
Chinese hack U.S. Weather systems, satellite network - cryptoz
http://www.washingtonpost.com/local/chinese-hack-us-weather-systems-satellite-network/2014/11/12/bef1206a-68e9-11e4-b053-65cea7903f2e_story.html
======
minimax
_The United States maintains two civil and one military program to provide
meteorological imagery and data from spacecraft in polar and geostationary
orbits around the Earth. The civil programs are managed by the National
Oceanic and Atmospheric Administration (NOAA) and the military program is
managed by the Department of Defense. The National Environmental Satellite,
Data, and Information Service (NESDIS) is a unit of NOAA and is responsible
for operating the civilian weather satellites (GOES and POES), distributing
the satellite data and imagery, archiving the data, and planning for future
systems. NESDIS also controls the Department of Defense constellation of polar
orbiting weather satellites called Defense Meteorological Satellite Program
(DMSP), which is similar to the civilian POES program.

...

Due to the classified nature of the DMSP imagery and other data products, the
DMSP downlink data is encrypted, and thus the direct readout system is not
available to nonmilitary users. _

That all comes from this cool-as-hell PDF† about how to build a GOES/POES
ground receiving station. Anyways the most obvious target here is probably the
DMSP products, rather than, say, a Bruckheimer-esque plot to disrupt NOAA
satellite imagery during the height of the Atlantic hurricane season.

† [http://noaasis.noaa.gov/NOAASIS/pubs/Users_Guide-
Building_Re...](http://noaasis.noaa.gov/NOAASIS/pubs/Users_Guide-
Building_Receive_Stations_March_2009.pdf)

~~~
ChuckMcM
Of course if you were an evil genius bent on destroying the US by sending a
massive hurricane into the eastern seaboard, your first step would be to
disable the ability to see it coming ... :-)

~~~
bengali3
Nature. What better secret ally to start a war with?

~~~
electromagnetic
Cows. No one suspects something so docile and they outweigh us as a species by
about 50%. We bred them to be tasty, but they were the ones using us.

~~~
bengali3
"We bred them to be tasty, but humanity's reign over nature crumbled when they
learned to taste"

"We bred them to be tasty, but no one could foresee that it was us that would
be devoured"

------
roylez
As a Chinese I would prefer to believe our government is behind this. Do you
know Beijing (or even the whole country) has a serious smog issue which was
first uncovered by American embassy in Beijing? The incident makes the
government lose their trust in public, and for quite some time people only
want to trust forecast from NOAA in stead of Beijing. If Chinese government
hacked NOAA, it would be out of their intention to contain domestic reactions.
Actually, our government has greater problems at home than abroad.

~~~
mknits
Don't Chinese citizens dream of making their country a two-party or multiparty
democracy like US or India, respectively?

This one-party autocratic rule will one day make people insane.

~~~
roylez
We can talk about this all day without moving anywhere. Remember tanks in 1989
Tiananmen Square? From primary school people are brainwashed with CCP-is-holy
thing. Many understand what is going on, but the attitude is "survival comes
first". There are still plenty are too well brainwashed to know why life in
China could be so hard. Yes, people can dream, but communism has its
tradition, brutal tradition. People become realistic, you know, pay the bill
and feed their children.

------
Someone1234
I always appreciate how the US are able to pin every network compromise
directly back to China. And not just China but the Chinese government in
particular.

Almost like VPNs, proxies, TOR, compromised machines, botnets, or similar do
not exist in this arena and that a reverse DNS lookup will tell them
1337.mss.gov.cn.

When the US talk about cybersecurity/"cyber wars" in general they're talking
about something more akin to a Hollywood movie than anything you see on the
ground on either side of the "fight."

I'm extremely sceptical every time they claim Chinese responsibility. I am
sceptical not because China wouldn't have the skills or motivation to do so
(they do/would) but because they jump to these conclusions unrealistically
quickly and if their adversary covered their tracks even modestly pointing
fingers like that would be quite hard (e.g. send it through Russia).

~~~
SCHiM
Perhaps they too readily blame the Chinese _government_, however I'm not sure
that the chinas place in the spotlight is _totally_ unwarranted:

tail -n 50 /var/log/auth.log

Nov 12 15:33:28 VPS-3167 sshd[11950]: Connection closed by 122.225.97.110
[preauth] [SNIP]

Nov 12 20:12:51 VPS-3167 sshd[12016]: Connection closed by 61.174.50.164
[preauth] [SNIP]

Nov 12 20:40:44 VPS-3167 sshd[12031]: Connection closed by 122.225.97.72
[preauth]

The list goes on and on, and the ip's in the last fifty lines were all Chinese
or Russian, still they could also have been hacked themselves.

