The number of satellites transmitting GPS locations, cellphone signals and other sensitive information has been rapidly increasing, which has resulted in the creation of favorable circumstances for hackers. Even with all the advances in satellite technology, much of the US military’s satellite technology remains vulnerable.
Earlier in the month, Bleeping Computer reported on a cyber-espionage group believed to be operating out of China who hacked companies who develop satellite communications and geospatial imaging. They also targeted defense contractors from the US and Southeast Asia:
"The company said that responsible for the attacks was an advanced persistent threat (APT, a term used to describe cyber-espionage groups) known under the codename of Thrip. The recent attacks were difficult to detect, the company said. Hackers used a technique known as "living off the land,"which consists of using local tools already available on the operating system to carry out malicious operations."
"The purpose of living off the land is twofold," Symantec explained. "By using such features and tools, attackers are hoping to blend in on the victim’s network and hide their activity in a sea of legitimate processes. Secondly, even if malicious activity involving these tools is detected, it can make it harder to attribute attacks."
Symantec researchers released a report, a year ago, on attackers who "live off the land.” According to Symantec's documentation, "living of the land" is a growing trend and includes tactics such as memory-only threats, fileless persistence, dual use tools, and non-PE file attacks. By using these approaches the attackers create fewer new files on the hard disk, which means they have less of a chance of being detected by traditional security tools. It also minimizes the likelihood of being their being blocked.
The risks to satellites are exacerbated by the amount of aging satellite systems in circulation. And, the outdated systems are even more desirable targets for hacking. Espionage-related hacking of telecommunications is hardly new, but experts say it is simply a new twist on an old problem. Michael Daniel, former special assistant and cybersecurity coordinator for the Obama administration said in an interview with The Hill that the US didn’t initially view cyberspace as a threat vector when satellites first began taking up residence in space. Now, the federal government is going to have to come to terms with this expanding environment.
When hackers gain access to satellites, the damage done can continue indefinitely because they can gather information on their victims by tracking the traffic that comes through the satellites over time and exploit it some time in the future. "If they can siphon of real activity data ... they are going to aggregate a lot of information how our operations are running, what we are requesting, what we are looking at, what are concerns are, so out of that you can get a really good picture,” Jan Kallberg, research scientist at West Point’s Army Cyber Institute, said. "If you listen to logistic requests for a long time, you would be able to know what the weaknesses are or what is problematic for us."
Foreign nations could secretly slip into satellite systems now, await an opportune time, such as a war, and then commandeer the systems. Daniel pointed out that the ability to cause disruption with satellites is a capability that would be highly sought after since it would allow threat actors to leverage US assets to their advantage.
Russia and other nation states, such as China, have demonstrated their willingness to deploy cyber weapons. And, both have also been tied to, or at least suspected in, satellite hacking campaigns.
The heightened concern regarding satellite-focused hackers comes just months after the Federal Communications Commission granted SpaceX, Elon Musk's space program, permission to "construct, deploy, and operate” a satellite system comprising of roughly 4,400 satellites.
Satellites remain vulnerable to jamming from inexpensive tools, according to a report released in April, by the CSIS Aerospace Security Project. "The technology needed to jam many types of satellite signals is commercially available and relatively inexpensive,” the report reads. Spoofing, or trying to hoodwink receivers into believing manipulated data from an attacker is real, is also an affordable hack for those who seek to interfere with satellite connectivity. Attacks like these can disrupt communications or position, navigation and timing techniques.
The report, "Space Threat Assessment 2018”, indicates that while US near-peer adversaries have made advancements in more advanced kinetic weapons, like direct ascent anti-satellite weapons, jamming technology is still seen as critical. "China has made the development and deployment of satellite jamming systems a high priority,” according to the report.
The capability to jam and spoof signals is only expected to proliferate. The report mentions that once a jammer or spoofer is developed, "it is relatively inexpensive to produce and deploy in large numbers and can be proliferated to other state and non-state actors.”
Gaining access to satellites via social engineering and/or infiltration is another method that may be attempted by threat actors.