Slashdot Mirror
Code for Running GPS Satellites Stolen
twivel was one of many to send this in: "According to this article a hacker has obtained top secret space codes that could yield access to guiding ships, rockets and satellites. Why launch your own spy satellite when you can just borrow ours?" The funny thing is that the code was stolen only a couple of days after it was deployed.
I thought the party line was something about not being able to steal code, 'cause it's just information....
--
--
You are a fucking moron.
The wording of the headline is a little deceptive... if you read carefully, you will see that it was actually the source code that was stolen, not "secret codes" for accessing the system. Of course, the source code might give someone some insight into how the system works which may allow them to hack in, but it's not like someone has stolen the launch codes for the Army's fleet of ICBM's...
This sig is umop apisdn.
Ben^3 (in a whimsical mood)
The Slashdot Paradox: "100% Overrated"
So they got the source code for guiding the systems. If the system is properly engineered, it shouldn't matter if you know how to guide it, you still need access to the system. If the system is poorly engineered, I'm going to buy some pillows like that TV guy in Willabong Australia or wherever.
I wonder if the "computer experts" checked to know if the company wrote the software... hence, their posession of the source code.
The way things have been going lately, being in posession of source code makes any individual look like a 'hacker' (in th media sense).
Skiers and Riders -- http://www.snowjournal.com
GPS is not typically used on board aircraft for altitude determination.
They typically broadcast local radio signals that aircraft use in addition to more traditional altimeters.
Whilst this code may tell you something about the way the GPS satelites actually work, that probably doesn't hold any great suprises, anyone can get hold of the underlying basis of GPS (and quite a lot of the detail). Whilst the nitty gritty of some of the corrections done to the GPS signal are complex the basic description is simple enough.
In terms of security, I would bet that the actually commanding of the spacecraft, and quite possibly telemetry from it, are secured by hardware encryption devices, the details of which have not been revealed (including their keys). This will not allow any hacker (who just happens to have a suitable ground station) to access or disrupt the GPS system.
--
Actually it is rocket science...
That's patently untrue. If there is a bug in the code, and a method of access, there may well be a way for people to affect the software without the keys. "Your use of the old, broken, sendmail source is fine, as long as no one has the password to your system." Danger.
-Puk
Actually, you are talking about two different things. Selective Availability, the degredation of the general-use signal, was turned off last January. However, you seem to have confused SA with the different codes available.
There are two (three, actually) codes transmitted by the GPS satellites. The C/A-code (coarse/acquisition) is the "general use" code, available to all, and (formerly) subject to SA. The P-code (precision code) is the "military" code; it requires special receivers, and you have to have a DoD license to get said receivers. The third code is the Y-code, and is used in conjunction with the P-code, and is not relevant for this discussion.
There is no way to get to the P-code from the C/A-code; the P-code is approximately 1 millisecond in length (1,024 bits, transmitted at 1.023 MHz); the P-code is a week long, even transmitted at ten times the rate (10.23 MHz).
The C/A- and P-codes are not "encrypted" in the classical sense of the word, they are just signal formats. (The P-code is encrypted to form the Y-code, but that's another matter.) SA does not perform any "encryption" on the C/A-code, it blurs the timing slightly between satellites, so your receiver doesn't know the precise length of time the signal took to arrive from the satellite. This causes the receiver to have a certain amount of ambiguity, and degrades the accuracy of the signal.
For more information on the system, check out the Naval Observatory's site on GPS.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
Allchin: I want to know what happened to the source code they sent you!
ESR: I don't know what your talking about. I am a member of the Imperial Senate on a diplomatic mission to Redmond.
Allchin: You're part of the Open Source movement, and traitor! Take him away!!!
Microserf: Holding him is dangerous. If word were to get back to....
Allchin: He is of no moment. His stock holdings have plummeted. A company or employee who is not bringing profit to the Empire is un-American....
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
That becomes just another weapon :
once everybody relies on high-accuracy data from civilian receivers, just turn encryption on again and watch the ensuing chaos.
-- Agent TZ254
--
--
I like to watch.
...and send a military satellite to Pluto in place of the cancelled NASA mission.
Asikaa
Asikaa
Come in, twenty-seventy-seventy, your time is up.
The story implies that the "codes" were stolen, but the code that was stolen was source, not encryption keys.
