[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Rebuttal -- "Hackers reportedly behind U.S. government
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-10-28 5:33:02
Message-ID: alpine.DEB.2.02.1110280032400.4065 () infosecnews ! org
[Download RAW message or body]
http://www.spacerogue.net/wordpress/?p=223
By Space Rogue
October 27, 2011
First some historical background, this is at least the third time I have
seen a similar story over the last 15 years. "OMG ‘hackers' can control
a satellite", the previous two times it turned out to be false. The
first time I was one of the first people call the story suspect.
It is hard to find links that still work from 1999 but Reuters actually
had to publish a retraction, if you can call it that
It reared its ugly head again a few years later and became "the second
most mysterious unsolved cyber crime." and it wasn't even true. I have a
blog post about that mess here with a some more supporting links.
I've seen similar stories pop up about once every five years or so, "OMG
the world is gonna end, hackers control the skies, Aaarrrrggghhh!!!!"
Remember the story a year or so ago where Taliban ‘hackers' got control
of a predator drone or some bullshit? When all it most likely was that
they got a copy of the off the shelf control software, maybe. Never
conclusively got the end of that one.
In all of these case there are similarities, blame some unknown entity,
vague details and no verifiable information.
So lets look at this story. The accusation comes from some anonymous
report, ok, ok, not actually anonymous but from the U.S.-China Economic
and Security Review Commission. Hmmm, think they have an interest in
pointing fingers? And I don't see any actual names on the report
(admittedly I haven't looked to hard) So, first they blame China,
naturally, who else you going to blame? They don't blame kids in
basements anymore, there is no profit motive in controlling satellites
(well, unless you can keep control) so cyber criminals are right out,
must be a nation state, and with the cyber cold war going full bore the
biggest enemy is China, so lets blame them. Why not, they are just going
to deny it like always.
As for specifics, they say the ‘hackers' caused ‘interference', WTF does
that mean? Did they gain full control? Did they move the satellite from
its intended orbit? Where they able to send unauthorized commands? Or
did they merely ping the control systems? Maybe infected them with
standard malware? Did they stand outside and try to jam the microwave
signals? Just what the hell does ‘interference' mean?
This report actually lists a suspect location for the attack, "may have
used an Internet connection at the Svalbard Satellite Station in
Spitsbergen, Norway". But has anyone bothered to call anyone who works
there to verify the story? Even to get a dry ‘no comment'? I haven't
seen one. Also notice the "may have" implying they don't really know.
How the hell could they not know?
I mean come on, think about it, this is a satellite installation,
according their web page "the world's largest commercial ground station
with more than 31 state-of-the-art multi-mission and customer dedicated
antenna systems in C-, L-, S- and X-band." Whoa! Sounds like they know
what they are doing. I would think that someone there would be able to
give some sort of comment. If they are a commercial organization then
letting word get out, unchallenged, that their systems got broke into
and multi million dollar satellites are not under their control, sounds
like there could be some liability there. Someone should be confirming
the story and minimizing its impact or denying it outright. Something.
No, all we have is a ‘may have'.
And lastly Satellite control systems are supposed to be air gapped, in
other words not connected to the Internet. Granted there are numerous
cases where the air gap got bridged, usually with a USB drive, the
recent remote command center for Predators Drones being infected with
malware comes to mind, so air gaps aren't fool proof, but still you
would think a breach of this magnitude would show up somewhere other
than an almost unnoticed report put out by the U.S.-China Economic and
Security Review Commission.
I have no facts or sources to confirm this but my theory is that the
‘interference' was nothing more than run of the mill malware that
infected the office and business systems of the Svalbard Satellite
Station. One of the authors of this report got wind of it and and
suddenly it becomes hackers interfere with satellites.
So, until I see some actual facts and verifiable sources I'm calling
this whole story bullshit.
- Space Rogue
_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic