NASA Confirms but China Denies Satellite ‘hacking’

Since I posted my previous item regarding my suspicions as to the validity of the claims of ‘interference’ with a US Government satellite there have a few more developments.

First NASA has come out and ‘confirmed’ the interference.

According to NASA PAO: “NASA experienced two suspicious events with the Terra spacecraft in the summer and fall of 2008. There was no manipulation of data, no commands successfully sent to the satellite, and no data captured. NASA notified the Department of Defense, which is responsible for investigating any attempted interference with satellite operations. While we cannot discuss additional details regarding the attempted interference, our satellite operations and associated systems and information are safe and secure.

Which if you read between the lines says absolutely nothing and denies everything. Just “two suspicious events” that caused no commands to be sent to any satellites, and no data changed or captured from a satellite. So what exactly constitutes a “suspicious event”? How the hell did we go from “suspicious event” to “OMG Hackers are controlling satellites!”?

This of course brings me right back to my original theory, that nothing of any significance actually happened, that some system got infected with malware and since that system was supposed to be air gapped and could control a satellite NASA had to inform DoD as a matter of protocol. So no satellites actually got ‘hacked’ and the cyber cold war continues as usual.

The second development is that China has denied all the accusations. Naturally. Specifically they claimed “This report is untrue and has ulterior motives. It’s not worth a comment,” which I agree with completely.

Rebuttal – “Hackers reportedly behind U.S. government satellite disruptions”

First some historical background, this is at least the third time I have seen a similar story over the last 15 years. “OMG ‘hackers’ can control a satellite”, the previous two times it turned out to be false. The first time I was one of the first people call the story suspect.

It is hard to find links that still work from 1999 but Reuters actually had to publish a retraction, if you can call it that

It reared its ugly head again a few years later and became “the second most mysterious unsolved cyber crime.” and it wasn’t even true. I have a blog post about that mess here with a some more supporting links.

I’ve seen similar stories pop up about once every five years or so, “OMG the world is gonna end, hackers control the skies, Aaarrrrggghhh!!!!” Remember the story a year or so ago where Taliban ‘hackers’ got control of a predator drone or some bullshit? When all it most likely was that they got a copy of the off the shelf control software, maybe. Never conclusively got the end of that one.

In all of these case there are similarities, blame some unknown entity, vague details and no verifiable information.

So lets look at this story. The accusation comes from some anonymous report, ok, ok, not actually anonymous but from the U.S.-China Economic and Security Review Commission. Hmmm, think they have an interest in pointing fingers? And I don’t see any actual names on the report (admittedly I haven’t looked to hard) So, first they blame China, naturally, who else you going to blame? They don’t blame kids in basements anymore, there is no profit motive in controlling satellites (well, unless you can keep control) so cyber criminals are right out, must be a nation state, and with the cyber cold war going full bore the biggest enemy is China, so lets blame them. Why not, they are just going to deny it like always.

As for specifics, they say the ‘hackers’ caused ‘interference’, WTF does that mean? Did they gain full control? Did they move the satellite from its intended orbit? Where they able to send unauthorized commands? Or did they merely ping the control systems? Maybe infected them with standard malware? Did they stand outside and try to jam the microwave signals? Just what the hell does ‘interference’ mean?

This report actually lists a suspect location for the attack, “may have used an Internet connection at the Svalbard Satellite Station in Spitsbergen, Norway”. But has anyone bothered to call anyone who works there to verify the story? Even to get a dry ‘no comment’? I haven’t seen one. Also notice the “may have” implying they don’t really know. How the hell could they not know?

I mean come on, think about it, this is a satellite installation, according their web page “the world’s largest commercial ground station with more than 31 state-of-the-art multi-mission and customer dedicated antenna systems in C-, L-, S- and X-band.” Whoa! Sounds like they know what they are doing. I would think that someone there would be able to give some sort of comment. If they are a commercial organization then letting word get out, unchallenged, that their systems got broke into and multi million dollar satellites are not under their control, sounds like there could be some liability there. Someone should be confirming the story and minimizing its impact or denying it outright. Something. No, all we have is a ‘may have’.

