By the Webroot Threat Team
Two of NASA’s satellites were hacked during 2007 and 2008, according to a draft report to be officially released later this month. According to the United States–China Economic and Security Review Commission, the ‘birds’, which focused on Earth observation for tasks such as climate monitoring, were reportedly pwned by the attackers, to the extent that they could have taken total control of the systems, had they wished.
The Landsat-7 earth observation satellite was hacked into for twelve minutes, during October 2007 and July 2008. The Terra AM-1 earth observation satellite was disrupted for two minutes in June 2008, and attackers enjoyed another nine-minute ride in October that year.
It’s all a bit scary, isn’t it? Mostly, security professionals focus on botnets, auction scams and spam. We rarely if ever cast our eyes and our thoughts skywards – and there are a lot of things floating around up there.
- 443 were launched by the US
- 101 were launched by Russia
- 69 were launched by China
These satellites perform a broad spectrum of functions, ranging from scientific research, commercial/business purposes, and various military functions.
These are the ones that are known about; there are doubtless a few unclassified birds up there, too, probably with powerful lenses, among other things. With valuable data on everything from commercial inventory to ATM data flying around, how safe are all these things from attack?
Not very, as it turns out. One of the biggest problems for satellite manufacturers is that once a bird is up there, it isn’t that easy to nip up and patch a piece of equipment.
The UK Ministry of Defence denied that Skynet, a satellite network used to co-ordinate military activities, had been hacked in 1999 (but they wouldn’t, wouldn’t they?). Reports said that the hack had been traced to a group in southern England that had intercepted the link between a control network and the ground station.
Ground station access seems to be a common method when satellites are hacked. The NASA hackers took advantage of a Norweigan ground station, according to the draft report, which will be published on November 17. The Svalbard Satellite Station in Spitsbergen, Norway, denied the allegations, saying that its NASA satellite control system is effectively a closed loop. But that station is connected to the Internet at some points, and NASA has since confirmed that there had been ‘suspicious activities’ with its birds.
How easy is it to hack a satellite in space?
There are other ways to hack satellites, although they’re less sophisticated. One involves denial of service. Jamming a signal to communicate your own, for example, can wreak havoc with satellite communications systems. In 1986, Captain Midnight (aka John R. MacDougall) worked for a satellite teleport and ramped up the power on his employers’ communication system to display messages of his own on top of the satellite’s audio-visual channel.
MacDougall’s incursion was commercial; he was fed up with HBO scrambling its signal and costing his satellite resale business customers. Other hacks have been politically motivated. Outlawed Chinese group the Falun Gong was accused of hijacking AsiaSat’s satellite signals in 2002, and the Tamil Tigers did it with an IntelSat system in 2007.
And then, there’s piggyjacking. For years, Brazilians have been building their own modified ham radio systems to communicate with each other via unencrypted channels on older satellite systems from the 1970s. This practice, which started in the 1990s, has been used by everything from smugglers to illegal loggers.
The cost of opportunity for hackers is falling. Speaking at BlackHat 2009, famed security researcher Adam Laurie explained how, a few years ago, satellite hacking required expensive equipment. Now, digital video broadcasting (DVB) boxes are sold very cheaply, and open source ones such as the Dreambox Linux-based satellite receiver can be used to extract satellite feed data and analyse it using cheap or free tools like this one.
Laurie demonstrated this, accessing raw IP data being sent from Africa, muxed with audio-visual signals. He even wrote software that scanned the night sky, looking for satellites hanging out on their own with channels that changed over the course of a few days. “What’s new is interesting,” he said.
Or, you could eliminate the whole sticky task of hacking a satellite altogether and just steal the data after it has been downloaded and stored. That’s what Romanian hacker TinKode did when he snooped on files stored on the web site for NASA’s Earth Observation System at the Goddard Space Centre.
Why would hackers bother doing this at all?
Controlling communications hubs in the sky gives you an inordinate amount of power over potential adversaries, whether political, commercial, or military. Satellite attacks would be one of the first steps in an overt information warfare campaign. For example, in 1998, the PanAmSat Galaxy IV satellite experienced an outage. It took down 80% of pagers in the US, and threw CBS and NPR off the air.
No wonder that the Chinese have been implicated in the attack against the weather satellites. The Commission, ever-suspicious of Chinese political and commercial motives, says that the attack patterns are consistent with others used by Chinese hackers. China denies it, and so the toe-to-toe plausible deniability dance continues.
It is only going to get easier to put satellites into space. Private corporations such as Elon Musk’s SpaceX are already planning to haul tin for commercial and public sector clients, and, just as the cost of hacking satellites is decreasing, so is the cost of getting the birds up there in the first place is also plumetting. As space becomes increasingly privatised, and the number of satellites increases, we can expect to see more stories like this. So, how will you know that a satellite has been hacked? Just keep one eye on the stars, and the other on your cat.