Two U.S. government satellites were each hacked twice between 2007 and 2008, potentially by someone with ties to the Chinese military, according to the draft of a forthcoming report obtained by Bloomberg from the U.S.-China Economic Review Commission, a Congressional advisory panel.
One satellite reportedly affected was Landsat-7, a ground mapping satellite launched by NASA in 1999 that continues to orbit the earth, managed by the U.S. Geological Survey, snapping high-res, sun-lit, cloud-free satellite photos of Earth’s changing landscapes for use in a number of applications, including wildfire tracking and recovery and locating fossils.
Bloomberg explains that the report draft says this satellite was hacked in October 2007 and July 2008 and “experienced 12 minutes of interference,” though the report apparently does not detail exactly of what kind.
According to the draft, Terra AM-1, another earth observing satellite launched by NASA in 1999 was hacked and suffered interference for two minutes in June 2008 and for nine minutes in October 2008. The draft also states that “the responsible party achieved all steps required to command the satellite,” but hackers never gained total control.
The report draft also includes the line that the hacks were “consistent with Chinese military writings that advocate disabling an enemy’s space systems, and particularly ‘ground-based infrastructure, such as satellite control facilities,'” according to the Bloomberg report. That said, the report draft reportedly does not specifically suggest that the Chinese government was a sponsor or organizer of the attacks.
The satellites are tracked by the Svalbard Satellite Station in Spitsbergen, Norway, which is “recognized as the most optimally located ground station in the world for satellite control,” according to Norwegian Kongsberg satellite services. Because this facility is linked to the public Internet, the draft theorizes this is where the hack originated from.
As has been the case when confronted with evidence of quasi-state involvement in hacking, Chinese authorities have turned to the time-honored strategy of “deny, deny, deny” that anyone in an official capacity had anything to do with the reported hacks, with a spokesperson for the Chinese embassy telling Bloomberg the accusations were “unproved stories” and part of the Commission’s overall attempt to vilify China’s “international image.”
It’s worth noting that the Terra AM-1 is also a “multi-disciplinary mission involving partnerships with the aerospace agencies of Canada and Japan,” according to NASA, so it’s not as though the satellite was highly classified or that it’s data was restricted.
Indeed, imagery data captured by Terra AM-1 and Landsat-7 is routinely updated online for anyone with Internet access to see.
And NASA doesn’t have the best track record at safeguarding its satellites from cyber attacks. Earlier this year in May a Romanian hacker who identified his or herself as TinKode posted a screengrab of the Goddard Space Flight Center FTP server, which he or she claimed to have hacked into. At the time, a Goddard spokesman told Security News Daily: “The necessary steps were taken to protect the infrastructure at that time…NASA doesn’t discuss the details of our IT security but remains vigilant to secure the security of our sites.”
In 1998, Reuters reported:
An international group of computer hackers who successfully broke into the telecommunications backbone of the U.S. military said Wednesday they had also stolen key software programs from NASA. The group, which calls itself the “Masters of Downloading” or MOD, said the cyber-attack had stripped the U.S. space agency of its chief defense against computer intrusion and would allow them “to pass undetected through their systems.” MOD announced earlier it had broken into another sensitive site, the Pentagon’s Defense Information Systems Network (DISN), and stolen enough information to “take control” of military satellites and other systems…Defense Department officials confirmed the intrusion had taken place, but said the stolen software package did not in itself constitute classified information.
Other countries and companies have reportedly been victim of satellite hackers in the past.
In 1999, reports circulated that hackers altered the course of one of the satellites in Britain’s Skynet system, which provides communications to British Armed Forces and NATO, although the British Ministry of Defense denied that this had been the cast.
In 2004, the commercial satellite company AsiaSat alleged that it was forced to shut down of its telecommunications satellites due to “malicious signals” from the Falun Gong religious movement.
In 2007, the Sri-Lankan Rebel group the Tamil Tigers reportedly hacked a telecommunications satellite of the company Intelsat and used it to broadcast propaganda and news reports to diaspora Tamils outside Sri Lanka, in Europe and Asia. The company quickly regained control of the satellite.
In 2009,WIRED magazine reportedon a crackdown on Brazilian satellite hackers, who had for the past five years been hacking and hijacking U.S. military satellite transponders for communications purposes.
And around the web, there are several guides purporting to instruct one on how to hack or achieve unauthorized access to satellites in orbit.
As for these latest satellite hacking incidents, at this time, there certainly remain more questions than answers.
TPM has reached out to NASA, the Air Force, the USGS and the U.S.-China Economic Security Review Commission for more details and will update when we receive a response.