~~~
13
That doesn't mean that it's actually Chinese users doing anything though.
China has a lot of software piracy in their culture, where piracy is, malware
and botnets are rife.

~~~
SCHiM
I find that debatable, they are still guilty to some extent because of their
inaction to do anything (effective) against these botnets. whether 'action'
would refer to users installing a decent anti-virus, or an ips blocking and
isolating obviously infected hosts.

Of course, this is a whole different level of culpability than if they were
actually condoning large scale attacks on other countries infrastructure.

The fact remains that if I were to plot the amount of ip's that come knocking
at my non-production server you'd see over 50% coming from china.

~~~
acqq
[http://en.wikipedia.org/wiki/Usage_share_of_operating_system...](http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Desktop_and_laptop_computers)

17.18% of all desktop OS-es connected to the internet are Windows XP, the
version for which Microsoft doesn't publish updates. Most of these computers
are in China. Also "in 2009, approximately 80% of software sold in China was
pirated."

The average weekly income of a Chinese worker is around 100 USD. He is not
going to buy new software even if it costs the same as in the US. It typically
costs even more.

Don't be surprised bots have easier targets there.

~~~
ivanca
Windows 7 is just as easy to pirate so the logic is not solid there.

~~~
netheril96
I find it very hard to believe myself, because when you can obtain for free,
why not go for the latest, shiniest version? But the reality is, most of
Chinese computers are still stuck with XP, whatever the reason is.

~~~
acqq
XP was made for much weaker machines, older hardware. When you earn 100 USD
per week you don't upgrade hardware as long as you can. Just as an example
from another part of the world, I live in Europe and I've used a Sony notebook
from 2002 until the last year, when the hardware started to fail. I guarantee
you that Windows 7 can't be installed on it. Even the newer Ubuntu versions
weren't installable from one point on.

------
DanielBMarkham
I don't know who this Wolf guy is, but he's absolutely right: if we are in the
government, and we have a breach, and we're working on it, we have an
obligation to fess up. (Unless there's some kind of counter-intelligence
operations underway)

We can all sit back in our comfy chairs and debate whether it really is China
or not, whether various networks are secure or not, or how much various
agencies can store (and the dangers associated with them storing things). But
we can only do that if we have recent and valid information about what's going
on. Good public policy decisions depend on an informed electorate. This kind
of situation is not the place to be covering up your mistakes.

~~~
neolefty
I think you're right that an open attitude towards security breaches is
essential for a healthy security ecosystem. However, in practice, fessing up
in public _during an investigation_ will rarely happen. Security incident
responses are some of the most-hushed processes, even inside otherwise open
organizations.

That's because you want to find and close the vulnerabilities before
publicizing them. Otherwise, by publicizing, you invite attacks that will (a)
multiply the noise you have to sift through to complete the investigation and
(b) potentially create new incidents, at a time when you are already in a
crisis (the current attack & investigation).

So most security departments will only talk about what happened _after the
fact_ , when it's all been tidied up again. But even then, the habit of
secrecy has already been established. It's a constant struggle to bring
openness to a process where secrecy is a short-term advantage. If you want an
informative accounting of what happened, I think you need to add it to the
incident response process.

For example (simplified for illustration)

1\. Notice an intrusion

2\. Capture information (logs, vulnerabilities used, etc)

3\. Secure systems that have been compromised

4\. Prevent future intrusions _within the organization_

Need to modify 4 (or add 5)

5\. Publish to help other orgs also prevent intrusions.

But other orgs may hate you for that, because in the process of publishing,
you have exposed their lax practices that (in hindsight) used to be your lax
practices ...

------
swframe
I don't know who is really doing this or what the impact will be but let's
pretend for a moment that the chinese government is responsible. They are
largely funding our government. We need each other.

I wonder if a serious problem with the world is due to secrets that allow some
to have power over others. For example, a company with a patent on a drug that
costs $80K has power over those who will die without it. If you can't afford
it, have you seriously harmed the company if you violate the patent to
manufacture it in a 3rd world country for people who could never pay for the
drug. When is human life more important that a company's right to a patent (or
information)?

The chinese have a serious problem in the form of several hundred million
people who need to be moved out of poverty. To help them get there they seem
to be mining a precious resource: information in 1st world countries. Is this
different (or worse) than 1st world countries mining precious resources in the
3rd world?

What is the net result? China will use this information to make itself wealthy
enough to buy more of our goods? China will acquire the ability to make our
goods cheaper than we can make them and force us to work harder?

I'm not saying "stealing" is "right" but it seems to be an important way all
1st world countries became richer. The notion of "right" is suspect given that
history is written by the winner.

~~~
jzwinck
Your comparison with "mining precious resources in the 3rd world" is
interesting, because China is doing that too:

[http://en.starafrica.com/news/mozambique-chinese-firms-
clinc...](http://en.starafrica.com/news/mozambique-chinese-firms-clinch-
mining-deals.html)

[http://www.ide.go.jp/English/Data/Africa_file/Manualreport/c...](http://www.ide.go.jp/English/Data/Africa_file/Manualreport/cia_08.html)

My experience five years ago was that regular African people were not too keen
on the Chinese mining companies that had set up shop. But perhaps there was
not enough competition to mine more locally.

------
crimzonrayne
Am I the only person who's mind really wanted to read this as "Chinese hack
U.S. Weather Control Systems"

------
cryptoz
The article does not discuss much the motivation they might have had for this
hack, aside from the fact they're probably looking for gaps in general US
systems. But I'm very curious about the economics of hacking another nation's
weather service; China could give itself significant (and creepy) economic
advantages my MITMing the data from the satellites. I wonder if they're
considering things like this?

Edit: Also, if they just wanted weather data, they should've signed up for
[http://pressurenet.io](http://pressurenet.io) ;)

~~~
chiph
From a military standpoint, weather is super important. The D-Day landings at
Normandy were delayed several times because of bad weather.

