NASA has confirmed to TPM that one of its earth observation satellites “experienced two suspicious events,” partly verifying the alarming conclusions of a draft of a forthcoming report by an independent Congressional advisory panel on U.S.-Chinese relations.
NASA did not address the portion of the report that found the attacks bore hallmarks of the Chinese military, or someone affiliated with the inner-workings of the Chinese military. But the agency did say that it had launched a task force to increase security, alerted the Defense Department and was “complying” with the National Space Policy guidelines.
On Friday, in response to an inquiry about the reported satellite hacks, TPM received the following information in an email from NASA Public Affairs Officer Trent J. Perrotto, who confirmed two hacks affected its Terra AM-1 satellite, but said that no damage, theft or any other security breaches had taken place, and that NASA had restored its control over the satellite.
As Perotto wrote:
NASA experienced two suspicious events with the Terra spacecraft in the summer and fall of 2008. We can confirm that there was no manipulation of data, no commands were successfully sent to the satellite, and no data was captured. NASA notified the Department of Defense, which is responsible for investigating any attempted interference with satellite operations.
While we cannot discuss additional details regarding the attempted interference, our satellite operations and associated systems and information are safe and secure. We are complying with the guidance in the National Space Policy to protect our critical space systems and have created a working group to establish and implement an agency-wide space protection program.
Terra AM-1 was launched in 1999 with five instruments to study changes in earth’s climate, weather and, perhaps most importantly for us on the ground, changes in surface land use. It has been described by NASA as the flagship of its Earth Operating System of satellites.
Perrotto also told TPM that neither he, nor anyone in his agency, would be speaking about the alleged hacking of another U.S. government earth-imaging satellite, Landsat-7, which is also reportedly described in the draft of the U.S.-China Economic Review Commission’s annual report that was obtained by Bloomberg.
Perotto noted that “NASA built Landsat-7 for the U.S. Geological Survey (USGS),” and that that agency was responsible for its operations. TPM has reached out to the USGS and will update when we receive a response.
Bloomberg on Thursday first broke the news of the draft report containing information about four distinct hacking incidents of U.S. government satellites that occurred between 2007 and 2008, two that affected the Terra-AM-1 and two that affected the Landsat-7.
The hacking incidents are apparently not discussed in detail in the draft report, although the report does note that in the case of an October 2008 “incident” affecting the Terra AM-1, “the responsible party [for the hack] achieved all steps required to command the satellite,” but despite having the capability, didn’t actually use it pilot or control the satellite.
The draft report from the U.S.-China Economic Review commission is additionally said to contain information pointing to a common control center for both satellites located in Norway as the access point for the hackers. The Svalbard Satellite Station in Spitsbergen is connected to the public Internet, making it more susceptible to cyber attacks than other satellite control stations that are off the public grid.
That said, NASA’s Terra AM-1 website notes the satellite’s mission is “multi-national, multi-disciplinary…involving partnerships with the aerospace agencies of Canada and Japan,” so really, the attack could have come from just about anywhere.
We’ve reached back out to NASA for more information about the Terra AM-1 hacking and will continue to update as we acquire more details.
Correction: The initial version of this post reported that NASA confirmed that the Terra-1 satellite was hacked twice. In fact, NASA’s statement stops short of confirming the hacking actually occurred.