrainian and European Union governments, energy and telecommunications firms, defense companies, as well as at least one academic in the US who was singled out for his focus on Ukrainian issues. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders from Europe and elsewhere each year.


It appears Sandworm is focused on nabbing documents and emails containing intelligence and diplomatic information about Ukraine, Russia and other topics of importance in the region. But it also attempts to steal SSL keys and code-signing certificates, which iSight says the attackers probably use to further their campaign and breach other systems.


The researchers dubbed the operation “Sandworm” because the attackers make multiple references to the science fiction series Dune in their code. Sandworms, in the Frank Herbert books, are desert creatures on the planet Arrakis who are worshipped as god-like entities.


iSight is not the first to spot the attackers in the wild. Other security firms, including F-Secure in Finland, have uncovered victims over the years. But iSight was able to tie various attacks together to expose commonalities in the five-year campaign. It was encoded references to Dune—which appear in URLs for the attackers’ command-and-control servers—that helped tie some of the attacks together. The URLs include base64 strings that when decoded translate to “arrakis02,” “houseatreides94,” and “epsiloneridani0,” among others.


“Some of the references were very obscure so whoever was writing the malware was a big Dune geek,” says John Hultquist, senior manager for iSight’s Cyber Espionage Threat Intelligence team.


The zero-day vulnerability used in some of the attacks was spotted in early September. The attackers use it to infect victims with malicious attachments, primarily PowerPoint files. iSight Partners has been working with Microsoft to fix the problem, a patch for which is being released today.


The zero-day affects the way Windows handles PowerPoint files and allows the attackers to execute remote code on targeted systems. When a victim clicks on a malicious PowerPoint file, the exploit in the file installs a malicious executable that opens a backdoor onto the system.


“They’ve had a high degree of success in terms of infiltration based on the use of the zero day,” says Hultquist.


Some Sandworm attacks also use five older vulnerabilities that have already been patched. The exploits are used to install various versions of BlackEnergy, a malicious tool used by cybercriminals. The tool gained notoriety in 2008 when botnets infected with the malware were used to launch denial-of-service attacks against systems in Georgia during a standoff between that country and Russia.


Researchers at iSight say the use of conventional criminal malware has helped the attackers blend in with other operations and remain under the radar, since any victims who uncovered infections probably believed their computers had been infected for a botnet to be used by spammers.


The first variant of BlackEnergy was created by a Russian national named Oleksiuk Dmytro, with limited functionality as a DDoS tool. A subsequent variant included modules for stealing banking credentials, though Dmytro has always denied involvement in developing later versions of the tool. The Sandworm team appears to be using the malware to collect intelligence. The researchers say their use of BlackEnergy indicates a link between the attackers and the criminal underground, although their campaign is more sophisticated.


The researchers have found samples of the malware that are built to communicate through the internal proxy servers on a victim’s network. Many companies install proxies between internal systems and the Internet to protect those internal systems and enforce internet usage policies. Outgoing communication gets routed through the servers, which use private internal IP addresses that are not advertised to the outside world. The researchers found proxy addresses belonging to victim networks coded into the malware to allow them to exfiltrate stolen data to their command-and-control servers. The attackers had obviously done reconnaissance and knew the layout of the internal network to know how to get the stolen data out.


“Some people might think they’re run-of-the-mill criminals,” says Hultquist. “But they’re not going after credentials. They want knowledge that only a few people can use. That’s security-related information and diplomatic information and intelligence on NATO and Ukraine and Poland.”


Two details of Sandworm lead the iSight Partners to conclude it’s originating from Russia, possibly as a state-sponsored operation. First, files used for the command-and-control servers are written in Russian; and second, the victims targeted and the type of information used to lure them into clicking on malicious attachments focus on topics that would be of interest to Russia’s adversaries. One attachment purports to be a list of pro-Russia “terrorists” that the victim is invited to view.


Other victims have been targeted with emails purporting to provide information about military and intelligence operations directed against Russia. In 2013, NATO was targeted with a phishing document focused on European diplomacy, and a Polish energy firm was targeted with an attachment purporting to be about shale gas. Earlier this year, high-level government officials attending the GlobSec conference in Bratislava, Slovakia, were targeted with a malicious email purporting to come from conference organizers. Ukrainian Prime Minister Arseniy Yatsenyuk and Vitali Klitschko, former heavyweight boxing champion and a candidate for the post of mayor of Kiev, were scheduled to attend the conference but cancelled at the last minute.