And lastly Satellite control systems are supposed to be air gapped, in other words not connected to the Internet. Granted there are numerous cases where the air gap got bridged, usually with a USB drive, the recent remote command center for Predators Drones being infected with malware comes to mind, so air gaps aren’t fool proof, but still you would think a breach of this magnitude would show up somewhere other than an almost unnoticed report put out by the U.S.-China Economic and Security Review Commission.

I have no facts or sources to confirm this but my theory is that the ‘interference’ was nothing more than run of the mill malware that infected the office and business systems of the Svalbard Satellite Station. One of the authors of this report got wind of it and and suddenly it becomes hackers interfere with satellites.

So, until I see some actual facts and verifiable sources I’m calling this whole story bullshit.

- Space Rogue

We would like your feedback

Getting your customers to fill out market satisfaction survey’s is all the rage these days. “We greatly appreciate your feedback ” Hey, its free demographic marketing! Its also usually ego stroking, studies show that people tend to skew their own responces to the positive side of things. Generally I don’t fill these things out at all. I just route these emails directly tot he trash bin. I don’t do free marketing research for your company. However, once in a while I get pissed off enough to waste ten minutes to fill out the survey, at least enough until I get to the comment box. (Didn’t put a comment box in your survey? Better hope all your executives have an asbestoes covered email inbox)

“You indicated that you are not very likely to recommend Verizon Business to a friend or a colleague. What can we do to improve?”

Not suck. You failed at every level, from order taking to product delivery to service connection. You failed at everything, multiple times. The only thing you can do to improve is just not suck. It isn’t really that hard. Seriously, I have never seen so much suckage, you suck at incomprehensable levels. I don’t mean to sit hear and call you names but I have never ever seen one organization just not care, about anything. This wasn’t just one bad employee, this was everyone, it was systemic within your organization. The order taker, the project lead, her boss, the implementer, the guys on the phone when I turned the circuit up, everyone. No one cared, and no one could do their job correctly the first time.

I have delt with Verizon off and on for years and years, there have always been problems. I have had dozens of circuits installed and every single one of them have had something go wrong. I expect it and I usually plan for for it. But this time, everything went wrong, order taker forgot to submit paperwork for me to sign until the last minute, the site survey was delayed by two weeks, and actually had to happen twice. Your Business unit could not talk with your Core unit. (What the hell is the differance?) You couldn’t pull cable, then you failed to connect the circuit the first time, or the second, then you forgot to send me the router you ordered for me two months prior! All the while I am attempting to get things corrected with the project manager and her boss. Basically, they didn’t care.

You have problems Verizon, deep problems. And now I am stuck with your line into my company like some grotesque festering infectous tentacle that I would rip out completely down the seven floors into your node if I could. You have your contract, you have me for three years and frankly I am so tired of fighting that now that the service is working, finally, I am too tired to change it. So yeah, you have my (companies) money Verizon, for now but as soon as this contract is up I will be switching and I will never ever EVER install another Verizon circuit ever again. I would rather install Comcast or so help me even RCN before I install another Verizon line.

Do you know who you are?

GAT circa 1995

The above photo was taken in the backyard of my house sometime around 1995 at one of the infamous 617 barbecues known as Grillathon. There are some people in that pic who are now rather famous in certain circles. There are a LOT of people who where at the BBQ who have gone on to bigger and better things within the infosec industry. There are even more people from the same 617 area who now head security departments at fortune 100 companies, hold high level positions at DOD, who hold millions of dollars of VC money in the palm of their hand.

Some have embraced their past, they openly admit who they associated with, and wear it almost as a badge of pride. Others actively hide away from it. They want no mention of their past associations or that they even once used a handle. <gasp> I’m not talking about admitting to past crimes or other transgressions. There is no need to say you pownd an entire country in 1998 (who didn’t), no, I’m just talking about admitting who you were, and who your friends were. I don’t understand why this scares some of us so much.

