Another satellite re-entry and burnup expected, this one may have been brought down by hackers

ROSAT in low orbit - artist conception

This is interesting. The ROSAT X-ray observatory is expected to burn up in about a week and it has quite a checkered and colorful history. According to Wikipedia, ROSAT was originally planned to be launched on the Space shuttle but the Challenger disaster caused it to be moved to the Delta rocket platform. Then on April 25th 1998, failure of the primary star tracker on the X-ray Telescope led to pointing errors that in turn had caused solar overheating.  It was severely damaged on September 20th 1998 when a reaction wheel in the spacecraft’s Attitude Measuring and Control System (AMCS) reached its maximum rotational speed, losing control of a slew, damaging the High Resolution Imager by exposure to the sun.

In 2008, NASA investigators were reported to have found that the ROSAT failure was linked to a cyber-intrusion at Goddard Space Flight Center.

The root of this allegation is a 1999 advisory report by Thomas Talleur, senior investigator for cyber-security at NASA. This advisory is reported to describe a series of attacks from Russia that reached computers in the X-ray Astrophysics Section (i.e. ROSAT’s) at Goddard, and took control of computers used for the control of satellites, not just a passive “snooping” attack. The advisory stated:

“Hostile activities compromised [NASA] computer systems that directly and indirectly deal with the design, testing, and transferring of satellite package command-and-control codes.”

Other reports said the attack may have been only coincidental with the failure, but we’ll never know for certain. Since the failure of the satellite in 1998, due to atmospheric drag, the satellite has slowly lost height.

From Spaceweather.com:

The ROSAT X-ray observatory, launched in 1990 by NASA and managed for years by the German Aerospace Center (DLR), will return to Earth within the next two weeks. Current best estimates place the re-entry between Oct. 22nd and 24th over an unknown part of Earth. Although ROSAT is smaller and less massive than UARS, which grabbed headlines when it re-entered on Sept. 24th, more of ROSAT could reach the planet’s surface. This is because the observatory is made of heat-tolerant materials. According to a DLR study, as many as 30 individual pieces could survive the fires of re-entry. The largest single fragment would likely be the telescope’s mirror, which is very heat resistant and may weigh as much as 1.7 tons.

ROSAT is coming, but it’s not here yet. On Oct. 13th, Marco Langbroek photographed the observatory still in orbit over Leiden, the Netherlands:


Photo details: 5 second exposure, Canon EOS 450D, ISO 400

“I observed ROSAT this evening in deep twilight,” says Langbroek. “It was bright, magnitude +1, and an easy naked-eye object zipping across the sky where the first stars just had become visible.”

Update: Scott Tilley of Roberts Creek, British Columbia, made a video of ROSAT on Oct. 15th: “It did get pretty bright, at least 1st magnitude, as it passed overhead after sunset.”

ROSAT will become even brighter in the nights ahead as it descends toward Earth. Local flyby times may be found on the web or on your smartphone.

Also, check the German ROSAT re-entry page for updates.

The role of space weather: Solar activity has strongly affected ROSAT’s decay. Only a few months ago, experts expected the satellite to re-enter in December. However, they did not anticipate the recent increase in sunspot count. Extreme ultraviolet radiation from sunspots has heated and “puffed up” Earth’s atmosphere, accelerating the rate of orbital decay. The massive observatory now has a date with its home planet in October.

About these ads
This entry was posted in Space, Technology and tagged , , , , . Bookmark the permalink.

38 Responses to Another satellite re-entry and burnup expected, this one may have been brought down by hackers

  1. Henry says:

    that in turn had caused solar overheating

    out of context, “solar overheating” suggests a possible cause of global warming.

  2. Sam Hall says:

    It is hard to believe that NASA has important networks, like satellite control, connected to the Internet.

  3. Adam Gallon says:

    Spaceweather’s servers are overloaded. I wonder who’s repsonsible?

  4. CYA. Someone put in a wrong code to direct it the wrong way, lets blame it on the Russians. Just like Mars Global Surveyor that when they updated it and then they lost contact.

  5. MikeEE says:

    trevor…

    Not everything the government does is a conspiracy. cyber attacks are real and happen all the time, just read the papers.

