Hackers reportedly behind U.S. government satellite disruptions

Hackers are believed to have interfered with two U.S. satellites used to observe the Earth's climate and terrain four times in recent years, according to a draft report to a government covered by Bloomberg Businessweek today.

A Landsat-7 Earth observation satellite system had 12 or more minutes of interference in October 2007 and July 2008, and a Terra AM-1 earth observation satellite experienced two minutes of interference in June 2008 and nine minutes in October 2008, the U.S.-China Economic and Security Review Commission wrote in a draft of its annual report due for release next month. The draft report cited a closed-door U.S. Air Force briefing and did not elaborate on the nature of the interference.

"The responsible party achieved all steps required to command the satellite," but didn't actually do so in the October 2008 Terra AM-1 incident, according to the report. The report speculates that hackers may have used an Internet connection at the Svalbard Satellite Station in Spitsbergen, Norway, to access the ground station's information systems.

"Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," according to the report. "Access to a satellite's controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission."

It's unclear who is behind the incidents, and it may never be known, given how easy it can be to cover criminal tracks in cyberspace. While the draft report doesn't outright accuse the Chinese government of sponsoring the attacks, it notes that the technique is reminiscent of methods the Chinese military has advocated to disable enemy space systems, including "ground-based infrastructure, such as satellite control facilities."

China is routinely blamed for computer attacks on the U.S. government and corporations, but Chinese officials always deny the accusations. Wang Baodong, Chinese Embassy spokesman in Washington, D.C., said in a statement to Bloomberg Businessweek that the U.S.-China commission has "been collecting unproved stories to serve its purpose of vilifying China's international image over the years" but that China "never does anything that endangers other countries' security interests."

However, the report was met with derision by a security industry veteran whose hacker handle, appropriate in this case, is "Space Rogue" and who testified before Congress on cybersecurity matters in the 1990s as part of the Lopht hacker group. He notes that there have been similar vague reports of attacks on satellites citing unnamed sources that have turned out to be false in the past, including one dating back to 1999 involving Britain.

"In all of these case there are similarities, blame some unknown entity, vague details and no verifiable information, Space Rogue, former editor of the Hacker News Network, wrote in an e-mail to CNET.

"Satellite control systems are supposed to be air gapped, in other words not connected to the Internet. Granted there are numerous cases where the air gap got bridged, usually with a USB drive, the recent remote command center for Predator Drones being infected with malware comes to mind," he said. "So air gaps aren't fool proof. But still, you would think a breach of this magnitude would show up somewhere other than" just this one report.

Updated 5:28 p.m. PT with comment from Space Rogue.

Update October 28 at 4:12 p.m. PT NASA confirmed to news site TPM that there had been "two suspicious events with the Terra spacecraft in the summer and fall of 2008. We can confirm that there was no manipulation of data, no commands were successfully sent to the satellite, and no data was captured."