[http://www.history.com/news/the-weather-forecast-that-
saved-...](http://www.history.com/news/the-weather-forecast-that-saved-d-day)

~~~
mpyne
It gets even more incredible. The landings would have been canceled for the
day they actually happened, except that the meteorology officer in
Eisenhower's staff predicted that there would be a short break in the bad
weather sufficient for the landings to occur.

Eisenhower rolled the dice and the weather did indeed hold up long enough for
the invasion to occur. His opponent, Gen. Rommel, felt the weather was going
to be so bad there was no way the invasion could commence so he was actually
away from Normandy on D-Day to see his family.

------
ajmurmann
I never will understand how this spying stuff always is allowed to happen. I
know every government does is, but I find it unbelievably dishonest. What kind
of relationship is that? I would intuitively see any spying as an act of war,
especially if supposedly friendly countries do it.

~~~
Redoubts
Yeah, but what are they going to do about it. Sanctions that hurt you just as
much? Retaliate in kind? War? I'm not sure its understood yet what the
_appropriate_ response should be, or what the bounds of the consequences are.
A lot of people worry about Government sponsored hacking taking the gloves
off, and fucking with commercial infrastructure directly and relentlessly. The
amount of leaks and compromises we see today suggests this could be
economically catastrophic.

------
japaget
See also this article on the impact this hack had on weather forecasts:
[http://www.washingtonpost.com/blogs/capital-weather-
gang/wp/...](http://www.washingtonpost.com/blogs/capital-weather-
gang/wp/2014/11/12/weather-satellite-data-hack-and-outage-why-this-matters-
for-forecasting/)

------
sean_grant
Do we know what kind of data was accessed in these attacks? I wonder what kind
of weather data can be so important to be kept secret that they must disrupt
the service and seal off everything. Were they storing other data on these
servers?

------
healthisevil
What about American cyber attacks on countries around the world ?

------
coldcode
Yet another org too embarrassed to tell people they've been hacked, or more
likely that they failed to do security at all.

~~~
diminoten
Public companies risk being sued by their shareholders if they publicly
disclose a breach, and as a consequence, the stock falls.

If only there were laws in place that protected companies from things like
this...

~~~
freehunter
Public companies risk running afoul of US data breach laws if they _don 't_
disclose a breach and customer data was potentially stolen. So it's a matter
or piss off your stockholders or break the law. The only winning move is to
have proper security before you get hacked.

~~~
diminoten
> Public companies risk running afoul of US data breach laws if they don't
> disclose a breach and customer data was potentially stolen.

There are no US data breach laws, only state data breach laws, and they vary
significantly from state to state, also in what constitutes "data", "breach",
and "disclosure".

So it's _not_ just a matter of breaking the law or not. There are _lots_ of
situations where specific companies can not disclose publicly that they've
been breached and not run afoul of the law.

A good read - [http://www.ncsl.org/research/telecommunications-and-
informat...](http://www.ncsl.org/research/telecommunications-and-information-
technology/security-breach-notification-laws.aspx)

~~~
freehunter
I work in the Information Security field, so I'm aware. I don't mean US-wide
data breach laws, I mean data breach laws in the US. Many states (100% of the
states I support) require disclosure in a certain timeframe if customer data
has been disclosed.

------
gesman
At least now they have an excuse for the reasons of poor weather prediction in
spite of huge budget.

------
thecoolkid
Up Next: NSA hackers hack into US Weather systems arctic cyclone bomb a threat
to national security intercepted Doppler effects

------
ommunist
But it was too late. Philae has landed to the comet.

~~~
dz0ny
EU wins? :D

------
Zikes
[http://i.imgur.com/sovN9Gp.jpg](http://i.imgur.com/sovN9Gp.jpg)

Is it just me, or is this apparently the reaction every time a US government
or military system gets hacked by China?

"Yep, we got hacked again. But we're just going to do our best to minimize the
damage and pretend it never happened. No meaningful action will be taken
against the perpetrators."

~~~
gregschlom
China officials would probably deny that it was them if the US publicly
accused them, saying it was some isolated hacker acting on its own, or maybe a
foreign country routing its traffic through a VPN in China, AND they would
point out that the US is doing exactly the same in China and elsewhere
(Stuxnet, etc...).