  6. Ulrich Elkmann says:

    MikEE:so do space screw-ups caused by sloppy programming, starting with Mariner 1 in 1962, through the first guiding programs on the HST and the first launch of Ariane 5 from Kourou. Et cetera,. Murphy’s Law in Action. Add Occam’s Razor into the equation and you arrive at CYA as a plausible working hypothesis.
    And if they really managed to make the satellite systems vulnerable to outside attacks (however convoluted the path may have been), they were asking for it.

  7. tesla_x says:

    This could be a serious national security issue if the hacking is real and the hackers are able to ‘steer’ the ‘projectile’ where they wish.

    In a new age of cyber security threats, this could be another outlet for hackers, the terrorist fringe or upstart military powers willing to use one rival’s assets to damage or destroy anothers assets.

    Just dropping it on the country or city of your choice might be possible today…

    Something I hope the DOD Dudes are aware of…

  8. The world relies utterly on computer systens these days. They are highly vulnerable to damage from amateur hackers, dedicated terorsts and a Carrington event.

    To me this is infinitely more real, dangerous, and immediate than any threat from CAGW and we really ought to be spending our efforts in dealing with it-not chasing warm shadows.

    tonyb

  9. DesertYote says:

    The OS that NASA was using was actually near End Of Life when the attacks happened. It has not been supported at all since around 2002, not even by organizations that specialize in supporting obsolete OSs, its problems being to integrated with its core design. The incident highlighted several vulnerabilities that security experts were already discovering. Please remember that this was almost 15 years ago. A lot has been learned. That OS was still one of the most secure and stable of its day. The replacement OS, though hated by many (especially lefties) because its so obtuse, is damn near bullet proof, have the best security and stability record of any complex OS.

  10. Mark says:

    tesla_x says:

    This could be a serious national security issue if the hacking is real and the hackers are able to ‘steer’ the ‘projectile’ where they wish.

    How could you even start to do this without having functional attitude control and enough fuel for a controlled de-orbit? Also once it re-enters the atmosphere a satellite will rapidly wind up in pieces which will cannot possibly “steered”.
    AFAIK there are only two types of space vehicles which can be steered to a specific point on the Earth. With the first type an on board pilot typically has final control. With the other type actually hitting the ground tends to be the least thing to worry about.

  11. pk says:

    Mark:

    :-)))))))))

  12. andyd says:

    In 1997 a sysadmin where I worked (in Australia) resigned, and I had take over admin duties on some Unix servers. I soon found they were using old and unpatched releases, and had been compromised for some time, and were being used by Russian based hackers to intrude on US government systems, NASA and .mil sites.

    I thought it might be useful to report it to the relevant authorities, so they could take counter-measures at least, perhaps even try to track the hackers down. So I isolated the servers but left them running. NASA, FBI, even tried the CIA and the Australian Ffederal Police… no one responded or seemed to take any measures to defend themselves. They just didn’t seem to care.

    Eventually I got bored, took the servers down reformatted and re-installed latest software releases. Taught me a lesson: mind my own business.

  13. DAV says:

    Having worked there on command and telemetry systems and knowing the almost over-sensitivity and obsession with computer security I wonder if this isn’t just a modern version of “Cosmic Rays” (aka Gremlins in other industry). It’s difficult to send a meaningful command. One would have to know things like command format and CRC code generation among other things. Not impossible to discover but not readily available even to those who need to know. There have always been rumors but I don’t recall any low Earth spacecraft getting a bogus command, let alone one accepted as legitimate, although I once saw a glitch in a command receiver cause the command count to increment. No command had been received though. Again, not impossible but a CYA explanation is more likely. Or hand-waving meaning “Beats Us”.

  14. kadaka (KD Knoebel) says:

    ROSAT shall ROAST

    The space junk lottery continues. Will someone have the lucky number and be awarded a lightly-used telescope mirror that on the surface would weigh about 1.7 tons? (Disclaimer: some loss will occur during transport to the winner’s location.)

    PS: Feel free to convert to slugs for discussing how massive it is. ;-)

  15. DAV says:

    tesla_x October 16, 2011 at 12:02 pm This could be a serious national security issue if the hacking is real and the hackers are able to ‘steer’ the ‘projectile’ where they wish.

