15 September 2015

RUSSIAN HACKERS HIJACK SATELLITE — TO STEAL DATA FROM THOUSANDS OF HACKED COMPUTERS

September 10, 2015

Russian Hackers Hijack Satellite — To Steal Data From Thousands Of Hacked Computers

www.fortunascorner.com

Swati Khandelwal, writes in the September 10, 2015 TheHackerNews.com, that “a group of Russian hackers, most notably the Turla APT (Advanced Persistent Threat), is hijacking commercial satellites to hide command-and-control operations,” according to the Moscow-based, security firm — Kaspersky Labs. According to Kapersky, Turla APT group, which was named after its notorious software — Epic Turla — is abusing satellite-based Internet connections to: 

— Siphon sensitive data from government, military, diplomatic, research, and educational organizations in the United States and Europe;

— Hide their command-and-control servers from law enforcement agencies.

“Despite some of their operations being discovered last year,” Mr. Khandelwal writes, “Turla APT group has been active for close to a decade, while remaining ‘invisible’ by cleverly hiding from law enforcement agencies and [cyber] security firms.” Kapersky Lab’s report notes that “the group disguised itself by using commercial satellite connections, to hide their command-and-control servers.”

TheHackerNews, asserts that “Turla is a sophisticated Russian cyber-espionage group, believed to be sponsored by the Russian government — that has targeted a number of government, military, embassy, research, and pharmaceutical organizations in more than 45 countries — including China, Vietnam, and the United States.”

Hijacking Satellites To Hide Command-And-Control Servers

“The group is known for exploiting highly critical vulnerabilities in both Windows, as well as the Linux systems, but…..the satellite-based communication technique used by the group to help hide their location of their servers appears to be more sophisticated than previous ones,” Kaspersky researchers claim.

Mr. Khandelwal writes that “the Turla hackers exploit the fact that older satellites that orbit around the Earth:

— Don’t come with support for encrypted communications; and,

— Relies on unsuspecting users of the satellite Internet service providers across the world.” 

How The Scheme Works

Mr. Khandelwal notes that “the technique is quite simple — because you have a lot of vulnerable satellites orbiting around the Earth, and sending unencrypted [Internet] traffic to a designed…geographical location. The Turla group only needs: 

— A rented house in an area where the vulnerable satellites provide coverage;

— A satellite dish to intercept the traffic;

— A landline Internet connection.

“Turla hackers sniff through the traffic that comes down from the satellite [likely using big data mining, meta-data tagging, and/or, sophisticate algorithms] and select an IP address of a random user online at that moment. Once selected, the hackers then try to infect the targeted computer with malware — in order to configure the domain names for [the] hacker’s command-and-control (C&C) servers to point [zero in on] that IP address. Once Turla hackers gain control of the Satellite user’s system, the hackers instruct the botnet computers to send the stolen data to the command-and-control (C&C) server (compromised satellite user).”

“The sneaky part here,” Mr. Khandelwal writes, is: The Turla hackers are effectively hiding their location from investigators as they can be anywhere in the range of the satellite beam, i.e., thousands of miles.”

The Cyber Threat To Our Overhead Satellite Constellation Has Been A Growing Concern For Years

The news that older satellites are vulnerable to hacking is not a new story. It has been a growing concern in the intelligence, military, and national security/critical infrastructure domains for many years. At last year’s Black Hat convention in Las Vegas, cyber security analyst Ruben Santamarta of IOActive, presented a “much anticipated paper showing that communications devices from Harris, Hughes, Cobham, Thuraya, JRC, and Iridium — are all highly vulnerable to [cyber] attack,” — Patrick Tucker wrote in DefenseOne. “The security flaws are numerous; but, the most important one — the one that’s most consistent across the systems — is back doors,” Mr. Santamarta contends. “Another common security flaw,” he observed was hardcoded credentials, which allows multiple users access to a system — via a single login identity.”

Santamarta argued that “a satellite communications system that’s common in military aviation, the Cobham Aviator 700D, could be hacked in a way that could affect devices that interact with critical systems — possibly resulting in “catastrophic failure.” Mr. Tucker adds that “in conversations with reporters, Santamarta was careful to point out that none of the vulnerabilities he found could directly cause a plane to crash, or override pilot commands. But, the security gaps were significant enough,” he argued, — “that a hacker could make it much harder to fly.”

“The most serious vulnerability, Santamarta found on Cobham’s equipment,” writes Mr. Tucker, “allowed a hacker access to systems swift broadband unit, or SBU, and the satellite data unit, SDU.” “Any of the systems connected to these elements, such as the Multifunction Control Display Unit (MDCU), could be impacted by a successful attack,” Mr. Santamarta wrote in his paper. “The SBU contains a wireless access point.”

And, the vulnerability of the electromagnetic spectrum to a weapon of mass destruction, or disruption, has been well documented lately; although, whether or not we’re adequately addressing this threat is a huge concern. For a considerable period of time (years) in DoD and elsewhere, this domain was pretty much relegated to an after-thought; and, just assumed to be available in future conflict/crisis. That is certainly no longer the case — if it ever was. Hopefully, this concern has translated into how the military conducts it wargames and exercises — to test how commanders might react to being rendered “deaf, dumb, and blind,” at least for a period of time — on the battlefield. Hopefully being electromagnetic spectrum dependent — is seen as a potential weakness, as well as a domain to exploit and/or degrade — if confronted with an adversary that is overly dependent on its use. Hopefully that isn’t us. But, if it is, we need to wargame and red team courses of action and potential options when confronted with a severe degradation; otherwise, it could be a potential game-changer on the battlefield.

As for the vulnerability of our older satellites to the cyber threat — I do not know what, if anything can be done — in the short run — to make them substantially less vulnerable.

No comments: