Feeds

Inside the mysterious US satellite hacking case

Ground station denies hack, US cyber general baffled

Securing Web Applications Made Simple and Scalable

Chinese whispers

The report suggests the Chinese might have been trying out these tactic on a real, albeit non-military, satellite network. There's no evidence that this is what happened however and even the committee admits the attack has not been traced back to China.

The National Aeronautics and Space Administration confirmed two suspicious events related to the Terra EOS satellite in 2008 and the U.S. Geological Survey confirmed two anomalous events related to the Landsat-7 satellite in 2007 and 2008.

If executed successfully, such interference has the potential to pose numerous threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite’s controls could allow an attacker to damage or destroy the satellite. The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission. A high level of access could reveal the satellite’s capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or space-based networks used by the satellite.

These events are described here not on the basis of specific attribution information but rather because the techniques appear consistent with authoritative Chinese military writings. For example, according to Military Astronautics, attacks on space systems ‘‘generate tremors in the structure of space power of the enemy, cause it to suffer from chain effects, and finally lose, or partly lose, its combat effectiveness.’’ One tactic is ‘‘implanting computer virus and logic bombs into the enemy’s space information network so as to paralyze the enemy’s space information system.’’

The apparently hawkish Congressional committee warns the Pentagon and NASA to stay alert against "potential Chinese counterspace activities". An opening address (PDF) by committee chairman William A. Reinsch on Wednesday makes mention of the politician's concern about China's intentions in space. Reinsch also criticises China's alleged cyberspying activities against Western government and hi-tech firm.

While all nations have the right to develop the means to defend themselves, the Commission continues to be concerned with the opacity of China’s military development and intentions, which invites misunderstanding. And, in particular, our report notes China’s development of its cyber capabilities, focusing on the growing evidence that Beijing sponsors or condones computer network intrusions against foreign commercial and government targets. When combined with the military’s excessive focus on other disruptive military capabilities, such as counterspace operations, it presents an image of Chinese intentions that diverges significantly from Beijing’s official policy of peaceful development.

The Chinese government has previously denied having anything to do with the hacking of two US satellites when the allegations first surfaced last month. Embassy officials repeated these denials on publication of the commission's final report this week.

Embassy officials told Reuters that it "obvious that the commission is entrusted with the mission of vilifying China’s image and spreading China threat theory by patching up unwarranted allegations against China."

"We urge the commission to stop issuing such reports for the good of increasing mutual trust between our two countries while China will continue to play a responsible role in both the realistic and the virtual worlds," Wang Baodong, an embassy spokesman, in an email to the news agency.

Concerns about the security of US space systems have been raised before.

The US-China Economic Security and Review Commission's report comes eight months after an official audit of NASA's network concluded that the space agency faces a high risk of cyberattack.

Experts from the Office of the Inspector General (OIG) warned that vulnerabilities in the space agency's network left it open to defacement, denial of service or information-stealing attacks. In particular, six unnamed IT systems – which included systems that control spacecraft – were wide open to attack as a result of unpatched software vulnerabilities.

"We found that computer servers on NASA's Agency-wide mission network had high-risk vulnerabilities that were exploitable from the internet," OIG said. "Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable." ®

Bootnote

* The Landsat Program is a series of Earth-observing satellite missions jointly managed by NASA and the US Geological Survey. Terra is a scientific satellite programme managed by NASA looking for evidence on climate change, among other functions.

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.