Rebuttal – “Hackers reportedly behind U.S. government satellite disruptions”

First some historical background, this is at least the third time I have seen a similar story over the last 15 years. “OMG ‘hackers’ can control a satellite”, the previous two times it turned out to be false. The first time I was one of the first people call the story suspect.

It is hard to find links that still work from 1999 but Reuters actually had to publish a retraction, if you can call it that

It reared its ugly head again a few years later and became “the second most mysterious unsolved cyber crime.” and it wasn’t even true. I have a blog post about that mess here with a some more supporting links.

I’ve seen similar stories pop up about once every five years or so, “OMG the world is gonna end, hackers control the skies, Aaarrrrggghhh!!!!” Remember the story a year or so ago where Taliban ‘hackers’ got control of a predator drone or some bullshit? When all it most likely was that they got a copy of the off the shelf control software, maybe. Never conclusively got the end of that one.

In all of these case there are similarities, blame some unknown entity, vague details and no verifiable information.

So lets look at this story. The accusation comes from some anonymous report, ok, ok, not actually anonymous but from the U.S.-China Economic and Security Review Commission. Hmmm, think they have an interest in pointing fingers? And I don’t see any actual names on the report (admittedly I haven’t looked to hard) So, first they blame China, naturally, who else you going to blame? They don’t blame kids in basements anymore, there is no profit motive in controlling satellites (well, unless you can keep control) so cyber criminals are right out, must be a nation state, and with the cyber cold war going full bore the biggest enemy is China, so lets blame them. Why not, they are just going to deny it like always.

As for specifics, they say the ‘hackers’ caused ‘interference’, WTF does that mean? Did they gain full control? Did they move the satellite from its intended orbit? Where they able to send unauthorized commands? Or did they merely ping the control systems? Maybe infected them with standard malware? Did they stand outside and try to jam the microwave signals? Just what the hell does ‘interference’ mean?

This report actually lists a suspect location for the attack, “may have used an Internet connection at the Svalbard Satellite Station in Spitsbergen, Norway”. But has anyone bothered to call anyone who works there to verify the story? Even to get a dry ‘no comment’? I haven’t seen one. Also notice the “may have” implying they don’t really know. How the hell could they not know?

I mean come on, think about it, this is a satellite installation, according their web page “the world’s largest commercial ground station with more than 31 state-of-the-art multi-mission and customer dedicated antenna systems in C-, L-, S- and X-band.” Whoa! Sounds like they know what they are doing. I would think that someone there would be able to give some sort of comment. If they are a commercial organization then letting word get out, unchallenged, that their systems got broke into and multi million dollar satellites are not under their control, sounds like there could be some liability there. Someone should be confirming the story and minimizing its impact or denying it outright. Something. No, all we have is a ‘may have’.

And lastly Satellite control systems are supposed to be air gapped, in other words not connected to the Internet. Granted there are numerous cases where the air gap got bridged, usually with a USB drive, the recent remote command center for Predators Drones being infected with malware comes to mind, so air gaps aren’t fool proof, but still you would think a breach of this magnitude would show up somewhere other than an almost unnoticed report put out by the U.S.-China Economic and Security Review Commission.

I have no facts or sources to confirm this but my theory is that the ‘interference’ was nothing more than run of the mill malware that infected the office and business systems of the Svalbard Satellite Station. One of the authors of this report got wind of it and and suddenly it becomes hackers interfere with satellites.

So, until I see some actual facts and verifiable sources I’m calling this whole story bullshit.

- Space Rogue

This entry was posted in Uncategorized by Space Rogue. Bookmark the permalink.

About Space Rogue

Space Rogue is widely sought after by journalists and industry analysts for his unique views and perceptions of the information security industry. He has been called to testify before the Senate Committee on Governmental Affairs and has been quoted in numerous magazine and newspaper articles as well as appeared on such TV shows as News Hour with Jim Lehrer, CNN Nightly News, ABC News Online with Sam Donaldson, and others. A recognized name within the industry, Space Rogue has written articles that are often quoted or refered to by other major media outlets. He has spoken before numerous audiances including the Digital Messageing Association, Defcon, Pumpcon, HOPE, H2K, and others. As a former member of L0pht Heavy Industries, Space Rogue ran the widely popular Hacker News Network which quickly became a major resource on the Internet for daily information security news. Before HNN he ran the The Whacked Mac Archives, which at the time, was the largest and the most popular Macintosh security site on the net. Currently Space Rogue does consulting for various companies.

One thought on “Rebuttal – “Hackers reportedly behind U.S. government satellite disruptions”

  1. Pingback: » Hack Attack: Black hats, grey hairs

Leave a Reply