The Google Doctor Is a Reminder of How Badly the Internet Does Real Medicine


google-doctor-inline

David Sacks/Getty



Let’s be honest: Healthcare on the internet still doesn’t work.


Two decades since the dawn of the web, you’d think the best tool ever invented for connecting people with information—and each other—would offer better ways to practice medicine. Instead, a Google search for nearly any health issue results in a cascade of SEO-optimized link bait—symptom lists and forums presided over by the uninformed. Instead of internet medicine, we have cyber-chondria.


Now, Google is trying out a new tool that could finally offer a direct online connection to legitimate medical advice. Some symptom-searchers will get the chance to video-chat with a live, degree-having doctor about their issues. If it works, it could provide a path out of the tangle of misinformation saturates so many sites. More than anything, however, the experiment highlights just how hard it is to do real medicine on the internet.


google_doctor

jasonahoule/Reddit



News of the doctor-chat tool first surfaced on Reddit, where a user posted a screenshot of a “talk with a doctor” link that appeared at the top of search results for knee pain. Google later confirmed that it was offering the tool as part of a trial in its Helpouts live video advice service.


“When you’re searching for basic health information—from conditions like insomnia or food poisoning—our goal is provide you with the most helpful information available,” Google told Gizmodo. “We’re trying this new feature to see if it’s useful to people.”


The key concept in Google’s statement is “the most helpful information available.” It’s a tacit acknowledgement that most searches for symptoms and ailments on Google result in information that’s not that useful. And for Google, that’s a problem. People aren’t about to stop Googling for “vague tingling in my left arm” anytime soon. But over time, users will start turning to other sites that show they can do a better job at telling you whether that tingling means you just need to take a typing break or drop everything and go to the ER because you’re having a heart attack.


Reliable Sources


Of utmost concern for Google is Facebook, which is reportedly experimenting with its own health care services. As a social platform, Facebook is already more intuitively designed to provide users with professional-grade medical information by connecting them with real medical professionals. Google’s video-chat option is a far less natural fit for the company’s search-driven, web-based Knowledge Graph. Google has thrived because it’s really good at sorting information that’s already out there, not at getting people to look up that information for you.


Aside from the question of how much a doctor can really tell you without seeing you in person, the effectiveness of Googling an M.D. will depend on how well it scales. The world couldn’t possibly have enough doctors to personally advise everyone every time they Google for “eye twitch” or “calf rash.” Google may eventually charge for the service, which shrink the pool of potential users. But once you’re paying for a doctor’s time online, why not just go to the doctor?


The lack of good health care options on the internet is in part a consequence of the sheer complexity of connecting so many pieces (doctors, patients, insurers, regulators) and addressing so many issues (privacy, quality, liability, affordability) all at once. Eventually, tech companies will figure out the limits of what works in online medicine, though the process is already taking eons on the super-compressed time scale of internet. One limit, however, is already self-evident: To do medicine well, doctors often have to be able to reach out and touch someone for real.



Dreaming a Different Apollo


1973 HC-410b

NASA



Apollo didn’t die; it was killed. The Apollo Program might have continued for many years, evolving constantly to achieve new goals at relatively low cost. Instead, programs designed to give Apollo a future beyond the first lunar landing began to feel the brunt of cuts even before Neil Armstrong set foot on the moon. By the time Apollo drew to its premature conclusion – the final mission to use Apollo hardware was the joint U.S,-Soviet Apollo-Soyuz Test Project (ASTP) mission of July 1975 – NASA was busy building a wholly new space program based on the Space Shuttle. Throwing out the Apollo investment and starting over with Shuttle was incredibly wasteful both in terms of learned capabilities and money.


Apollo as we knew it included over its seven-year series of flights a total of six basic major hardware elements. They were: the Saturn V rocket, available in three-stage and two-stage varieties; the two-stage Saturn IB rocket; the Apollo Command and Service Module (CSM) workhorse spacecraft; the Apollo Lunar Module (LM) moon lander; the Skylab orbital workshop; and the ASTP Docking Module (DM).


