Incident: Chinese Hackers Target U.S. Satellites: 2007-2008 Cyber Attacks

Published Date: 2011-11-18

Postmortem Analysis
Timeline 1. The software failure incident involving the hacking of two U.S. satellites occurred between 2007 and 2008 as reported in Article 9043.
System The software failure incident mentioned in the article involves the interference with two U.S. government satellites, specifically the Landsat-7 earth observation satellite system and the Terra AM-1 earth observation satellite. These satellites were targeted by hackers, and the incident highlighted vulnerabilities in the systems that allowed unauthorized access and potential control over the satellites [9043]. Therefore, the systems that failed in this software failure incident are: 1. Landsat-7 earth observation satellite system 2. Terra AM-1 earth observation satellite
Responsible Organization 1. Chinese military [9043] 2. Hackers backed by China [9043]
Impacted Organization 1. U.S. government satellites [9043] 2. Nasa or the U.S. Geological Survey [9043]
Software Causes 1. Unknown
Non-software Causes 1. Interference with the environment-monitoring satellites by Chinese hackers [9043] 2. Lack of conclusive evidence attributing the incidents to China [9043] 3. Rising tensions between the U.S. and China over military presence in the Pacific [9043] 4. Political disputes and maritime tensions in the South China Sea [9043]
Impacts 1. The software failure incident resulted in Chinese hackers breaching security on U.S. government satellites, including interference with the Landsat-7 and Terra AM-1 earth observation satellites multiple times between 2007 and 2008 [9043]. 2. The hackers were able to achieve control over the satellites during the final hack but did not exercise that control [9043]. 3. The incident raised concerns about the potential for China to take over satellites in the event of a conflict, using them for their own purposes or to destroy enemy craft [9043]. 4. The U.S. military and intelligence agencies, which rely on these satellites for communication, intelligence collection, and reconnaissance, were impacted by the software failure incident [9043].
Preventions 1. Implementing stronger cybersecurity measures to protect the satellites from hacking attempts [9043]. 2. Enhancing network security protocols to prevent unauthorized access to satellite control systems [9043]. 3. Conducting regular security audits and assessments to identify and address vulnerabilities in the satellite systems [9043]. 4. Increasing awareness and training for personnel operating and managing the satellite systems to recognize and respond to potential cyber threats [9043].
Fixes 1. Enhancing cybersecurity measures to prevent future hacking attempts [9043] 2. Implementing stricter access controls and authentication mechanisms for satellite control systems [9043] 3. Conducting thorough investigations to identify vulnerabilities and patch them to prevent similar incidents in the future [9043]
References 1. U.S. Strategic Command chief [9043] 2. Congressional report [9043] 3. U.S.-China Economic Security and Review Commission report [9043]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: The incident of hackers interfering with U.S. government satellites in 2007 and 2008, particularly the Landsat-7 and Terra AM-1 earth observation satellites, is an example of a software failure incident that happened again within the same organization or with its products and services. These satellites were run by NASA and the U.S. Geological Survey and were targeted by Chinese hackers [9043]. (b) The software failure incident having happened again at multiple_organization: There is no specific information in the provided article about the software failure incident happening again at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase is evident in the article where Chinese hackers targeted and interfered with two U.S. government satellites, the Landsat-7 and Terra AM-1 earth observation satellites. The report to Congress revealed that the hackers breached security on these satellites on multiple occasions between 2007 and 2008, indicating a failure in the design or security measures of the satellite systems [9043]. (b) The software failure incident related to the operation phase is highlighted in the article where the Chinese hackers interfered with the operation of the Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October of the same year. During the final hack, the responsible party achieved all steps required to command the satellite but did not do so, indicating a failure in the operation or control of the satellite system [9043].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident involving the hacking of two U.S. satellites was primarily attributed to contributing factors that originated from within the system. The incident involved Chinese agents breaching security on the environment-monitoring satellites, with the last hack being so effective that they could have completely taken control of the satellite but chose not to do so [9043]. The report to Congress revealed that the hacking attempts were traced to a station in Norway, which the satellites used for data access and file transfers, indicating a vulnerability within the system that was exploited by the hackers [9043]. (b) outside_system: The software failure incident related to the hacking of the U.S. satellites also had contributing factors that originated from outside the system. The attacks were attributed to Chinese military hackers, indicating an external threat to the system's security [9043]. Additionally, the incident occurred amid rising tensions between the U.S. and China, with the U.S. expanding its military presence in the Pacific to counterbalance China's influence, highlighting external geopolitical factors influencing the software failure incident [9043].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident reported in the articles was attributed to hackers believed to be associated with the Chinese military. The incident involved the interference with two U.S. government satellites, the Landsat-7 and Terra AM-1 earth observation satellites, by hackers. The hackers were able to breach security on the satellites on multiple occasions between 2007 and 2008, with the potential to take complete control of the satellites but choosing not to do so. The interference with the satellites was part of a larger cyber attack operation, indicating a non-human action leading to the software failure incident [9043]. (b) The software failure incident occurring due to human actions: The software failure incident was not directly caused by human actions in terms of introducing contributing factors that led to the failure. However, the incident was a result of deliberate hacking activities carried out by individuals believed to be associated with the Chinese military. These hackers targeted the U.S. government satellites, indicating a human-initiated action that resulted in the software failure incident [9043].