Malicious Cyber Activities Directed Against U.S. Satellites

Monday, November 21, 2011



A report released this month reveals that some US operated satellites are not only vulnerable to attack, but there are instances where foreign operatives have actually taken control of the systems. 

The report, titled the 2011 Report to Congress of the U.S.-China Economic and Security Review Commission, indicates that some US owned satellites that are critical for NASA programs use communications systems located outside of the US, and that the systems also use the public Internet in their operations.

"Satellites from several U.S. government space programs utilize commercially operated satellite ground stations outside the United States, some of which rely on the public Internet for 'data access and file transfers,' according to a 2008 National Aeronautics and Space Administration quarterly report.† The use of the Internet to perform certain communications functions presents potential opportunities for malicious actors to gain access to restricted networks," the report states.

The report goes on to document several instances where these sensitive satellite systems have been successfully breached and control has been wrested from US command, according to the report:

Notably, at least two U.S. government satellites have each experienced at least two separate instances of interference apparently consistent with cyber activities against their command and control systems: *

• On October 20, 2007, Landsat-7, a U.S. earth observation satellite jointly managed by the National Aeronautics and Space Administration and the U.S. Geological Survey, experienced 12 or more minutes of interference. This interference was only discovered following a similar event in July 2008 (see below).†

• On June 20, 2008, Terra EOS [earth observation system] AM–1, a National Aeronautics and Space Administration- managed program for earth observation, experienced two or more minutes of interference.‡ The responsible party achieved all steps required to command the satellite but did not issue commands.

• On July 23, 2008, Landsat-7 experienced 12 or more minutes of interference. The responsible party did not achieve all steps required to command the satellite.

• On October 22, 2008, Terra EOS AM–1 experienced nine or more minutes of interference. The responsible party achieved all steps required to command the satellite but did not issue commands.

The National Aeronautics and Space Administration confirmed two suspicious events related to the Terra EOS satellite in 2008 and the U.S. Geological Survey confirmed two anomalous events related to the Landsat-7 satellite in 2007 and 2008.§

The report goes on to hint that similar attacks against other US satellite systems, such as those involved in military operations, could pose a significant national security threat:

"If executed successfully, such interference has the potential to pose numerous threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite’s controls could allow an attacker to damage or destroy the satellite. The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission. A high level of access could reveal the satellite’s capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or spacebased networks used by the satellite."

The report stops short of actually calling out China as the source of the attacks, but suggests that the events are consistent with Chinese military tactical writings:

"These events are described here not on the basis of specific attribution information but rather because the techniques appear consistent with authoritative Chinese military writings. For example, according to Military Astronautics, attacks on space systems ‘generate tremors in the structure of space power of the enemy, cause it to suffer from chain effects, and finally lose, or partly lose, its combat effectiveness.’ One tactic is ‘implanting computer virus and logic bombs into the enemy’s space information network so as to paralyze the enemy’s space information system.’"

The report goes on to provide analysis regarding the likely motivations for the Chinese to conduct such attacks, namely that they currently have a significant competitive disadvantage in the area of satellite technology.

The full report can be found here:


Possibly Related Articles:
China Government Military Cyberwar Attacks NASA National Security hackers Satellites
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.