Inside the mysterious US satellite hacking case

Ground station denies hack, US cyber general baffled


Analysis The cause and perpetrators behind interference against two US scientific satellites remains unknown to American military commanders more than three years after the mysterious event.

The Congressional US-China Economic Security and Review Commission said in its latest annual report that two US-maintained environment-monitoring satellites experienced interference at least four times in 2007 and 2008. Draft versions of the dossier, seen prior to the publication of the completed report last Wednesday, suggested the interference came from a ground station in Spitsbergen, Norway, and paints China as the chief suspects behind the presumed attacks.

However the satellite services firm running the ground station told El Reg that there's no evidence of any attack against its systems. Separately the commander of US military space operations said that insufficient evidence made it impossible to confidently attribute blame over the possible attempts to take control of the Landsat-7 and Terra AM-1* satellites, which are both managed by NASA.

"The best information that I have is that we cannot attribute those two occurrences," said General Robert Kehler, commander of the U.S. Strategic Command, Reuters reports. "I guess I would agree that we don’t have sufficient detail."

Kehler made his comments during a conference call on cyber and space issues.

Earlier drafts of the commission's report traced the cause of the probe interference to the Norwegian ground station owned and run by Kongsberg Satellite Services (KSAT), which denied any occurrence of interference via its facilities. In response to queries by El Reg, the satellite services issued a statement saying a thorough investigation has turned up nothing amiss. Neither NASA, which maintains the satellites, nor regulators at the National Oceanic and Atmospheric Administration had complained, it added

The statement read:

KSAT has not experienced any attempt to enter into the company’s systems from outside sources. Furthermore, KSAT does not have any indication that hacking of satellites using the KSAT Svalbard station has taken place. A careful screening of our security systems has not indicated any attempts to access SvalSat from unauthorized sources.

We have not received any message from NASA that their satellites were hacked. To our knowledge, NASA has not observed any external, unauthorized access to their satellites.

The internet is occasionally used for distribution of x-band payload data received from the satellites to the end user. Hence, this communication channel cannot be an access point for unauthorized access if it had happened. Due to the layout of our communication systems it is not possible to access any NASA satellites from KSAT sources.

The US government, represented by NOAA, regularly inspects KSAT operation. Irregular activity has not been observed nor reported.

References to KSAT and Svalbard were removed from the commission's final report because, according to a KSAT spokesman, the hacking allegations were "unsubstantiated and no evidence has been found".

Despite this, the congressional committee report continues to argue that interference against the US satellites remains a threat. It says Chinese military doctrine advocates the use of techniques for disabling an enemy's ground-based satellite control facilities during a time of conflict.

China is now among the top few space powers in the world. China’s leadership views all space activities through the prism of comprehensive national power, using civil space activities to promote its legitimacy in the eyes of its people, to produce spin-off benefits for other industries, and for military-related activities. For example, China appears to be making great strides toward fielding regional reconnaissance-strike capabilities. China has also continued to develop its antisatellite capabilities, following up on its January 2007 demonstration that used a ballistic missile to destroy an obsolete Chinese weather satellite, creating thousands of pieces of space debris.

As a result, in April 2011, astronauts evacuated the International Space Station out of concern of a possible collision with this debris.

In addition, authoritative Chinese military writings advocate attacks on space-to-ground communications links and ground-based satellite control facilities in the event of a conflict. Such facilities may be vulnerable: in recent years, two U.S. government satellites have experienced interference apparently consistent with the cyber exploitation of their control facility.

The report says links between supposedly secure control networks and the internet offer a soft underbelly that's open to attack.

Malicious actors can use cyber activities to compromise, disrupt, deny, degrade, deceive, or destroy space systems. Exploitations or attacks could target ground-based infrastructure, space-based systems, or the communications links between the two.

Authoritative Chinese military writings advocate for such activities, particularly as they relate to ground-based space infrastructure, such as satellite control facilities.

Satellites from several U.S. government space programs utilize commercially operated satellite ground stations outside the United States, some of which rely on the public Internet for "data access and file transfers," according to a 2008 National Aeronautics and Space Administration quarterly report.

The use of the Internet to perform certain communications functions presents potential opportunities for malicious actors to gain access to restricted networks.

Next page: Chinese whispers

Similar topics


Other stories you might like

  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • Beijing-backed attackers use ransomware as a decoy while they conduct espionage
    They're not lying when they say 'We stole your data' – the lie is about which data they lifted

    A state-sponsored Chinese threat actor has used ransomware as a distraction to help it conduct electronic espionage, according to security software vendor Secureworks.

    The China-backed group, which Secureworks labels Bronze Starlight, has been active since mid-2021. It uses an HUI loader to install ransomware, such as LockFile, AtomSilo, Rook, Night Sky and Pandora. But cybersecurity firm Secureworks asserts that ransomware is probably just a distraction from the true intent: cyber espionage.

    "The ransomware could distract incident responders from identifying the threat actors' true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group," the company argues.

    Continue reading
  • Whatever hit the Moon in March, it left this weird double crater
    NASA probe reveals strange hole created by suspected Chinese junk

    Pic When space junk crashed into the Moon earlier this year, it made not one but two craters on the lunar surface, judging from images revealed by NASA on Friday.

    Astronomers predicted a mysterious object would hit the Moon on March 4 after tracking the debris for months. The object was large, and believed to be a spent rocket booster from the Chinese National Space Administration's Long March 3C vehicle that launched the Chang'e 5-T1 spacecraft in 2014.

    The details are fuzzy. Space agencies tend to monitor junk closer to home, and don't really keep an eye on what might be littering other planetary objects. It was difficult to confirm the nature of the crash; experts reckoned it would probably leave behind a crater. Now, NASA's Lunar Reconnaissance Orbiter (LRO) has spied telltale signs of an impact at the surface. Pictures taken by the probe reveal an odd hole shaped like a peanut shell on the surface of the Moon, presumably caused by the Chinese junk.

    Continue reading

Biting the hand that feeds IT © 1998–2022