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The incident involved hackers targeting two U.S. government satellites, the Landsat-7 and Terra AM-1 earth observation satellites, by breaching security on the environment-monitoring craft [9043]. - The satellites affected were run by Nasa or the U.S. Geological Survey and were mostly used for climate observation, but the U.S. military and intelligence agencies also use them to communicate, collect intelligence, and conduct reconnaissance [9043]. - Both craft use the commercially operated Svalbard Satellite Station in Spitsbergen, Norway, that ‘routinely relies on the Internet for data access and file transfers,’ indicating a potential hardware vulnerability through the Internet connection [9043]. (b) The software failure incident occurring due to software: - The incident involved hackers interfering with the control of the satellites, with the last hack being so effective that they could have completely taken control of the satellite but did not do so [9043]. - The report mentioned that the responsible party achieved all steps required to command the satellite during the final hack, indicating a software-related vulnerability that allowed unauthorized access and control [9043]. - General Robert Kehler, commander of the U.S. Strategic Command, mentioned that the information available was ‘inconclusive,’ suggesting a lack of clarity on whether the software itself was compromised or if the attack was solely due to software vulnerabilities [9043].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in the articles is malicious. Chinese agents are suspected of interfering with two U.S. government satellites in a sophisticated hacking operation. The hackers breached security on the environment-monitoring satellites multiple times between 2007 and 2008, with the ability to potentially take complete control of the satellites but choosing not to do so. The techniques used in the attacks were consistent with known Chinese cyber war techniques, indicating a deliberate attempt to compromise the satellites for potential military advantage [9043].
Intent (Poor/Accidental Decisions) unknown The software failure incident reported in the articles is related to intentional actions rather than accidental decisions. The incident involved deliberate hacking attempts by Chinese agents to interfere with two U.S. government satellites between 2007 and 2008. The hackers breached security on the environment-monitoring satellites and were able to interfere with their operations, with the potential capability to take full control of the satellites but choosing not to do so [9043]. The report to Congress indicated that the techniques used in the attacks were consistent with known Chinese cyber war techniques, suggesting a deliberate and strategic effort to compromise the satellites [9043].
Capability (Incompetence/Accidental) accidental (a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article. Therefore, it is unknown if the incident was due to contributing factors introduced due to lack of professional competence by humans or the development organization. (b) The software failure incident related to accidental factors is evident in the article. The article reports that Chinese hackers interfered with two U.S. government satellites, the Landsat-7 and Terra AM-1 earth observation satellites, in 2007 and 2008. The hackers breached security on these environment-monitoring craft, with the last hack being so effective that they could have completely taken control of the satellite but did not do so. This interference was likely accidental, as the responsible party achieved all steps required to command the satellite but did not proceed to take control [9043].
Duration temporary The software failure incident related to the hacking of the U.S. satellites can be categorized as a temporary failure. The incidents involving the interference with the Landsat-7 and Terra AM-1 earth observation satellites were temporary in nature as the hackers were able to interfere with the satellites for specific durations. For example, the Landsat-7 satellite experienced interference for 12 or more minutes in October 2007 and July 2008, while the Terra AM-1 satellite was interfered with for two minutes in June 2008 and nine minutes in October 2008 [9043]. These specific durations indicate that the software failure incidents were temporary and not permanent.
Behaviour crash, byzantine (a) crash: The software failure incident described in the articles can be categorized as a crash. The incident involved hackers interfering with two U.S. government satellites, specifically a Landsat-7 earth observation satellite system and a Terra AM-1 earth observation satellite. The hackers were able to breach security on these satellites, with the Terra AM-1 satellite experiencing interference for two minutes in June 2008 and nine minutes in October 2008. During the final hack on the Terra AM-1 satellite, the responsible party achieved all steps required to command the satellite but did not do so, indicating a loss of control or potential crash scenario [9043]. (e) byzantine: The software failure incident can also be classified as a byzantine failure. The incident involved sophisticated hacking operations by Chinese agents, with the techniques used being consistent with authoritative Chinese military writings that have advocated disabling a foe's satellite control facilities on the ground in a conflict. The behavior of the hackers in interfering with the satellites and potentially gaining control over them while not executing certain commands despite having the capability can be seen as exhibiting inconsistent responses and interactions, characteristic of a byzantine failure [9043].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence non-human, theoretical_consequence (a) unknown (b) unknown (c) unknown (d) unknown (e) unknown (f) unknown (g) no_consequence (h) harm: The software failure incident involving the hacking of two U.S. satellites did not result in any observed consequences as the hackers did not take full control of the satellites despite having the capability to do so. The incident was described as a potential threat where China could potentially take over satellites and use them for their own ends or maneuver them to destroy craft belonging to its enemies [9043].
Domain information, knowledge, government (a) The failed system was intended to support the industry of information, specifically in the field of earth observation and climate monitoring. The affected satellites, such as Landsat-7 and Terra AM-1, were used for climate observation and data collection [9043]. These satellites were run by organizations like NASA and the U.S. Geological Survey, indicating their role in information gathering and distribution related to environmental monitoring. (i) The failed system was also related to the industry of knowledge, particularly in the realm of space exploration. The satellites targeted in the cyber attacks were involved in earth observation and data collection for research purposes [9043]. This aligns with the broader goal of advancing knowledge through space exploration and scientific endeavors. (l) Additionally, the incident has implications for the government sector. The U.S. government was directly involved as the satellites targeted were government-owned and used by military and intelligence agencies for communication, intelligence gathering, and reconnaissance purposes [9043]. The report to Congress and the involvement of the U.S.-China Economic Security and Review Commission highlight the government's interest and concern regarding these cyber attacks.

Sources

Back to List