The Messy Future of Satellite Cyberattacks

Outdated technology, malware, and GPS-spoofing: Satellites offer hackers a new frontier of earthly disruption

satellite cybersecurity

This week, countless people looked up at the sky to marvel at a full solar eclipse. But as magical as space can be, it’s also ripe for not-so-magical observations: Peppered with more than 1,300 active satellites orbiting the Earth, it is becoming the next horizon for cyber attacks.

Earlier this month, CyberScoop (via papers leaked to The Intercept) reported, “Russian intelligence services have been capable of hijacking satellite signals to launch stealthy cyberattacks since at least 2013.” The idea is that the Russians can manipulate satellites to send anonymous commands to targeted devices.

This doesn’t require a stretch of the imagination. Two years back, Russian hackers, who call themselves Turla, used satellite Internet connections to steal research and military data from American and European governments. The group, thought to be sponsored by the Kremlin, took advantage of older satellites that were vulnerable, lacking “support for encrypted connections,” The Hacker News explained. Turla chose IPs from users accessing the satellite and planted malware on their computers to configure (and hide) command-and-control servers.

Last year, NASA reported 1,484 cyber incidents, including websites or web-app based attacks. The agency’s CISO, Jeanette Hanna-Ruiz, challenged with securing sensitive data that makes its way to and from Earth, says they are “working to ‘harden’ old industrial-control systems, such as those used to launch spacecraft,” Bloomberg writes.

In general, sneak attacks on satellites tend to be fairly pricey, while data-exfiltration can be slow. So they’re not appealing to everyday hackers. However, they do provide a great degree of stealth, which attracts nation states and organized criminals. After all, even out-of-operation satellites offer attack vectors.

Every active satellite orbiting Earth (source: Quartz, 12/21/15, click for the full interactive graphic)

Updating software would help, as would the less cost-effective option of replacing satellites or removing them. China, meanwhile, has developed what it hopes is a sophisticated, hacker-proof quantum satellite to encrypt data traveling from space to Earth.

For now, from a realistic, risk-management perspective, enterprise leaders must understand that satellite attacks ultimately have earthly reverberations. Protecting terrestrial systems is essential. Cybersecurity solutions with expansive, entity-level visibility (users, files, servers, devices) will be transformative in pinpointing and eliminating threats stemming from satellites.

It’s convenient to view governments as primary targets here. But malicious satellite activity could also impact air traffic, telecommunications companies, business/finance enterprises, and other industries. (Turla, for instance, has already targeted pharma, educational, and research facilities in the past.)

Think, too, of GPS’ prominence in our lives. Speculation has abounded that the USS John S. McCain’s collision last week with an oil tanker was caused by GPS spoofing. It was the fourth naval-warship accident this year in the Pacific. (The government has yet to confirm the cause behind the most recent incident.)

“A large part of the critical infrastructure is sitting up there [in space], and not a lot can be done about it,” Patricia Lewis, research director at Chatham House’s International Security Department, told Wired. “It’s very old technology. And it has never had any cyber protection built in.”