Apollo missions 1, 2, and 3 either did not fly (in the case of Apollo 1, which killed astronauts Gus Grissom, Edward White, and Roger Chaffee on 27 January 1967) or were cancelled (in the case of Apollo 2 and Apollo 3). Flown missions began with Apollo 4, the first unmanned test of the Saturn V rocket (9 November 1967). Apollo 5 was a Saturn IB-launched unmanned Lunar Module (LM) test. Apollo 6 was a second unmanned Saturn V rocket test.


All subsequent Apollo and Apollo follow-on missions save one were launched bearing three-man crews. Apollo 7 (11-22 October 1968), the first piloted Apollo flight, was a Saturn IB-launched Earth-orbital CSM-only mission. In large measure, it accomplished the mission originally planned for Apollo 1. Apollo 8 (21-27 December 1968) was a Saturn V-launched lunar-orbital CSM-only mission; Apollo 9, a Saturn V-launched, Earth-orbital CSM/LM test. Apollo 10 was a lunar-orbital dress rehearsal for Apollo 11 (16-24 July 1969), the first piloted lunar landing.


SaturnV VABb

NASA



NASA gave alphanumeric designations to the Apollo missions; Apollo 8 was, for example, designated C-prime. Apollo 11 was the first and only G-class mission. The Apollo 11 moonwalk lasted a little over two hours and the crew remained on the moon for only 22 hours. Though momentous (and the signal to most people that Apollo could end), Apollo 11 was mainly a full-up engineering test of the Apollo lunar mission system from Earth launch to Earth splashdown and post-mission quarantineh. It paved the way for the H-class missions: Apollo 12 (H-1) which, after a pinpoint landing near the unmanned Surveyor III lander, included a 32-hour surface stay and two moonwalks; Apollo 13 (H-2), the “successful failure” (as NASA called it) which through adversity hinted at Apollo’s untapped potential; and Apollo 14 (H-3), which included the longest lunar surface traverse on foot of the Apollo Program.


NASA originally planned for Apollo 15 to be H-4, but upgraded it to J-1 after NASA Administrator Thomas Paine, in an ill-advised attempt at horse-trading with the Nixon White House, cancelled one H mission and one J mission. J missions included LMs with longer landing hover times, lunar surface stays of about three days, improved space suits supporting up to four moonwalks, and a lunar Roving Vehicle (LRV). Individual moonwalk duration was stretched to almost eight hours, in part because of suit improvements, but also because riding the LRV reduced astronaut metabolic rates; seated, they used less oxygen and cooling water than when on foot. Apollo 16 was called J-2 and Apollo 17 (7-19 December 1972), the last piloted lunar mission of the 20th century, was J-3.


Apollo 17 saw the final flight of the LM and the three-stage Saturn V. Six months after it abandoned the moon, NASA launched Skylab 1, the first and only Skylab Orbital Workshop, on the first and only two-stage Saturn V to fly. Three Saturn IB rockets each launched a CSM bearing three men to Skylab 1 for stays of up to 84 days. They lifted off from a makeshift raised platform (“the milkstool”) on Saturn V Pad 39B.


Eighteen months after the Skylab 4 CSM returned to Earth, the last Saturn IB launched the last CSM, designated only “Apollo,” into low-Earth orbit for a meet-up with a Soviet Soyuz spacecraft. The first and only Docking Module, an airlock that enabled crews to move safely between the incompatible atmospheres of the Apollo and Soyuz spacecraft, rode inside the tapered shroud that linked the bottom of the CSM to the top of the Saturn IB’s S-IVB second stage. The Apollo turned end for end, docked with the DM, withdrew it from the shroud, and began maneuvers that would lead to the first international docking in space.


On 24 July 1975, six years to the day after Apollo 11 returned from the moon, the ASTP Apollo parachuted to a splashdown in the Pacific, ending all use of Apollo rockets and spacecraft. A second Skylab workshop was placed on display in the National Air & Space Museum in Washington, DC. Two Saturn Vs, one of which might have launched the second Skylab, and an assortment of Saturn IB rockets, CSMs, and LMs were parceled out to museums or scrapped.


