Chinese Military Suspected in Hacker Attacks on U.S. Satellites

[Eugen Leitl]

http://www.businessweek.com/news/2011-10-27/chinese-military-suspected-in-hacker-attacks-on-u-s-satellites.html

Chinese Military Suspected in Hacker Attacks on U.S. Satellites

October 27, 2011, 12:27 AM EDT

By Tony Capaccio and Jeff Bliss

Oct. 27 (Bloomberg) -- Computer hackers, possibly from the Chinese military,
interfered with two U.S. government satellites four times in 2007 and 2008
through a ground station in Norway, according to a congressional commission.

The intrusions on the satellites, used for earth climate and terrain
observation, underscore the potential danger posed by hackers, according to
excerpts from the final draft of the annual report by the U.S.-China Economic
and Security Review Commission. The report is scheduled to be released next
month.

bSuch interference poses numerous potential threats, particularly if achieved
against satellites with more sensitive functions,b according to the draft.
bAccess to a satellitebs controls could allow an attacker to damage or
destroy the satellite. An attacker could also deny or degrade as well as
forge or otherwise manipulate the satellitebs transmission.b

A Landsat-7 earth observation satellite system experienced 12 or more minutes
of interference in October 2007 and July 2008, according to the report.

Hackers interfered with a Terra AM-1 earth observation satellite twice, for
two minutes in June 2008 and nine minutes in October that year, the draft
says, citing a closed-door U.S. Air Force briefing.

The draft report doesnbt elaborate on the nature of the hackersb interference
with the satellites.

Chinese Military Writings

U.S. military and intelligence agencies use satellites to communicate,
collect intelligence and conduct reconnaissance. The draft doesnbt accuse the
Chinese government of conducting or sponsoring the four attacks. It says the
breaches are consistent with Chinese military writings that advocate
disabling an enemybs space systems, and particularly bground-based
infrastructure, such as satellite control facilities.b

U.S. authorities for years have accused the Chinese government of
orchestrating cyber attacks against adversaries and hacking into foreign
computer networks to steal military and commercial secrets. Assigning
definitive blame is difficult, the draft says, because the perpetrators
obscure their involvement.

The commissionbs 2009 report said that bindividuals participating in ongoing
penetrations of U.S. networks have Chinese language skills and have well
established ties with the Chinese underground hacker community,b although it
acknowledges that bthese relationships do not prove any government
affiliation.b

Chinese Denials

China this year bconducted and supported a range of malicious cyber
activities,b this yearbs draft reports. It says that evidence emerging this
year tied the Chinese military to a decade-old cyber attack on a U.S.-based
website of the Falun Gong spiritual group.

Chinese officials long have denied any role in computer attacks.

The commission has bbeen collecting unproved stories to serve its purpose of
vilifying Chinabs international image over the years,b said Wang Baodong, a
spokesman for the Chinese Embassy in Washington, in a statement. China bnever
does anything that endangers other countriesb security interests.b

The Chinese government is working with other countries to clamp down on cyber
crime, Wang said.

Defense Department reports of malicious cyber activity, including incidents
in which the Chinese werenbt the main suspect, rose to a high of 71,661 in
2009 from 3,651 in 2001, according to the draft. This year, attacks are
expected to reach 55,110, compared with 55,812 in 2010.

Relying on the Internet

In the October 2008 incident with the Terra AM-1, which is managed by the
National Aeronautics and Space Administration, bthe responsible party
achieved all steps required to command the satellite,b although the hackers
never exercised that control, according to the draft.

The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly
managed by NASA and the U.S. Geological Survey, only after tracking the 2008
breach.

The Landsat-7 and Terra AM-1 satellites utilize the commercially operated
Svalbard Satellite Station in Spitsbergen, Norway that broutinely relies on
the Internet for data access and file transfers,b says the commission,
quoting a NASA report.

The hackers may have used that Internet connection to get into the ground
stationbs information systems, according to the draft.

While the perpetrators of the satellite breaches arenbt known for sure, other
evidence uncovered this year showed the Chinese governmentbs involvement in
another cyber attack, according to the draft.

TV Report

A brief July segment on China Central Television 7, the governmentbs military
and agricultural channel, indicated that Chinabs Peoplebs Liberation Army
engineered an attack on the Falun Gong website, the draft said.

The website, which was hosted on a University of Alabama at Birmingham
computer network, was attacked in 2001 or earlier, the draft says.

The CCTV-7 segment said the Peoplebs Liberation Armybs Electrical Engineering
University wrote the software to carry out the attack against the Falun Gong
website, according to the draft. The Falun Gong movement is banned by the
Chinese government, which considers it a cult.

After initially posting the segment on its website, CCTV-7 removed the
footage after media from other countries began to report the story, the
congressional draft says.

Military Disruption

The Chinese military also has been focused on its U.S. counterpart, which it
considers too reliant on computers. In a conflict, the Chinese would try to
bcompromise, disrupt, deny, degrade, deceive or destroyb U.S. space and
computer systems, the draft says.

bThis could critically disrupt the U.S. militarybs ability to deploy and
operate during a military contingency,b according to the draft.

Other cyber intrusions with possible Chinese involvement included the
so-called Night Dragon attacks on energy and petrochemical companies and an
effort to compromise the Gmail accounts of U.S. government officials,
journalists and Chinese political activists, according to the draft.

Often the attacks are found to have come from Chinese Internet-protocol, or
IP, addresses.

Businesses based in other countries and operating in China think that
computer network intrusions are among the bmost serious threats to their
intellectual property,b the draft says.

The threat extends to companies not located in China. On March 22, U.S.
Internet traffic was bimproperlyb redirected through a network controlled by
Beijing-based China Telecom Corp. Ltd., the state-owned largest provider of
broadband Internet connections in the country, the draft said.

In its draft of last yearbs report, the commission highlighted Chinabs
ability to direct Internet traffic and exploit bhijackedb data.

--Editors: John Walcott, Jim Rubin.

To contact the reporters on this story: Jeff Bliss in Washington at
jbliss at bloomberg.net; Tony Capaccio in Washington at acapaccio at bloomberg.net

To contact the editor responsible for this story: Mark Silva in Washington at
msilva34 at bloomberg.net