It implies that a lone hacker in a foreign land got through a high-security installation to steal sensitive data. A team of hackers broken into what was probably a semi-secured system and got something that's probably been superseded by code changes already.
It states that the source code stolen is Top Secret. OS/Comet is not Top Secret. It's not Secret. It's not even Confidential/NOFORN. It might be used by some installations for Top Secret stuff, but I doubt it, and if they did it would be like saying "swedish teen-aged janitor steals Top Secret floor buffer!" When did Reuters become the Weekly World News?
It implies that the script kiddies can use it to control satellites. Well, yes, but only if they happened to steal the OTP, too. And if they did it's really easy to confound them by replacing the OTP. They can't control anything.
Someone else here posted that Exigent had "just deployed" OS/Comet. Huh. Heh. I've seen the insides of Comet, years ago, and baby, there's stuff in there that's older than most people here.
Now, that's not to say that Exigent should blow them off. It's proprietary software, and they make millions per year off of it. Mostly by selling consulting support to wedge the elephant into whatever hatbox it's being bought to drive, but still.
--Blair
According to Exigent's web page on OS/COMET, the software has a wide range of uses besides military, such as Iridium. Installed base of over 1000. So, not only is the GPS system at risk, but probably a great deal of our communication systems. Way to go security via obscurity.
--
/. should ban the "See hot sexy women..." ad
This could make a hella update to Tradewars 2000? :)
/*drunk.. fix later*/
After re-reading the article, I got the impression that the source code, not "password" codes, were taken.
It effectivly open-sourced the space program...
I had thought about a writing a fiction book about someone taking over the satellites and holding them hostage, didn't know if it was feasable, I guess it is :) Truth is stranger than fiction.
Face it, people are stupid, and the internet is the place where they all meet.
--
Vidi, Vici, Veni
Oh of course, we could all debug the code using our development GPS satellites, before moving the code to the production GPS satellites.
Drag n' Drop DVD Recommendations
This provides even more support for the government moving to open source. If an open source model was adopted for this type of project then the system would have sufficient security that examination of the source ideally would not be an issue of national security. Who knows what backdoors the hacker has uncovered?
---
This is just more proof that hackers are trying to destroy the world by stealing secret codes that could be used by TERRORISTS to crash GPS sattelites and make thousands of campers get lost! We need stricter computer crime laws. There needs to be a ten year minimum penalty for anyone who owns an access device or any computer part that the police don't understand. Let's put them in jail before they can give us software for free!
My Blog
Just what I always wanted, my own nuclear submarine. All I need to do is control the data feeds for their GPS... ;-)
Cringe as I take over your mail server. Oh wait....
-Ignore this post, please- NoOneSpecial
OS/COMET is a commercial command and control software application. They got the source code for a commercial application! Oh no!
Guess who just got Die Hard II on DVD? :)
Asikaa
Asikaa
Come in, twenty-seventy-seventy, your time is up.
Nah, fuck it.
ICBMs are worthless anyway. Look at it this way. If We first strike, then they retaliate, we all die. A first strike would be wrong anyway - we have no need for that ability - right? RIGHT?!?
Now, if "they" (they being whoever is todays bad guy) strike first. Well, fuck, we are dead anyway. ALL our ICBMs do i s make sure that noone survives.
Quite frankly, if they strike and I die... They can have the land, I don't give a shit if we kill them too. At that point, it doesn't matter anymore.
-Steve
"I opened my eyes, and everything went dark again"
According to Swedish press they had hired some external IT consultants to aid on the raid.
The raid was not conducted by the police but by the Enforcement agency.
The software company they raided has some free services like webspace and email, sorta like hotmail, freebox.com.The hacker/cracker had supposedly put up a copy of the files somewhere on freebox.com. The hacker/cracker goes under the 'hacker alias' LEEIF says the press too.
This info from an article in the Swedish newspaper 'Expressen' (in Swedish).
English is not my first language, so cut me some slack -: Om du kan lasa det har sa kan du Svenska
Plus, in any major conflict, the first thing to go down would be the GPS satellites, hence the military teaches alternate navigation skills (celestial, map reading for pilots, etc). Damage to the GPS system would mostly affect merchant shipping and just sort of annoy any military organization worth its salt.
Geoff
In space-based races, all the bases are satellites. Satellites now belong to the bad guys. SOooooo, theoretically, someone might legitimately state: well, you fill in the rest...
curiously, -dB
"It if was easy to do, we'd find someone cheaper than you to do it."