President Lyndon Baines Johnson, a NASA supporter (in 1958, as Senate Majority Leader, he had been instrumental in its creation), had predicted Apollo’s premature end. In 1967, Congress slashed the $450 million he requested to start the Apollo Applications Program (AAP) to just $122 million. AAP – which would rapidly shrink to become the Skylab Program – was intended to exploit Apollo hardware and operational experience to accomplish new lunar and Earth-orbital missions. As news of the deep cuts in his AAP request reached the White House, Johnson mused that, “the way the American people are, now that they have all this capability, instead of taking advantage of it, they’ll probably just piss it all away.”


What if Johnson had got it wrong? What if, somehow, Americans cared more about space exploration and so sought to wring from their $24-billion Apollo investment everything they could?


The Soviet Union for many years numbered its Soyuz missions consecutively regardless of changes in spacecraft purpose and design. If Apollo had been allowed to survive and thrive, perhaps the United States would have adopted a similar numbering policy, ultimately yielding impressively high alphanumeric mission designation numbers.


What follows is an unabashed exercise in alternate history speculation (and, above all, shameless wishful thinking). It is based on actual NASA and contractor plans described elsewhere in Beyond Apollo (see the links at the bottom of this post) and is written as though the events it recounts actually occurred.


One word of caution: in order to simplify an already complex timeline, I have ignored the possibility of accidents. Spaceflight is risky, yet in this alternate history timeline all missions occur exactly as planned. The likelihood that every mission described below would come off as planned, with no mishaps or outright disasters, would in fact be small.


1971-1972


Because no one sought to kill Apollo, Paine felt no urge to trade away two Apollo missions in the vain hope that the Nixon White House would support his plans for a large Earth-orbital space station. This meant that Apollo 15 remained H-4. The first J mission (J-1) was Apollo 16 and Apollo 17 was J-2.


Apollo Earth-orbital space station flights began in late 1971. Apollo 18 was the unmanned launch of the first two-stage Saturn V bearing a temporary Earth-orbiting space station. In keeping with NASA’s old penchant for program names from Greek and Roman mythology, the station was dubbed Olympus 1. The Olympus name had a heritage in the world of space station planning going back to the early 1960s. The Apollo-derived Olympus station resembled Skylab, but lacked its side-mounted Apollo Telescope Mount and “windwill” solar arrays and included more internal decks.


Apollo 19, the first K-class Earth-orbital CSM, lifted off on a Saturn IB from Launch Complex 34 with three astronauts on board. K-class CSMs included batteries in place of fuel cells, an electricity umbilical linking it to the Olympus station power system, a retractable main engine bell, extra storage compartments in the Command Module (CM) capsule, an option to install up to two extra crew couches, a pair of small steerable dish antennas, a reduced main-engine propellant supply, and modifications enabling it to remain semi-dormant attached to an Olympus station for up to six months. Apollo 19 remained docked to Olympus 1′s axial (“front”) docking port while its crew worked on board the station for 28 days – twice as long as any previous U.S. crew. The Apollo 20 (K-2) crew subsequently demolished Apollo 19′s new record by living on board Olympus 1 for 56 days.


Apollo 21 (I-1), a Saturn V-launched mission to lunar polar orbit, marked the start of a new phase of Apollo lunar exploration. Two astronauts orbited the moon for 28 days in a CSM with an attached Lunar Observation Module (LOM) in place of an LM. The astronauts charted the moon’s surface in great detail to enable scientists and engineers to select future Apollo landing sites and traverse routes.


Apollo 22 (K-3) delivered another three-man crew to Olympus 1 for a 112-day stay, doubling Apollo 20′s stay-time. Ninety days into their mission, the two-man Apollo 23 (K-4) CSM docked at Olympus 1′s single radial (“side”) docking port for 10 days. One of the Apollo 23 astronauts was a medical doctor; he conducted health evaluations of the Apollo 22 crew. If any member of the Apollo 22 crew had been found to be unhealthy, then all would have returned to Earth in either their own Apollo 22 CSM or with the Apollo 23 crew in its CSM, which included three extra couches. As it turned out, the Apollo 22 astronauts were in good shape and high spirits, so NASA authorized continuation of their mission to its full planned duration. Before returning to Earth, the Apollo 22 crew used their CSM’s main engine to boost Olympus 1 to a higher orbit, postponing its reentry by up to 10 years.


