Feeds

Inside the mysterious US satellite hacking case

Ground station denies hack, US cyber general baffled

Top three mobile application threats

Chinese whispers

The report suggests the Chinese might have been trying out these tactic on a real, albeit non-military, satellite network. There's no evidence that this is what happened however and even the committee admits the attack has not been traced back to China.

The National Aeronautics and Space Administration confirmed two suspicious events related to the Terra EOS satellite in 2008 and the U.S. Geological Survey confirmed two anomalous events related to the Landsat-7 satellite in 2007 and 2008.

If executed successfully, such interference has the potential to pose numerous threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite’s controls could allow an attacker to damage or destroy the satellite. The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission. A high level of access could reveal the satellite’s capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or space-based networks used by the satellite.

These events are described here not on the basis of specific attribution information but rather because the techniques appear consistent with authoritative Chinese military writings. For example, according to Military Astronautics, attacks on space systems ‘‘generate tremors in the structure of space power of the enemy, cause it to suffer from chain effects, and finally lose, or partly lose, its combat effectiveness.’’ One tactic is ‘‘implanting computer virus and logic bombs into the enemy’s space information network so as to paralyze the enemy’s space information system.’’

The apparently hawkish Congressional committee warns the Pentagon and NASA to stay alert against "potential Chinese counterspace activities". An opening address (PDF) by committee chairman William A. Reinsch on Wednesday makes mention of the politician's concern about China's intentions in space. Reinsch also criticises China's alleged cyberspying activities against Western government and hi-tech firm.

While all nations have the right to develop the means to defend themselves, the Commission continues to be concerned with the opacity of China’s military development and intentions, which invites misunderstanding. And, in particular, our report notes China’s development of its cyber capabilities, focusing on the growing evidence that Beijing sponsors or condones computer network intrusions against foreign commercial and government targets. When combined with the military’s excessive focus on other disruptive military capabilities, such as counterspace operations, it presents an image of Chinese intentions that diverges significantly from Beijing’s official policy of peaceful development.

The Chinese government has previously denied having anything to do with the hacking of two US satellites when the allegations first surfaced last month. Embassy officials repeated these denials on publication of the commission's final report this week.

Embassy officials told Reuters that it "obvious that the commission is entrusted with the mission of vilifying China’s image and spreading China threat theory by patching up unwarranted allegations against China."

"We urge the commission to stop issuing such reports for the good of increasing mutual trust between our two countries while China will continue to play a responsible role in both the realistic and the virtual worlds," Wang Baodong, an embassy spokesman, in an email to the news agency.

Concerns about the security of US space systems have been raised before.

The US-China Economic Security and Review Commission's report comes eight months after an official audit of NASA's network concluded that the space agency faces a high risk of cyberattack.

Experts from the Office of the Inspector General (OIG) warned that vulnerabilities in the space agency's network left it open to defacement, denial of service or information-stealing attacks. In particular, six unnamed IT systems – which included systems that control spacecraft – were wide open to attack as a result of unpatched software vulnerabilities.

"We found that computer servers on NASA's Agency-wide mission network had high-risk vulnerabilities that were exploitable from the internet," OIG said. "Specifically, six computer servers associated with IT assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable." ®

Bootnote

* The Landsat Program is a series of Earth-observing satellite missions jointly managed by NASA and the US Geological Survey. Terra is a scientific satellite programme managed by NASA looking for evidence on climate change, among other functions.

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.