I thought the haiku was:
Yesterday it worked
Today it is not working
Windows is like that
No? At least that way it is actually following the haiku syllable pattern.
Jordan
I have to agree here.
Comming up with protocols for such things that are secure even when the protocol is known is really not too hard. Certainly not too hard for organizations who can drop a million dollars here and there without even noticing.
If they are stupid enough to use "Security through obscurity" when it would be nearly trivial for them to do it otherwise (I mean come on, does anyone think that the code hasn't been security audited by the NSA?) is silly and irresponsible.
So yea, if they did it that way, they do DESERVE to have whatever happens, happen.
-Steve
"I opened my eyes, and everything went dark again"
Also, the last time I checked SCUD's had a hard enough time taking off, never mind hitting something within range ;)
Of course, trying to find valid nuke blast radius information on the net that isn't "3D10 + (50% radius for air burst) - (50% damage for air burst)" is quite difficult :) http://www.algonet.se/~ellebell/rules/nukes.html
l
http://www.gamersorb.com/ut/ut_weps_redeemer.shtm
Pardon the "unofficial" links but google is fulla shit.
--Clay
Cool! Now maybe we will start seeing shirts with the GPS source on them.
One Minor Point:
a Small to Medium Nuke blast a km or two away is survivable, even if in a mine shaft or a moderately deep underground bunker. Much closer, especially a bomb dropped into the mine shaft where someone is hiding is much nastier. Even with a long mine shaft.
"It is a greater offense to steal men's labor, than their clothes"
Quick! Someone find Rupert Murdoch and frisk him!
--
Non-meta-modded "Overrated" mods are killing Slashdot
Non-meta-modded "Overrated" mods are killing Slashdot
(Hey Ryan! Here's your proof!)
Here's a good GPS info page, for those who aren't sure about things like selective availability, P/Y vs CA codes, the differnet bands, etc. Some people have mentioned some of this already, but this covers a decent amount without going to in depth. At the bottom it even mentions differential GPS, which is the concept behind the Wide Area Augmentation System (WAAS). Interesting stuff.
http://www.colorado.edu/geography/gcraft/notes/gpAll your GPS satellites are belong to us!
Carousel is a lie!
- A computer system containing any classified information can
- NEVER legally be connected to an unclassified computer system (e.g. the internet). Of course, sometimes this rule is broken by people like our former CIA director.
Thus, I very seriously doubt that someone was able to secure "top secret" information over the internet.Check out Chad's News
For those that don't know, SA is a set of two different time signals broadcast by the satelites. The military time signal is pure, but the civilian one had some noise injected into it to degrade the accuracy. Now that the signal degradation is no longer being done, your commercial receiver is just as accurate as the military versions.
Khadaffi | Saddam | Osama Bin Laden | Joe Militia just needs a unit from Garmin | Magellan | Trimble, and they can pick off anything in range. This has been the case for quite a while, as even with SA in use, the accuracy was about 100 FT. A good large bomb/missile has a blast radius larger than that.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
If that post right there isant enought for GW Bush to increase federal computer security I dont know what will be.
This reminds me og a James Bond movie.
Any one else?
Well, like or not, GPS is open source! Anyone install Linux on that thing yet :-) ??
My other car is first.
-----
crazy dynamite monkey
isn't this soooo superman III?
Where's Richard Pryor when we need him!!!
E.
www.randomdrivel.com -- All that is NOT fit to link to
Build Your Own PVR/HTPC news, reviews, &
But your off topic.
What is pirate software? Software for inventory of stolen treasure?
Chop Chop Master Onion would have them all hanged. :\
BilldaCat
Wasn't there any authentication or encryption in this software? I can't believe that just stealing the source code to a piece of software like this would give someone full reign of the satellite system. With a system like this you ought to be able to hand the source code out on the streets and not have it affect the security or the stability of any production systems.
RTFA... the investigation was led by the FBI. I'm sure the raid was under the authority of the Swiss law enforcement. The "computer experts" were probably just added to the team to search the hard drives. Also, all they did was raid the damn ISP.
Now this is interesting. If I recall correctly, the GPS system is designed so that the civilian devices are deliberately less accurate then the military devices. It has something to do with the satellites introducing a deliberate error, and simultaneously transmitting an encrypted data stream with the corrections for the error.