NASA referred to the Apollo 22 crew as the third Olympus 1 resident crew and the Apollo 23 crew as the first Olympus 1 visitor crew. The full alphanumeric designations for Apollos 22 and 23 were O-1/K-3/R3 and O-1/K-4/V1, respectively. Most people did not pay attention to those designations, however, being satisfied to call the missions by their Apollo numbers.


1973


NASA ordered 15 Saturn V rockets for the Apollo Program. In 1968, NASA Deputy Administrator for Manned Space Flight George Mueller asked NASA Administrator James Webb for permission to order more Saturn V rockets. With budgets for post-Apollo space programs already under fierce attack, Webb rejected Mueller’s request. In our alternate timeline, Webb’s answer was different. Apollo 24 (J-3) used the last Saturn V of the original Apollo buy. This fact aroused only passing interest, however, since in our alternate timeline no one considered halting the Saturn V assembly lines. Apollo 25 (J-4) launched atop the first new-buy Saturn V, the 16th Saturn V to be built.


Apollos 24 and 25 together explored a single scientifically interesting landing site. Apollo 25 also carried out technology experiments. Two months after the Apollo 24 ascent stage departed the site, the Apollo 25 LM landed about a kilometer away from the derelict Apollo 24 descent stage. The Apollo LM descent engine kicked up potentially damaging dust during landing, so the Apollo 25 astronauts inspected Apollo 24′s descent stage, LRV, and ALSEP experiments to determine whether a one-kilometer landing separation distance was adequate. Apollo 25 also deployed an experimental solar array and a small battery-driven remote-controlled rover. Controllers on Earth drove the small rover several hundred meters over the next two months.


Apollo 26 (O-2) was the Saturn V launch of the Olympus 2 space station. It lifted off from Pad 39C, a new Complex 39 launch pad north of the existing 39A and 39B pads at Kennedy Space Center (KSC), Florida. 39C was designed for both Saturn V and Saturn IB launches, putting NASA on track to retiring the Complex 34 Saturn IB pad located south of Kennedy Space Center, inside Cape Canaveral Air Force Station. Soon after Olympus 2 reached orbit, the last Saturn IB to use Complex 34 launched Apollo 27 (O-2/K-5/R1). Its epic mission: to stretch the world spaceflight endurance record to 224 days.


Over the course of the Apollo 27 mission, NASA launched four unmanned Saturn IB rockets with Centaur upper stages. Two lifted off from Pad 39C and two from newly upgraded Pad 39A. Each boosted into geostationary orbit one Radio/TV Relay Satellite (RTRS); three operational satellites and a spare. Olympus 2 thus became the first space station capable of uninterrupted voice, data, and TV contact with Mission Control at the Johnson Space Center in Houston, Texas, and Payload Control at the Marshall Space Flight Center in Huntsville, Alabama.


The Saturn IB-launched Apollo 28 CSM lifted off from Pad 39C 45 days into the Apollo 27 crew’s stint on board Olympus 2. The six-day, three-person mission, designated O-2/K-6/V1, included the first female U.S. astronaut.


Apollo 29 (O-2/K-7/V2), another 6-day, three-person mission, reached Olympus 2 110 days into the Apollo 27 mission. It included the first non-American to fly on a U.S. spacecraft.


1974


Apollo 30 (O-2/K-8/V3), a 10-day, two-person mission nearly identical to Apollo 23, reached Olympus 2 about 180 days into the Apollo 27 mission. The Apollo 27 astronauts proved to be in good health, so NASA authorized that their mission continue to its full planned duration. The Apollo 30 crew returned to Earth in Apollo 27′s CSM, leaving behind their fresh CSM for the long-duration astronauts.


Just before the Apollo 27 crew ended their record-setting stay in space – a record that would hold for more than a decade – the unmanned Apollo 31 Saturn V launched a pair of modified RTRS satellites (one operational and one spare) into a loose orbit around the quasi-stable Earth-moon L2 point, 33,000 miles beyond the moon. When NASA launched Apollo 34 (J-5) to the moon’s Farside hemisphere, out of sight of Earth, the satellites provided continuous radio, data, and TV communication with both the orbiting CSM while it orbited over the Farside hemisphere and the LM parked on the Farside surface.


The Apollo 32 (O-3) Saturn V launched Olympus 3 – intended to be the first “long-life” space station – from Pad 39A. It included three equally spaced radial docking ports, expanded solar arrays, and guest living quarters. The next day, the three-man Apollo 33 (O-3/K-9/R1) crew lifted off from Pad 39C to begin a 180-stay on board the station. One hundred and eighty days became the standard duration for later Olympus station missions. The Apollo 27 crew had remained on board Olympus 2 for 224 days so that NASA could have in place a “cushion” of biomedical knowledge in the event that a 180-day mission had to be extended; for example, if a resident crew’s CSM proved faulty when time came to return to Earth and a rescue had to be mounted.


Apollo 34 (J-5) was the first piloted mission to the moon’s hidden Farside. The last of the J-class lunar landing missions, its crew included the first woman on the moon.


Olympus 3 could support visiting crews for longer periods, so Apollo 35 (O-3/K-10/V2) became the first 10-day, three-person visitor mission. It delivered the first Cargo Carrier (CC-1) to Olympus 3 60 days into the Apollo 33 mission. Drum-shaped CC-1 rode to orbit inside the segmented shroud between the top of the Saturn IB’s S-IVB second stage and the bottom of the Apollo CSM. After S-IVB shutdown, the Apollo 35 crew separated their CSM from the shroud, which peeled back in four parts and separated from the stage. They then turned their CSM end-for-end to dock with CC-1′s “outboard” docking port and detached the carrier from the S-IVB.


The Apollo 35 CSM docked with one of Olympus 3′s three radial ports using CC-1′s “inboard” docking port. Its crew then entered the station through the cargo module’s meter-wide central tunnel. When their visit with the Apollo 33 crew drew to an end 10 days after it began, they undocked their CSM from CC-1, leaving it attached to Olympus 3 so that it could serve as a “pantry” or “walk-in closet.”


The crew of Apollo 36 (O-3/K-12/V3), another 10-day, three-person visitor mission to Olympus 3, included a black Commander. When they arrived at the station 120 days into the Apollo 33 mission, they docked with CC-1′s outboard port. When time came to return to Earth, they undocked CC-1′s inboard port from Olympus 3. Following their deorbit burn, they undocked their CSM from CC-1′s outboard port and performed a small separation maneuver. CC-1, packed with trash, burned up in Earth’s atmosphere, and the Apollo 36 CM capsule splashed down in the Pacific.


1975


The Apollo 32 resident crew undocked from Olympus 3 and returned to Earth, and two days later the Apollo 37 CSM arrived with Olympus 3′s second resident crew and, on its nose, a hefty telescope module. The crew docked the telescope module to the radial port on the side of Olympus 3 opposite the port used for Cargo Carriers, then undocked from the telescope module’s outboard port and redocked with Olympus 3′s axial port. Olympus 3 thus became the world’s first multi-modular space station.


Attention then shifted back to the lunar track of the on-going Apollo Program. Apollo 38 (L-1A) saw an unmanned, uprated Saturn V rocket launch directly to the lunar surface an LM-derived Lunar Cargo Carrier (LCC-1) bearing a Dual-Mode Lunar Rover (DMLR). Apollo 40 (L-1B) launched an Augmented CSM (ACSM) and the first Augmented Lunar Module (ALM). The ACSM remained in continuous contact with Earth over the moon’s Farside hemisphere through the RTRS satellites at Earth-moon L2. The ALM descended to a landing within about a kilometer of the Apollo 38 LCC-1. The astronauts deployed the DMLR and drove it on five traverses during their one-week stay on the moon. They then reconfigured it for Earth-guided operation. After the DMLR retreated to a safe distance, the Apollo 40 ALM ascent stage ignited to return the crew to the orbiting ACSM and, subsequently, to Earth.


The DMRV then began a 500-kilometer overland trek to the next planned Apollo landing site. As it moved slowly over the rugged surface, it imaged its surroundings at high resolution and occasionally stopped to collect an intriguing rock or a scoop of dirt. The next ALM crew, set to land next to a pre-landed LCC in 1976, would retrieve the DMLR’s samples for return to Earth, reconfigure the DMLR for driver use, explore their landing site, then reconfigure the DMLR again for Earth-guided operation.


