Feeds

Inside the mysterious US satellite hacking case

Ground station denies hack, US cyber general baffled

Protecting against web application threats using SSL

Chinese whispers

The report suggests the Chinese might have been trying out these tactic on a real, albeit non-military, satellite network. There's no evidence that this is what happened however and even the committee admits the attack has not been traced back to China.

The National Aeronautics and Space Administration confirmed two suspicious events related to the Terra EOS satellite in 2008 and the U.S. Geological Survey confirmed two anomalous events related to the Landsat-7 satellite in 2007 and 2008.

If executed successfully, such interference has the potential to pose numerous threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite’s controls could allow an attacker to damage or destroy the satellite. The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission. A high level of access could reveal the satellite’s capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or space-based networks used by the satellite.

These events are described here not on the basis of specific attribution information but rather because the techniques appear consistent with authoritative Chinese military writings. For example, according to Military Astronautics, attacks on space systems ‘‘generate tremors in the structure of space power of the enemy, cause it to suffer from chain effects, and finally lose, or partly lose, its combat effectiveness.’’ One tactic is ‘‘implanting computer virus and logic bombs into the enemy’s space information network so as to paralyze the enemy’s space information system.’’

The apparently hawkish Congressional committee warns the Pentagon and NASA to stay alert against "potential Chinese counterspace activities". An opening address (PDF) by committee chairman William A. Reinsch on Wednesday makes mention of the politician's concern about China's intentions in space. Reinsch also criticises China's alleged cyberspying activities against Western government and hi-tech firm.

While all nations have the right to develop the means to defend themselves, the Commission continues to be concerned with the opacity of China’s military development and intentions, which invites misunderstanding. And, in particular, our report notes China’s development of its cyber capabilities, focusing on the growing evidence that Beijing sponsors or condones computer network intrusions against foreign commercial and government targets. When combined with the military’s excessive focus on other disruptive military capabilities, such as counterspace operations, it presents an image of Chinese intentions that diverges significantly from Beijing’s official policy of peaceful development.

The Chinese government has previously denied having anything to do with the hacking of two US satellites when the allegations first surfaced last month. Embassy officials repeated these denials on publication of the commission's final report this week.

Embassy officials told Reuters that it "obvious that the commission is entrusted with the mission of vilifying China’s image and spreading China threat theory by patching up unwarranted allegations against China."

"We urge the commission to stop issuing such reports for the good of increasing mutual trust between our two countries while China will continue to play a responsible role in both the realistic and the virtual worlds," Wang Baodong, an embassy spokesman, in an email to the news agency.

Concerns about the security of US space systems have been raised before.

The US-China Economic Security and Review Commission's report comes eight months after an official audit of NASA's network concluded that the space agency faces a high risk of cyberattack.

Experts from the Office of the Inspector General (OIG) warned that vulnerabilities in the space agency's network left it open to defacement, denial of service or information-stealing attacks. In particular, six unnamed IT systems – which included systems that control spacecraft – were wide open to attack as a result of unpatched software vulnerabilities.

"We found that computer servers on NASA's Agency-wide mission network had high-risk vulnerabilities that were exploitable from the internet," OIG said. "Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable." ®

Bootnote

* The Landsat Program is a series of Earth-observing satellite missions jointly managed by NASA and the US Geological Survey. Terra is a scientific satellite programme managed by NASA looking for evidence on climate change, among other functions.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.