Cyberwarfare

An Unknown Number of Hackers Broke into a U.S. Navy Computer System

Secret Military Satellite Control Software Stolen - Damage Unclear
by Dan Verton

Source: Computer World
http://computerworld.com/cwi/story/0%2C1199%2CNAV47_STO58348_NLTpm%2C0 0.html

March 7, 2001

Defense contractor Exigent International Inc. last week disclosed that an unknown number of hackers broke into a U.S. Navy computer system and made off with source code that controls dozens of military and commercial satellite systems around the world.

The Melbourne, Fla.-based company said in a statement issued Friday that the incident, which occurred Dec. 24, may have compromised a small portion of an older version of its OS/COMET software that was stored on a computer at the Naval Research Laboratory in Washington. OS/COMET is commercial software that allows ground station operators to monitor satellite systems and communicate commands to those systems.

"Only a portion of an older version of the source code was downloaded," said B.R. Smedley, Exigent’s chairman and CEO, in a statement. "Because one of our government customers was the target of this cyber crime, we are working closely with them, as well as domestic law enforcement and international organizations to remedy the breach of security."

However, experts agree that it is unclear how much damage the compromise has done to the security of dozens of military navigation and commercial communications satellites that use the software. Although the FBI has declined to comment on the investigation, the incident has been traced to systems in Sweden and a university in Kaiserslautern, Germany.

"Hypothetically, the source code might allow an adversary to identify flaws that could be exploited at a later date to disrupt communications," said Steven Aftergood, an intelligence analyst with the Federation of American Scientists in Washington. "But that’s a lot easier said than done."

Allen Thomson, a former CIA scientist and an avid satellite tracker, said although the OS/COMET software is now a commercial product, it started as a classified defense program in the 1980s. "I suppose that if the control systems using it left themselves open to penetration, possession of the source code could help figure out how to write malicious commands that could be sent to the satellites," he said.

In addition to the Air Force’s 24 NAVSTAR global positioning system (GPS) satellites, OS/COMET is used by the entire constellation of more than 70 satellites owned by Iridium LLC. The software is also used by several NASA programs, direct broadcast and Internet satellite systems operated by DACOM, one of the largest telecommunications companies in Korea, and Food Automation-Service Techniques Inc., a Stratford, Conn.-based manufacturer of electronic controls to major restaurant chains and commercial appliance manufacturers.

Word of the theft comes less than a month after the national Counterintelligence Center issued its annual report to Congress on foreign industrial espionage operations targeted at U.S. high-tech companies involved in military contracts. The report identified satellite communications systems technology as among the top four technologies most often targeted by foreign espionage efforts.

"Countries with less developed industrial sectors often prefer older "off-the-shelf" hardware and software," the report stated. "They will also seek military technologies that are at least a generation old because such technologies cost less, are easier to procure, and are more suitable for integration into their military structures," according to the report.

"There’s a tremendous amount you can learn from the code," said Amit Yoran, CEO of Riptech Inc., an Alexandria, Va.-based network security consulting firm. Although military and commercial satellite control links are typically protected by encryption, companies should still be concerned about having a portion of this source code out in the open, said Yoran, who is also the former director of vulnerability assessments at the Defense Department’s Computer Emergency Response Team.

"Clearly it could help a hacker take control of a system," said Yoran. "You want to control this information because all of a sudden hackers have all sorts of new tricks to exploit systems."

Yoran recommended that the companies and agencies affected by the theft begin to "carefully consider" how this software is used and how the systems connect. "They need to review what the access [mechanisms] to these systems look like," said Yoran. However, "it doesn’t seem to me that these are easily accessible Internet systems," he said.

Still, a major software revision may still be necessary if the investigation uncovers more damage than originally thought. "Since the intruder was detected, that should make it possible to minimize the practical consequences of the incident by revising the source code if necessary," said Aftergood. "This is probably just another case of cyber-vandalism. It’s aggravating, but it’s a fact of life."

Back To Contents