It is one thing to not advertise certain facts but its another to actively go out of your way to dissociate with your past, and it pisses me off. We all know who you are and who you were, do you?

Speaking of 617, you may have noticed Lady Ada (Limor Freid) on the cover of Wired this month (April 2011). One of dozens of people from the late nineties 617 BBS scene to go on to huge success. I’d love to make a list of people who where in the scene then and where they ended up but I suspect it would upset a lot of the people who are hiding their past.

I might do it anyway. I would be afraid of leaving people out, remind me who was around 617 back then and where they are now. If you were around back then and think making such a list would be a bad idea, let me know that to. I may not listen to you, but I might. Depends on how pissed I get about it.

PC Protect

Internet scams are a dime a dozen from pop ups for fake anti-virus software packages to cleverly designed phishing websites that look exactly like your banks login page. Internet criminals will try just about anything if they think they can get away with it. Today I think I ran into what I think is a totally new scam that definitely involves your land line telephone, and I am pretty sure it involves the Internet, but I’m not sure.

The telltale sign that you have been had is a monthly charge on your telephone bill for $19.99 for something called “PC Protect”. Now a business of any measurable size is going to a have a phone bill such that an additional charge of $19.99 is going to be barely noticeable and I suspect that this is exactly what whoever is doing this scam is counting on. Thankfully the company I work for has an eagle eyed accountant and when she spotted the extra charge she quickly brought it to my attention and asked what it was. I had no idea, but with a name like “PC Protect” my spidey sense started tingling immediately.

A quick google search turned up a snazzy one page website (which I can no longer seem to find) full of web 2.0 goodness that looked like it was just there to sign people up to some sort of anti-something service. At the bottom of the page in the tiny tiny fine print there was a statement about how people could dispute charges by calling a number. Well, obviously we called. The first time they claimed to be from quizrocket DOT com (no, I won’t actually link to the site) the second time they claimed to be usprizedraw DOT com. We complained about the charges and they basically said tough, that our employee John Smith authorized the charges. So we called Verizon who easily agreed to remove the charges.

All well and good but the question remains how did these people get the company phone number and an employee name to ping it to? Obviously I had a talk with John. John is one of those rare people who ‘gets it’ mostly from an IT perspective. He told me that he never visited either of those sites or any other site even remotely close to it, doesn’t use facebook, doesn’t fill out online quizzes and when he buys stuff online for the company he uses a fake phone number (Like I said, he ‘gets it’).

If it was anyone else I would probably just say he filled out a form somewhere and got phished, which is still possible. Or there may be undetected malware deep inside his machine that I haven’t found yet. (I will take a closer look soon). Looking closer at the company info I quickly started going nowhere, fake company names, with fake addresses etc…

I will be looking closer at this stuff over the next few days. If you have heard of PC Protect or if anything else in this sounds familiar let me know. In the meantime keep a close eye on your phone bills.

WordPress is Installed

I figured if I’m going to do this blogging thing I should get some real software instead of editing an HTML file by hand. Not that I mind writing raw HTML but this is so much easier and has all these cool nifty features like comments and stuff. So I’ve just installed this today, I’ve moved over all the old posts and I will be moving over everything else as well but it may take a few days weeks so things will be changeing.

I have HNN Back!!!

I am very very happy about this. <danceofjoy> I finally own hackernews.com again! </danceofjoy> many many thanks to Dave for keeping watch over the domain and not gouging me to transfer it over. (Dave, I owe you many beers!) Now just because I have the domain doesn’t mean I am going to resurect HNN or anything it is just good to have things back to where they belong. For now hackernews.com will just point here.

Merry Christmas!

Dildog threw his annual Christmas bash with all of the usual suspects and a few unusual ones. Tame by L0pht party standards but hey, we’re all gettin’ old. The Vegtable of Death actually stopped looking for dead people long enough to grace us with his presence. The Fish of Tweet was still 5K miles away but still thought of. Mudge had his new girly girl and I don’t think I saw a drink in his hand all night, WOW!