Sandwiched between Apollo 38 and Apollo 40 was Saturn IB-launched Apollo 39, a routine 10-day visitor mission to Olympus 3 bearing Cargo Carrier-2. Apollo 39 docked CC-2′s inboard port with one of the two unoccupied radial Olympus 3 docking ports.


The Apollo 41 CSM docked with the third Olympus 3 radial port bearing the station’s third resident crew. The start of their mission overlapped the end of the Apollo 37 resident crew’s 180-day stay in space. The handover marked the start of Olympus 3′s continuous occupation, which lasted until shortly before the station was deorbited in 1979.


Apollo 42, another 10-day visitor mission to Olympus 3, docked at the Cargo Carrier-2 outboard port and, when they returned to Earth, deorbited it over the Pacific Ocean. Apollo 43, the second 10-day mission to visit the Apollo 41 resident crew, rounded out NASA’s 1975 piloted spaceflight schedule.


In our alternate timeline, NASA’s Apollo-based piloted space program is hitting its stride. Earth-orbital operations are becoming routine; lunar-surface operations, for their part, will continue to evolve. In our timeline, Apollo has already drawn to its ill-considered close. For us, Apollo would surface again twice before the first Space Shuttle flight in April 1981: in September 1977, when NASA was compelled by funding cuts to shut off the science instruments the six Apollo lunar landing crews had left behind on the moon; and in July 1979, when Skylab reentered Earth’s atmosphere, pelting Australia with debris.


References


A Forgotten Rocket: The Saturn IB


Project Olympus (1962)


Before the Fire: Saturn-Apollo Applications (1966)


Assuming Everything Goes Perfectly Well: NASA’s 26 January 1967 AAP Press Conference (1967)


Ending Apollo (1968)


Cancelled: Apollo 15 and Apollo 19 (1970)


McDonnell Douglas Phase B 12-Man Space Station (1970)


Five Options for NASA’s (Lunar) Future (1970)


Apollo Returns to Its Earth-Orbital Roots (1971)


A 1971 Plan for an Evolutionary Interim Space Station Program


Skylab Rescue Plan (1972)


NASA Marshall’s Skylab Reuse Study (1977)



The 9 Must-Have Items We Saw at New York Comic Con





Last week’s New York Comic Con was the usual grab bag of pop culture detritus. Hollywood hype carried opening day as newlywed George Clooney crashed the party to plug his role in Tomorrowland (and apologize for the nipples on his anatomically correct batsuit back in 1997). He was forgiven, and the teaser trailer went viral. Scholars who braved the congested menagerie—150,000, if you believe the promoters—were rewarded with a full slate of panel discussions on topics ranging from the practical (How to Survive in a Dystopian World) to the whimsical (Harry Potter: The Art of Wand Dueling). And, as always, there was cosplay galore: mild-mannered adults in tights, posing for photographs with strangers, each one a case study in sexual sublimation. Lots of disposable swag, too, mostly promo posters that nobody wanted, enough littering the Javits Center floor to start another landfill in Staten Island.

All of that, however, was just window dressing. Operating beneath the sugarcoated veneer of Q&As and colorful latex costumes was a shadow economy of considerable proportions. Forbes reported that up to $20 million changed hands on the Javits floor during NYCC 2012. Two years later, that figure seems conservative. A complete set of Palitoy Star Wars figures (England, circa ‘70s), displayed in a glass case like Etruscan bronzes, was selling for $17,000. Big Fine Legs , a four-page story by the legendary underground artist R. Crumb, was firm at $65,000. Want a photo-op with a Comic Con stalwart like William Shatner or Lucy Lawless? That’s a bargain ($80 and $85 respectively) compared to a group shot with the cast of Star Trek: The Next Generation ($345). Want that photo autographed? Sorry, separate concession. For those on a budget, Ralph Maccio, Jerry Springer, six professional wrestlers, everyone remotely associate with The Walking Dead, and even Lucy Liu can be had for far less. We skipped the celebrity fluff altogether, and instead headed straight for the exhibit floor. Of all the merchandise that was up for grabs, these items most captured the collective imagination.