Now if the source code for the satellites has escaped, it's possible that someone could study the program and figure out how to crack the data-correction information, and the result could be "bootleg" GPS receivers with military-grade accuracy.
I've noticed that newspaper writers often slap the "top secret" label on things just for dramatic effect and don't seem to realize that it has a fairly specific meaning, at least to the government. As you imply, it would be highly improbable that a top secret computer system would be accessible via the internet.
The article clearly says "Source Code" not "access codes"
Exactly... Not if they had "passwords" for the signal generators or attitude control systems then there might be an issue. Except that the passwords would probably have been changed immediatly.
The only way the source code might be an issue is if it contains embedded back doors.
Codes, codes and more codes. There is a theory (deja sci.geo.sat-nav for ref) that the codes used by the GPS sats are unique. The reason for this is that they broadcast are exteremely predictable data. If they were discovered, then it would comprmise all US military sat communications. Some say the code was developed at the NSA in a "clean room" enviroment with new crypto experts.
SA was a pseuedo random delay put into the timing signals. The pseudo random SA offsets are predictable. Someone posted the pseudo random cryto polynomial years ago how ever no one ever got very far predicting it away. It may had had something to do with crap hardware used to induce the random signal which is a coil of wire and motor on the early sats. Some stats (PRN #1) never did SA at all. Others seemed to do it improperly. Someone (at trimble?) figured out you could find the exact bit start by looking for a bit that gets cut out of the encrypted military channel. The bit timing is so precise that its adjusts the start of the data stream based on exact seconds (down to the picosecond) but there is not nice way to get the baud rate divided into seconds because of inconsistant relativity time shifts. The basic idea is use the unencrypted data for position but figure out just what the time offset is beteeen the two signals. This is in addition to the time offsets because of the differen frequences used L1,L2,L5.
The keys for the military channel get generated on the ground and transmitted to all the sats. Usualy that happens from Colorado but could happen from other places too. Everything else is from fake random numbers generated based on well published routines.
And I quote Yahoo News, "A source code contains full details of how a software program works." (This is entitles an entire paragrah in the article.)
"The chief enemy of creativity is 'good taste'" -Pablo Picasso
Quite a cockmaster aren't you? True dat.
Actually, they turned off the encryption during the gulf war due to the lack of military grade gps receivers. Many troops were using standard commercial off the shelf receivers that could not decrypt anything no matter what they key was.
As for the ability to rekey, if the NSA is involved, there is always a way to rekey in the event of the disclosure of the key (they also have rather strict policies for the lenght of time that a key can be in use. The best thing is that the keys are typically distributed on paper tape because it is so easy to destroy).
What I really want to know is who attached a 'top secret' system to the internet (or any other non classified system). Having worked in that industry before, doing so was a very quick way to getting not only fired but thrown in jail.
Yes. Now that the source is had, let's get RMS to GPL it. :)
/*drunk.. fix later*/
Even where the ISP is innocent, people sometimes like to have a warrent before they allow gratuitous searches. I have one friend who handled the email at an ISP, and had the RCMP call up and ask for a tap to be put on a customer's email. He went, "sure -- fax me a copy of the warrent, and I'll have it set up shortly". According to him, the officer in question went ballistic at the request for a warrent. Sometimes makes me wonder if the request was legitimate.
In any case, the point is that the warrent may have been perfunctory, or they may have simply not known if the crack sourced from within the company that hosted the break-in connection. Whatever the reason, once they have a warrent, it's technically a raid -- no matter how happy/eager the company is to help the investigation.
The other thing you want to remember is that you don't want to have people doing their own investigation.... If some system admin thinks, "hey, I'll just poke around and see what I can find, then tar off the directory for them so they have a convenient copy -- `tar -cvaf /dev/tape /root/WeOwnU' WHAM -- there go all the Ctimes on the files, and half the Atimes (while you're poking around)! That can really mess up the investigation.
--
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Could this have anything to do with several JSOW missiles missing their targets by about 60 feet during the airstrikes against Iraq two weeks ago?
I think we've seen the first example of computer warfare against the US.
Conformity is the jailer of freedom and enemy of growth. -JFK
M$ really designed the sattalite software...
Thats why my GPS receiver takes so much time to start!
1) They stole the _Ground Station_ software.
2) You still need a ground based satellite station to make use of the software.
and I suspect the links up to the satellites are encrypted so:
1) the encryption algorithm is now considered public/compromised (safe assumption)
2) the keys are not compromised
Under standard protocols, the keys would be changed immediately and periodically thereafter (at least monthly). Particularly since the link also distributes the P(Y) weekly and monthly subkeys to the satellites.
