Chinese Military Suspected in Hacker Attacks on U.S. Satellites

Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission.

The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month.

“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite‘s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”

A Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, according to the report.

Hackers interfered with a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year, the draft says, citing a closed-door U.S. Air Force briefing.

The draft report doesn’t elaborate on the nature of the hackers’ interference with the satellites.

Chinese Military Writings

U.S. military and intelligence agencies use satellites to communicate, collect intelligence and conduct reconnaissance. The draft doesn’t accuse the Chinese government of conducting or sponsoring the four attacks. It says the breaches are consistent with Chinese military writings that advocate disabling an enemy’s space systems, and particularly “ground-based infrastructure, such as satellite control facilities.”

U.S. authorities for years have accused the Chinese government of orchestrating cyber attacks against adversaries and hacking into foreign computer networks to steal military and commercial secrets. Assigning definitive blame is difficult, the draft says, because the perpetrators obscure their involvement.

The commission’s 2009 report said that “individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community,” although it acknowledges that “these relationships do not prove any government affiliation.”

Chinese Denials

China this year “conducted and supported a range of malicious cyber activities,” this year’s draft reports. It says that evidence emerging this year tied the Chinese military to a decade-old cyber attack on a U.S.-based website of the Falun Gong spiritual group.

Chinese officials long have denied any role in computer attacks.

The commission has “been collecting unproved stories to serve its purpose of vilifying China’s international image over the years,” said Wang Baodong, a spokesman for the Chinese Embassy in Washington, in a statement. China “never does anything that endangers other countries’ security interests.”

The Chinese government is working with other countries to clamp down on cyber crime, Wang said.

Defense Department reports of malicious cyber activity, including incidents in which the Chinese weren’t the main suspect, rose to a high of 71,661 in 2009 from 3,651 in 2001, according to the draft. This year, attacks are expected to reach 55,110, compared with 55,812 in 2010.

Relying on the Internet

In the October 2008 incident with the Terra AM-1, which is managed by the National Aeronautics and Space Administration, “the responsible party achieved all steps required to command the satellite,” although the hackers never exercised that control, according to the draft.

The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly managed by NASA and the U.S. Geological Survey, only after tracking the 2008 breach.

The Landsat-7 and Terra AM-1 satellites utilize the commercially operated Svalbard Satellite Station in Spitsbergen, Norway that “routinely relies on the Internet for data access and file transfers,” says the commission, quoting a NASA report.

The hackers may have used that Internet connection to get into the ground station’s information systems, according to the draft.

While the perpetrators of the satellite breaches aren’t known for sure, other evidence uncovered this year showed the Chinese government’s involvement in another cyber attack, according to the draft.

TV Report

A brief July segment on China Central Television 7, the government’s military and agricultural channel, indicated that China’s People’s Liberation Army engineered an attack on the Falun Gong website, the draft said.

The website, which was hosted on a University of Alabama at Birmingham computer network, was attacked in 2001 or earlier, the draft says.

The CCTV-7 segment said the People’s Liberation Army’s Electrical Engineering University wrote the software to carry out the attack against the Falun Gong website, according to the draft. The Falun Gong movement is banned by the Chinese government, which considers it a cult.

After initially posting the segment on its website, CCTV-7 removed the footage after media from other countries began to report the story, the congressional draft says.

Military Disruption

The Chinese military also has been focused on its U.S. counterpart, which it considers too reliant on computers. In a conflict, the Chinese would try to “compromise, disrupt, deny, degrade, deceive or destroy” U.S. space and computer systems, the draft says.

“This could critically disrupt the U.S. military’s ability to deploy and operate during a military contingency,” according to the draft.

Other cyber intrusions with possible Chinese involvement included the so-called Night Dragon attacks on energy and petrochemical companies and an effort to compromise the Gmail accounts of U.S. government officials, journalists and Chinese political activists, according to the draft.

Often the attacks are found to have come from Chinese Internet-protocol, or IP, addresses.

Businesses based in other countries and operating in China think that computer network intrusions are among the “most serious threats to their intellectual property,” the draft says.

The threat extends to companies not located in China. On March 22, U.S. Internet traffic was “improperly” redirected through a network controlled by Beijing-based China Telecom Corp. Ltd., the state-owned largest provider of broadband Internet connections in the country, the draft said.

In its draft of last year’s report, the commission highlighted China’s ability to direct Internet traffic and exploit “hijacked” data.

To contact the reporters on this story: Jeff Bliss in Washington at jbliss@bloomberg.net; Tony Capaccio in Washington at acapaccio@bloomberg.net

To contact the editor responsible for this story: Mark Silva in Washington at msilva34@bloomberg.net

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.