    Outside of having no control after you hit the atmosphere, you would need to know: 1) the structure of the spacecraft including its inertial properties; 2) how to fire the thrusters and which ones, 3) how to determine your current attitude; 4) how to maneuver to the proper attitude; 5) when to fire the thrusters; 6) the duty cycle properties of the thrusters; 7) since the thrusters can’t be fired continuously (on most craft) without failing, you need to know how to setup a command sequence to accomplish the deorbit; and 8) since it won’t stay in view long enough, the command sequence needs to be stored and executed by the craft itself or you would need to figure out how to keep it in view.

    Of course, on TV these are all readily available to any smart hacker who puts his mind to it.

  16. Wucash says:

    Sam… who ever said the attack came from the internet?

  17. Wucash says:

    Trevor don’t be so naive. Member states spy and sabotage other states in any way they can. It turns out doing it electronically is much simpler that doing it the old fashioned way.

    You’re right though, it’s also naive USA and its allies aren;t doing the same. In fact over the years, I have noticed many NASA incursions onto my pc. I use peerblock, it’s a kind of specialised firewall, it tracks IP connections to my pc. I mostly get ad companies when browing the web, but this site comes back with NASA… strange.

  18. Jason Calley says:

    @ andyd “NASA, FBI, even tried the CIA and the Australian Ffederal Police… no one responded or seemed to take any measures to defend themselves. They just didn’t seem to care.”

    I have heard similar stories from other sysadmins. Part of me wants to speculate that perhaps the .mil and .gov guys already knew about the problem and were discretely routing the hackers to safe areas, but honestly, based on my own experiences with government, I think it more likely that, as you say, the .mil and .gov guys just did not care.

  19. Owen says:

    Wucash:

    Could be a compromised NASA machine being used in a bot attack. Though I would hope they would detect that and put a stop to it. It also could be an ip spoof. Those are fairly straight forward to implement when a bad guy wants to cover their tracks. It takes a pretty significant effort to break those out.

    US law in the cyber domain is pretty lax. Because of the 4th and 5th amendments to the constitution, the guys trying to track down these intrusions wind up having to get a search warrant every time the hacker bounces off another ISP. This changed somewhat under the Patriot act, but the US authorities bend over backwards to not violate people’s constitutional rights. As a result, very few good hackers ever get taken to trial. I don’t know which would be worse, living in a world with hackers, or in one where the authorities catch them all.

  20. Owen says:

    andyd:

    They may have cared, but couldn’t convince the judge to issue the warrant to track the guy down on the initial try so went after lower hanging fruit. They almost never let the informant know about the case unless they need their testimony at trial. It saves defense claims of coercion and time spent actually talking to people (computer crimes folks I dealt with were some of the worst introverts). They also may have been aware and were just monitoring the intrusion (if foreign hosts were involved the diplomats throw a monkey wrench into things too). After the fall of the wall, hacking instances out of the former Soviet block became pervasive. Today it is mostly industrial espionage hacking. The real money is in trade secrets for knock off manufacturing. As a result, hacking tends to be originating in China and other not quite ethical markets.

    Whether the satellite is falling due to hacking or calculating mass in slugs and thrust in Newtons (or other such simple error) is anyone’s guess.

    Whoever stated about command codes:
    If I have control of the command computer for any significant length of time, I can passively monitor for as long as is needed to decipher/reverse engineer the command sequences (the hard part that takes patience). After that it is child’s play to send appropriate signals to screw something up, and if the uplink isn’t sufficiently encrypted, also child’s play to send signals from a second site to carry out the hack directly. Though using a satellite as a kinetic weapon is almost impossible because of the ungainly shape of the blamed things. Catch a bit of convection wrong at high altitude, and you miss your target by a hundred miles! Get a sunspot at the wrong time during the terminal phase of decay and the atmospheric drag calculations go off the edge. If someone caused this by hacking, it was likely an amateur playing games and screwing something up by accident. I still think it is likely a mission controller trying to make the sensor move in an unwise manner and destroying it by accident though.

  21. _Jim says:

    MikeEE says on October 16, 2011 at 10:43 am

    … just read the papers.

    “Dewey defeats Truman”?

    Riiiiight …

    .

  22. _Jim says:

    climatereason says on October 16, 2011 at 12:20 pm

    The world relies utterly on computer systens these days. They are highly vulnerable to damage from …

    ‘scuse me if I take this in the same vein as ‘sales pitch’ material.

    Full disclose: Virus-free and _not_ running any virus s/w (exc firewalls) since ’95 …

    .

  23. _Jim says:

    Jason Calley says on October 16, 2011 at 5:41 pm

    I think it more likely that, as you say, the .mil and .gov guys just did not care.

    Consider another alternative: The .mil and .gov guys already had the bad guys deep into ‘honey pots’, JUST where they wanted (and would want) to keep them (those assets would then tie up some portion of bad-guy assets plus a means of observing active ‘paths and circuits’) …

    Think of it as “being able to redirect incoming enemy fire”.

    .

  24. _Jim says:

    Owen says on October 16, 2011 at 6:58 pm

    Whoever stated about command codes:
    If I have control of the command computer for any significant length of time, I can passively monitor for as long as is needed to decipher/reverse engineer the command sequences (the hard part that takes patience).

    Ground control is more than just the ‘command computer’, which in this case could have represented a more significant hurdle than what has been assumed. It is possible they were using the ubiquitous DEC VAX (running VMS), and I don’t know what kind of vulnerabilities the VAX series running VMS *but* they were a whole lot more secure than an IBM PC (of that era) or a TI 990 running DX10 OS.

    Back to ground control: think uplink transmitters (exciter, TWT amplifier for the day) and downlink tele-command receivers (LANs, Mixing down-converters, LO chains, IF strips and required demodulators), possibly shared or ‘multiplexed’ to work with several different space platforms, the feed-lines to a slectable set of antenna(s) quite likely to involve antenna positioners (AZ, El and polarization selection) … this now presents the requirement to schedule the use of these shared ground facilities all overseen by their own technical support staff of the day.

    .

  25. GregO says:

    Thanks for the hint on the website to track and observe satellites. I just love your website for all the great science hints. (Got to remember to hit the tip jar…).

  26. Paul R says:

    Read the book “The Cuckoo’s Egg” (I forget the author’s name). It’s about the cyber snooping on military networks, using the Berkley Livermore Labs open computors. The author could not get anyone’s attention for years, as he traced and stymied the hacker. Turns out it was a German young man who was paid by the Russians for information found.

  27. Ray says:

    How do you spell I-N-C-O-M-P-E-T-E-N-C-E ?

  28. Crispin in Waterloo says:

    Robert Farrer in Johannesburg reports the following:

    “It will be visible in Jozie on 26 October 2001 at about 19H41 for about 20 seconds, if you are interested in finding out where to look for it go to: http://www.heavens-above.com and enter your co-ordinates and click on ROSAT to get more info.”

  29. Kelvin Vaughan says:

    tesla_x says:
    October 16, 2011 at 12:02 pm

    This could be a serious national security issue if the hacking is real and the hackers are able to ‘steer’ the ‘projectile’ where they wish

    Are you sure!

    http://www.campaignlive.co.uk/news/1067456/Specsavers-astronaut-TV-ad-takes-off

  30. MikeEE says:

    Jim says “‘scuse me if I take this in the same vein as ‘sales pitch’ material. Full disclose: Virus-free and _not_ running any virus s/w (exc firewalls) since ’95 ”

    I don’t think you know as much about computer security as you think you do. A firewall is one tool and a/v software is another. You can’t expect the firewall to protect you from everything.

  31. DAV says:

    Owen October 16, 2011 at 6:58 pm Whether the satellite is falling due to hacking or calculating mass in slugs and thrust in Newtons (or other such simple error) is anyone’s guess.
    .

    It’s falling out of the sky because its orbit is decaying. This happens to all satellites. It is caused by drag induced by residual atmosphere and solar wind. Some spacecraft carry thrusters to regain orbital momentum. I’m not familiar with ROSAT but, since it is/was a telescope, it generally wouldn’t need orbital thrusters except for controlled deorbit. In any case, it was parked. The failure occurred in 1998,

    Whoever stated about command codes:If I have control of the command computer for any significant length of time, I can passively monitor for as long as is needed to decipher/reverse engineer the command sequences (the hard part that takes patience). After that it is child’s play to send appropriate signals to screw something up, …

    Anyone doing that would be faced with a rather incomprehensible stream of bits. Egyptian hieroglyphics were also incomprehensible until the Rosetta Stone appeared. An equivalent would be needed. Something not easy to come across.

    The hacker claim is probably specious. NASA used to be a can-do organization but over the years it has turned into a rather inept bureaucracy with loads of internal politics. One of the reasons I’ve retired. The hacker claim could just conveniently support someone’s agenda. You gotta wonder why it took nearly 10 years to finally resolve a 1999 allegation — assuming the report even did that.

  32. Bob Kutz says:

    Just a couple of points;

    1) The state of cyber security was a lot different when this was launched than it is today, it was also a lot different in 1998 when this ‘hack’ allegedly took place.
    2) Nobody could hack in and put this thing on the ground with any precision whatsoever. 10 days out and they can’t tell you where or when within a 5 day window.(tesla x 12:02pm)
    3) Apply Hanlon’s razor; no conspiracy, no hacking; i.e.; when they say ‘it ‘may’ have been hackers’, what they really mean is ‘It was probably something stupid we did, but we can’t prove that, and it doesn’t sound too good, so, since we can’t rule it out; we’ll go with mentioning this other vector that doesn’t make it seem like the 3 stooges were running the satellites, but rather a bunch of really smart scientists too tuned into what we’re working on to think of real world threats such as malcontent hackers and thusly fell victim to them.’

    4) How many more of these things are there; satellites without any way to influence re-entry and enough mass to survive re-entry? There’s got to be a headcount and an evaluation to determine if we should pre-emptively be lassoing these things and redirecting their fall. Doesn’t the precautionary principle tell us that? (That’s a bit of sarcasm at work there, in case I didn’t make it plain enough to see.)

  33. Jean Parisot says:

    NASA maintains enough administrative log files from the mid-90’s (from certainly extinct systems) to provide evidence of “hacking” leading to a systems engineering and test failure – but we have to fight to get raw weather data?

  34. DAV says:

    Jean Parisot ,

    To be fair, Science Data is kept separate from Housekeeping and usually belongs to the instrument teams. Even when owned by NASA the instrument team gets first crack at processing to protect discoveries from being scooped in publication.

  35. DAV says:

    Bob Kutz October 17, 2011 at 9:07 am 3) Apply Hanlon’s razor; no conspiracy, no hacking; i.e.; …

    Amen except (* puh-leez! *)substitute “Engineers” for “Scientists”. The spacecraft are run by engineers. There’s a Funny floating around here showing how Engineers and Scientists see one another. A quote from the 60’s, “Get them d*mn scientists away from the rocket and shoot it!”. And the sotto voce (due to un-PC content), “Scientist drivers; no survivors”.

    Get the picture?

  36. _Jim says:

    MikeEE says on October 17, 2011 at 6:10 am

    I don’t think you know as much about computer security as you think you do.

    I never said I did; I was expressing an opinion, which has some basis in fact, as well as disclosing my policy towards virus protection and virus protection software AND my experience to date.

    If you want to go ‘groping about’ the internet for warez I can assure you that your success in getting ‘nailed’ by a virus is a LOT higher … my e-mail provider does a pre-scan for viri and I don’t click on attachments from ppl I don’t have any dealings with … some common sense applied to ‘surfing’ on the Internet goes a LONG ways to staying, sane as well as virus-free.

    In my experience, not all EEs are created equal; this is another case-example to add to that collection I suppose …

    .

  37. _Jim says:

    Paul R says on October 16, 2011 at 8:54 pm

    Read the book “The Cuckoo’s Egg” (I forget the author’s name). It’s about the cyber snooping on military networks, …

    Was DECNET involved? Or just “internet” protocols?

    (Having read the book’s account, I’m going to go with “internet” protocols and _not_ the proprietary Digital Equipment Corp. “DECNET” inter-machine protocol. Internet protocols, IIRC, were ‘weak’ at the outset; there wasn’t concern that outside ‘access’ would be granted to the network! Hello? ARPANET anybody?)

    .

  38. Keith Sketchley says:

    So, “DesertYote”, can you legitimately reveal the old insecure and the secure but obtuse newer OS?

    Regarding the book The Cuckoo’s Egg, periodically we hear of organizations getting caught by the same simple entry method as used in that case. A decade or so ago a large established manufacturer in the US midwest was. Ought to be a checklist. (Actually I think the US government has some that are publicly available.)

Comments are closed.