OpenBCM V1.13 (Linux)

Packet Radio Mailbox

DB0FHN

[JN59NK Nuernberg]

 Login: GUEST





  
M1CUK  > INFO     12.10.02 04:35l 106 Lines 5215 Bytes #999 (0) @ WW
BID : 072209M1CUK
Read: DB0FHN GUEST
Subj: satelites hackable!
Path: DB0FHN<DB0ZWI<DB0HDF<DB0ERF<DB0FBB<DB0WTS<DB0ACH<ON0RAT<ON5VL<LX0HST<
      HA3PG<7M3TJZ<ON0AR<GB7FCR
Sent: 021010/2325Z @:GB7FCR.#16.GBR.EU #:21316 [Blackpool] FBB-7.03a $:072209M1
From: M1CUK@GB7FCR.#16.GBR.EU
To  : INFO@WW


Satellite systems hackable - study
By Kevin Poulsen, SecurityFocus Online
Posted: 09/10/2002 at 08:25 GMT


Critical commercial satellite systems relied upon by federal agencies,
civilians and the Pentagon are potentially vulnerable to a variety of
sophisticated hack attacks that could cause service disruptions, or even
send a satellite spinning out of control, according to a new report by the
General Accounting Office, the investigative arm of Congress. 

The GAO report, dated August 30th but not released publicly until
Thursday, criticizes the White House for not taking the vulnerabilities
into account in its national cybersecurity planning, a criticism it also
extends back to the Clinton administration. 

The focus of the report is on satellite systems which are used extensively
by the federal government, but like many critical infrastructures are in
the hands of the private sector. 

Among the weaknesses investigators found: some satellite companies don't
encrypt the tracking and control uplinks through which the satellites are
controlled from the ground, making them vulnerable to spoofing, with
potentially dire results. "If false commands could be inserted into a
satellite's command receiver (spoofing the receiver), they could cause the
spacecraft to tumble or otherwise destroy itself," reads the report. 

"It is also feasible to insert false information or computer viruses into
the terrestrial computer networks associated with a space system, either
remotely or through an on-site connection," the GAO found. "Such an attack
could lead to space system degradation or even complete loss of spacecraft
utility." 

Such an attack could impact military operations, the report claims, citing
a Department of Defense (DOD) study that found that commercial satellites
were used for 45 percent of all communications between the U.S. and forces
in the Persian Gulf region during Desert Storm. "The importance of
commercial satellites for DOD is evident during times of conflict," the
GAO concluded. 

The study does not attempt to rate the likelihood of such an attack, and
found that there are some significant safeguards in place -- for example,
some companies deliberately use extremely high-power transmitters to
control their satellites, making it unlikely an attacker could overpower
the authentic signal with a fake one. 

Regulations Ignored 
But the level of security varies significantly, the report found, and with
little regulation governing satellite security, commercial providers have
little incentive to invest in costly solutions. 

One federal policy initiated in January 2001 theoretically requires
satellite providers handling national security communications to meet
minimal cybersecurity standards, but the report found that not a single
company was entirely compliant with the directive, which is missing an
enforcement mechanism. 

"Some satellite service providers view compliance ... as not necessary for
selling services to the government, since in the past agencies have used
satellites that did not comply with prior security policy," the report
found. "For example, DOD has contracted for services on satellites that
were not compliant with the previous and existing policy for various
reasons. However, at times, noncompliant satellites have been DOD's only
option." 

The GAO lists several past satellite glitches, intentional and accidental,
beginning with the 1986 "Captain Midnight" hack, in which a worker at a
commercial satellite transmission center in Florida briefly took over HBO,
interrupting an airing of the Falcon and the Snowman with a text message
protesting the pay TV channel's new scrambling system. 

In 1998, the accidental failure of the Galaxy IV satellite disrupted over
35 million pagers across the United States for two to four days, and
blocked credit card authorization of point of sale terminals. 

The report notes that, except for GPS vulnerabilities, satellite systems
were ignored in President Clinton's cybersecurity efforts, and are faring
no better under the Bush administration's cybersecurity push. 

"Given the importance of satellites to the national economy, the federal
government's growing reliance on them, and the many threats that face
them, failure to explicitly include satellites in the national approach to
[critical infrastructure protection] leaves a critical aspect of the
national infrastructure without focused attention," the GAO concludes. 

A spokesperson for the President's Critical Infrastructure Protection
Board didn't immediately return a phone call on the report Thursday. 

The report was produced shortly before last month's unveiling of the White
House's draft National Strategy to Secure Cyberspace, which doesn't
address satellite system vulnerabilities, but generally eschews any new
regulation of critical infrastructure providers. 
-------------------------------------

73's 
   Trev, m1cuk@gb7fcr.#16.gbr.eu
   SysOp gb7fcr
   ax25 - tcp/ip - telnet - axip - RF & Internet Linked System's
   Located in Blackpool, Lancashire, On the North West Coast of the UK	
   Message timed: 00:14 on 11 Oct 02
   Message sent using WinPack-Telnet V6.80


Read previous mail | Read next mail


 08.07.2026 02:47:59lGo back Go up