Small Satellite Dish Systems 'Ripe For Hacking' 44
The Walking Dude writes:
"According to the CS Monitor, 'Thousands of small satellite dish-based computer systems [VSATs] that transmit often-sensitive data from far flung locations worldwide – oil rigs, ships at sea, banks, and even power grid substations – are at high risk of being hacked, including many in the United States, a new cyber-security report has found.' Dr. Jason Fritz said, 'Vulnerabilities exist at all nodes and links in satellite structure. These can be exploited through Internet-connected computer networks, as hackers are more commonly envisioned to do, or through electronic warfare methodologies that more directly manipulate the radio waves of uplinks and downlinks.'"
Even satellite can be hacked (Score:3, Informative)
In the 1990's a communication satellite belonging to China was hacked and the hackers (rumored to be a state-sponsored hacker group) changed the tee vee channels on that satellite to carry anti CCP programs.
Almost 20 years have passed and nobody claimed responsibility over that incident, but it is believed that the hacker group was sponsored by some state (nation) because it does take quite a bit more ooomph in term of beaming power in order to hack into a satellite orbiting the Earth.
As for that particular
Wow (Score:1)
The 'hacking' fud is getting thick lately...
We'll see (Score:2, Interesting)
I have a hard time taking anything with the word "cyber" seriously.
Re:We'll see (Score:5, Funny)
Re:We'll see (Score:5, Funny)
to the Googlags
Re: (Score:2)
Re: (Score:1)
Yahoo! Finally some clear thinking.
Re: (Score:2)
Mind if I join this Dogpile?
Re: (Score:2)
Offenders should be sent to Cyberia
I whole heartedly agree... Hell, just 30 minutes of that would be punishment enough. [youtube.com]
Re: (Score:3)
Perhaps this is a model we've seen before.
As each exploit breaches a security vulnerability, the patch makes the security a little better, rinse, repeat... and then before you know it, some headless bureaucrat insists on security considerations as an important development consideration.
It has been described as an arms race by folks smarter than me, and that means it's a scenario that doesn't suck for future IT employment,
Competition. (Score:2, Insightful)
I don't take computer security seriously any more. Everything's an arms race where the only way to win is not to be important enough for anyone to want to make an effort against you.
If we had a culture based on cooperation rather than competition, we wouldn't have everyone taught and therefore trying to get one up on everyone else.
It's been hundreds of years since humanity has established new societies based on cooperation (no, Marxism-Leninism is nothing of the sort). Let's stop lazily thinking of ourselve
Re: (Score:2)
cooperation only works if you are not greedy or jealous.
computer security needs to be thought of in the beginning. and it never really has been.
from the protocols on up. security has generally been the last thought of computer programmers.
Skeptical. (Score:2)
Although I nearly daily read papers from almost any university in the world, I had never heard of Bond "university". Which Bond is this - James Bond ?
On a more serious note, though: "IntelCrawler" does not ring a bell, either. The only somewhat creditworthy title being cited is csmonitor. For the moment I am writing TFA off as hype-generation and FUD. I would love to be proved wrong, however.
Re: (Score:1)
Maybe they refer to this Bond? [wikipedia.org]
Re: (Score:2)
Alan Bond initially put up the finance for that private University. It's probably the third biggest University in the state of Queensland and has a decent reputation in CS. Being located in a city built around tourism it attracts a few conferences.
As for the person it was named after - somehow Alan Bond managed to go broke selling beer to Australians.
No surprise (Score:3, Insightful)
All software is shit, all hardware too. We've long abandoned a development model that is focused on correctness. It has been features, features, features for decades. So what do you expect? Of course everything's ripe to be hacked. We had a choice.
Re: (Score:2, Insightful)
"Abandoned" implies that this used to exist. Look at FTP, horrifically complex protocol that handles a lot of what we use load balancers to do today with zero security. The good old days weren't quite as good as we remember them to be.
Re: (Score:2)
We we pioneers, not engineers.
The real problem here is with the CEOs of the corporations that use this old tech
Re:No surprise (Score:4, Insightful)
Most locks can be picked with a lock pick
Many cars can be compromised with a screwdriver and thin piece of metal to open them.
Many anti-shoplifting devices can be disabled if you know how.
The list goes on.
True security costs money and effort. A LOT of it.
For most applications, as a society, we err on the side of too little security (and accept the small chance that security will be compromised, because it's not an issue).
This is because, historically, security issues have been quite local. People don't steal enough in most neighborhoods to justify putting bars on your windows. People don't shoplift enough to justify a full cavity search of anyone entering or exiting a department store.
Technology is of course changing all of that. Before, if we know there is a 1 in a million chance of a bad guy in the population, most small communities were not afraid. Now, it is possible for a single determined hacker to do all kinds of crazy things. That's where people have not caught up, and in the future we will have to start making choices with regards to whether we want to expend the resources for true security. And we might do it if there are enough incidents to justify it -- but perhaps not before.
Sat tracking (Score:3)
If you can spare some minutes on a lazy Sunday, watch Travis Goodspeeds Talk on 30C3 from a couple of weeks ago.
http://www.youtube.com/watch?v=ktnQ7nBCuqU [youtube.com]
Re: (Score:2)
Can't you just download the keplerian elements from NORAD and use gpredict? Actually, doesn't gpredict automate that for you? I don't think you need any special hardware, just an accurate clock.
Re: (Score:2)
Re: (Score:2, Insightful)
Sorry but these days it does, that battle is lost. The common lexicon doesn't wait around for the old school.
Misleading headline. (Score:2)
captain midnight hacked HBO years ago (Score:3)
GOODEVENING HBO
FROM CAPTAIN MIDNIGHT
$12.95/MONTH ?
NO WAY !
[SHOWTIME/MOVIE CHANNEL BEWARE!]
IP addresses for the open sites (Score:2)
Anyone notice that he "hidden" or blanked out addresses were still listed in clear text just below the erased entries, albeit in slightly smaller text? Best part is they still let you see the protocol types the sites responded to. Telnet for the win, are they serious?
Residential dishes? (Score:2)
Are you saying we can hack our residential TV dishes like from Dish, DirecTV, etc.?
More susceptible to DDoS attacks? No. (Score:2)
Aside from the attack in the article, one might think that VSAT terminals are much more susceptible to DDoS attacks because of their limited bandwidth and the carrier's Fair Access Policy. One might assume that pretty much anyone who wanted to could just send data to the IP address of one and The FAP will restrict the throughput.
The thing is, the commercial VSAT providers have already thought of this. Each terminal is on a private network behind a NAT already, even if you're not using the software proxy a