China key suspect in U.S. satellite hacks: commission

Reuters News
Posted: Oct 28, 2011 1:18 PM
China key suspect in U.S. satellite hacks: commission

By Jim Wolf

WASHINGTON (Reuters) - At least two U.S. government civilian satellites were interfered with four or more times in 2007 and 2008 via a ground station in Norway, and China's military is a prime suspect, a draft of a report to Congress said.

The U.S.-China Economic and Security Review Commission, which reported the interference, said it was "consistent with PLA doctrine," Larry Wortzel, one of the 12 commissioners, told Reuters on Friday. PLA is short for China's People's Liberation Army.

Wortzel, a retired U.S. Army colonel and former military attache in China, cautioned that commissioners cannot be sure that the activity in question can be linked to China.

But he said Beijing had conducted numerous tests on space warfare systems in 2007 and 2008.

"I don't think it is a wild analytical leap to suggest that these hacks could have been part of that matrix of testing," Wortzel said in an email.

Pinpointing responsibility for a cyberattack can be extremely difficult. Hackers typically mask their tracks by routing intrusions through computers on multiple continents and may make an attack appear to come from a third country.

The commission's account is based largely on a May 12 U.S. Air Force briefing for the commission, which was set up by Congress in 2000 to report on the national security implications of U.S.-China trade. Its final 2011 report is due to be sent to lawmakers on November 16.

The events at issue have not been traced to China but are being cited "because the techniques appear consistent with authoritative Chinese military writings" that have advocated disabling satellite control facilities in any conflict, the report said.

But Kongsberg Satellite Services, the Norwegian company that owns and operates the ground station said to have been penetrated by hackers, said it had no indication of the reported interference.

"Our systems indicated nothing and neither did NASA's," Kongsberg Satellite Services President Rolf Skatteboe told Reuters in Oslo. "We don't understand where this is coming from." NASA did not immediately return a phone call seeking comment.

The bipartisan commission typically goes much further in publicly outlining perceived cyber threats to national security from Beijing than have U.S. administrations, which must deal with other issues on which China's cooperation is critical. These include North Korea's nuclear program, regional security and matters before the U.N. Security Council.

The U.S. Defense Department said in response to the report that it is monitoring China's development of "counter-space" capabilities but would not comment on the alleged hacking.

The department is increasing the resilience of U.S. space architectures and is improving "the ability to operate in a degraded environment," among other precautionary steps, said Army Lieutenant Colonel James Gregory, a Pentagon spokesman.

A spokesman for the Chinese Embassy in Washington did not immediately respond to Reuters' request for comment.


The targeted spacecraft are used for climate and terrain monitoring, the report said. A Landsat-7 earth observation satellite, jointly managed by the National Aeronautics and Space Administration and the U.S. Geological Survey, experienced 12 or more minutes of interference in October 2007 and July 2008, the report said.

A NASA-managed Terra AM-1 earth observation satellite was similarly interfered with for two minutes or more on June 20, 2008, and at least nine minutes on October 22, 2008, it said.

Hackers appear to have gained access through Svalbard Satellite Station, or SvalSat, in Spitsbergen, Norway, which routinely connects to the Internet to transfer data, the draft added in an excerpt provided to Reuters.

Located about 750 miles/1,200 km from the North Pole, SvalSat is well-placed to communicate with satellites in polar orbit, the report said.

The report does not spell out the nature of the interference, but says that hackers "achieved all steps required to command" the Terra AM-1 satellite without ever actually exercising that control.

The commission said the interference was disturbing because it could be used to access satellites with more sensitive functions.

"For example, access to a satellite's controls could allow an attacker to damage or destroy the satellite. The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission," the report said.

(Additional reporting by Terje Solsvik and Joachim Dagenborg in Oslo; Editing by Warren Strobel and Doina Chiacu)