Secret Military Satellite Control
Software Stolen - Damage Unclear
Source: Computer World
March 7, 2001
Defense contractor Exigent International Inc. last week
disclosed that an unknown number of hackers broke into a U.S. Navy
computer system and made off with source code that controls dozens of
military and commercial satellite systems around the world.
The Melbourne, Fla.-based company said in a statement
issued Friday that the incident, which occurred Dec. 24, may have
compromised a small portion of an older version of its OS/COMET
software that was stored on a computer at the Naval Research
Laboratory in Washington. OS/COMET is commercial software that allows
ground station operators to monitor satellite systems and communicate
commands to those systems.
"Only a portion of an older version of the source code
was downloaded," said B.R. Smedley, Exigent’s chairman and CEO, in a
statement. "Because one of our government customers was the target of
this cyber crime, we are working closely with them, as well as
domestic law enforcement and international organizations to remedy the
breach of security."
However, experts agree that it is unclear how much
damage the compromise has done to the security of dozens of military
navigation and commercial communications satellites that use the
software. Although the FBI has declined to comment on the
investigation, the incident has been traced to systems in Sweden and a
university in Kaiserslautern, Germany.
"Hypothetically, the source code might allow an
adversary to identify flaws that could be exploited at a later date to
disrupt communications," said Steven Aftergood, an intelligence
analyst with the Federation of American Scientists in Washington. "But
that’s a lot easier said than done."
Allen Thomson, a former CIA scientist and an avid
satellite tracker, said although the OS/COMET software is now a
commercial product, it started as a classified defense program in the
1980s. "I suppose that if the control systems using it left themselves
open to penetration, possession of the source code could help figure
out how to write malicious commands that could be sent to the
satellites," he said.
In addition to the Air Force’s 24 NAVSTAR global
positioning system (GPS) satellites, OS/COMET is used by the entire
constellation of more than 70 satellites owned by Iridium LLC. The
software is also used by several NASA programs, direct broadcast and
Internet satellite systems operated by DACOM, one of the largest
telecommunications companies in Korea, and Food Automation-Service
Techniques Inc., a Stratford, Conn.-based manufacturer of electronic
controls to major restaurant chains and commercial appliance
manufacturers.
Word of the theft comes less than a month after the
national Counterintelligence Center issued its annual report to
Congress on foreign industrial espionage operations targeted at U.S.
high-tech companies involved in military contracts. The report
identified satellite communications systems technology as among the
top four technologies most often targeted by foreign espionage
efforts.
"Countries with less developed industrial sectors often
prefer older "off-the-shelf" hardware and software," the report
stated. "They will also seek military technologies that are at least a
generation old because such technologies cost less, are easier to
procure, and are more suitable for integration into their military
structures," according to the report.
"There’s a tremendous amount you can learn from the
code," said Amit Yoran, CEO of Riptech Inc., an Alexandria, Va.-based
network security consulting firm. Although military and commercial
satellite control links are typically protected by encryption,
companies should still be concerned about having a portion of this
source code out in the open, said Yoran, who is also the former
director of vulnerability assessments at the Defense Department’s
Computer Emergency Response Team.
"Clearly it could help a hacker take control of a
system," said Yoran. "You want to control this information because all
of a sudden hackers have all sorts of new tricks to exploit systems."
Yoran recommended that the companies and agencies
affected by the theft begin to "carefully consider" how this software
is used and how the systems connect. "They need to review what the
access [mechanisms] to these systems look like," said Yoran. However,
"it doesn’t seem to me that these are easily accessible Internet
systems," he said.
Still, a major software revision may still be necessary
if the investigation uncovers more damage than originally thought.
"Since the intruder was detected, that should make it possible to
minimize the practical consequences of the incident by revising the
source code if necessary," said Aftergood. "This is probably just
another case of cyber-vandalism. It’s aggravating, but it’s a fact of
life."
by Dan Verton
http://computerworld.com/cwi/story/0%2C1199%2CNAV47_STO58348_NLTpm%2C0
0.html