[ISN] Rebuttal -- "Hackers reportedly behind U.S. government satellite disruptions"

From: InfoSec News <alerts_at_private>
Date: Fri, 28 Oct 2011 00:33:02 -0500 (CDT)
http://www.spacerogue.net/wordpress/?p=223

By Space Rogue
October 27, 2011

First some historical background, this is at least the third time I have 
seen a similar story over the last 15 years. “OMG ‘hackers’ can control 
a satellite”, the previous two times it turned out to be false. The 
first time I was one of the first people call the story suspect.

It is hard to find links that still work from 1999 but Reuters actually 
had to publish a retraction, if you can call it that

It reared its ugly head again a few years later and became “the second 
most mysterious unsolved cyber crime.” and it wasn’t even true. I have a 
blog post about that mess here with a some more supporting links.

I’ve seen similar stories pop up about once every five years or so, “OMG 
the world is gonna end, hackers control the skies, Aaarrrrggghhh!!!!” 
Remember the story a year or so ago where Taliban ‘hackers’ got control 
of a predator drone or some bullshit? When all it most likely was that 
they got a copy of the off the shelf control software, maybe. Never 
conclusively got the end of that one.

In all of these case there are similarities, blame some unknown entity, 
vague details and no verifiable information.

So lets look at this story. The accusation comes from some anonymous 
report, ok, ok, not actually anonymous but from the U.S.-China Economic 
and Security Review Commission. Hmmm, think they have an interest in 
pointing fingers? And I don’t see any actual names on the report 
(admittedly I haven’t looked to hard) So, first they blame China, 
naturally, who else you going to blame? They don’t blame kids in 
basements anymore, there is no profit motive in controlling satellites 
(well, unless you can keep control) so cyber criminals are right out, 
must be a nation state, and with the cyber cold war going full bore the 
biggest enemy is China, so lets blame them. Why not, they are just going 
to deny it like always.

As for specifics, they say the ‘hackers’ caused ‘interference’, WTF does 
that mean? Did they gain full control? Did they move the satellite from 
its intended orbit? Where they able to send unauthorized commands? Or 
did they merely ping the control systems? Maybe infected them with 
standard malware? Did they stand outside and try to jam the microwave 
signals? Just what the hell does ‘interference’ mean?

This report actually lists a suspect location for the attack, “may have 
used an Internet connection at the Svalbard Satellite Station in 
Spitsbergen, Norway”. But has anyone bothered to call anyone who works 
there to verify the story? Even to get a dry ‘no comment’? I haven’t 
seen one. Also notice the “may have” implying they don’t really know. 
How the hell could they not know?

I mean come on, think about it, this is a satellite installation, 
according their web page “the world’s largest commercial ground station 
with more than 31 state-of-the-art multi-mission and customer dedicated 
antenna systems in C-, L-, S- and X-band.” Whoa! Sounds like they know 
what they are doing. I would think that someone there would be able to 
give some sort of comment. If they are a commercial organization then 
letting word get out, unchallenged, that their systems got broke into 
and multi million dollar satellites are not under their control, sounds 
like there could be some liability there. Someone should be confirming 
the story and minimizing its impact or denying it outright. Something. 
No, all we have is a ‘may have’.

And lastly Satellite control systems are supposed to be air gapped, in 
other words not connected to the Internet. Granted there are numerous 
cases where the air gap got bridged, usually with a USB drive, the 
recent remote command center for Predators Drones being infected with 
malware comes to mind, so air gaps aren’t fool proof, but still you 
would think a breach of this magnitude would show up somewhere other 
than an almost unnoticed report put out by the U.S.-China Economic and 
Security Review Commission.

I have no facts or sources to confirm this but my theory is that the 
‘interference’ was nothing more than run of the mill malware that 
infected the office and business systems of the Svalbard Satellite 
Station. One of the authors of this report got wind of it and and 
suddenly it becomes hackers interfere with satellites.

So, until I see some actual facts and verifiable sources I’m calling 
this whole story bullshit.

- Space Rogue


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Oct 27 2011 - 22:33:02 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 27 2011 - 22:40:33 PDT