-- Improve Windows - Buy a Mac!
No, the satellites have a KG-xx device inside. It handles Key generation/decryption and is linked with another device with a similar name for commands decryption and analysis (found that on the web somewhere.)
This system uses the TS crypto called "baton", thought to be somehow related to skipjack
I believe that is the mantra around here. I would have rejected your story too.
-- these are only opinions and they might not be mine.
Sweden and Norway (since you mentioned Johansen), are not totalitatian police states, and people there have similar rights as in the US. You have to keep in mind that police agencies/departments *do* cooperate over international borders, and there are such things as extradition treaties. Why dont you ask yourself how the #1 on the FBI's most wanted list (Bin Ladin) is not a US citizen? In short: they would have needed a warrant. Everything is not a conspiracy. And Before you get to it; I have lived in all 3 of the above mentioned countries.
I was a payload controller for 4 years. The components that do the encryption are bulky and cumbersome, and the software takes a month of classroom training only to qualify to sit by an experienced controller for OJT. Gimme a break.
Pedro
Pedro
----
The Insomniac Coder
The US Military has its own proprietary system of GPS satellites. They are completely separate from the commercial ones.
"Chill, Orrin!"---Trent Lott
Damn these hackers, damn them all to hell!!
I love the smell of Karma in the morning
There is more than MAD stopping it.
There is the fact that NOONE really aaactually wants to launch nukes. At least, noone who has enough nukes to wipe out the US.
Russia has enough nukes and ICBMs to do it. Noone in russia actually wants, or has ever really actually wanted, to nuke the US.
Did they have plans for it? Sure, thats what you do when your having a cold war, you come up with all sorts of plans for what you can do.
Noone who is in a position to command enough nukes to make a difference actually wants to nuke anything or anyone.
If anything their plans are based on the fact that the US is the only nation to have ever used nukes, and has stated (in leaked top secret documents, as recently as a couple of years ago) that it feels it has the right to be the first to use nukes in a conflict - EVEN AGINST NON-NUCLEAR ENEMYS!
-Steve
"I opened my eyes, and everything went dark again"
They fuck you up, your relatives
They fuck you up, your relatives
They probably do it to you because you are worthless.
Man, just because you are "equipped" doesn't mean you are doing it all the time! So if these guys have the code, they need a multi-million dollar control and communication systems to run it right? So what's the big deal?
--> Your Wisecrack Here
Uhm.. The cellphone would use GPS to determine your position, and then sends that information, via the CELL TOWER, to the 911 systems via landline
It doesnt have to send anything to the GPS satellite..
They fuck you up, your relatives
They fuck you up, your relatives
They probably do it to you because you are worthless.
Interesting points all but I think the one about not using GPS signals to guide weapons is wrong. IIRC, the last attack that the US launched on the Iraqi air defense infrastructure utilized weapons that were guided by gps. I remember the news story about the particular weapon - it was a gravity bomb that could be released about 40 miles from a target (from 30k feet up or something) and all guidance from there on out was gps-based.
Someone marked me flamebait????
That was clearly offtopic.
If tits were wings it'd be flying around.
GPS satellites do not determine your position. They basically just broadcast a very accurate time signal. The receiver looks to see how far out of phase the time signal from several satellites is to determine your position. At no point do the satellites ever even know that your receiver exists, much less know where it is.
I could be wrong here, but the documentation for the GPS I got for my Palm Pilot said that it was a receive only protocol, so I receive telemetry data but am not sending any. Given the range of Cell phones, wouldnt a GPS have to be much larger to send data back into orbit???
http://www.matthewmiller.net
"Live Free or Die." Don't like it? Then keep out of the USA
Yes, the Internet is a VERY weak network. Why i just took it down yesterday.
Sanchi
"They said we couldn't do it [Athlon]... but we built it, we shipped it... and we didn't have to recall it." Rich Heye
At some military base that operates those sats, all of a sudden all the screens start flashing: Ph43r Us!! W3 0Wn YouR GP$ $y$tem!!!! L33t!!!!
I'd like to take this opportunity to tell the world that the first thing Swedes and Swiss talk about when they meet in the US, is the Americans annoying incapability of telling our countries apart. It's good for a few laughs.
Not that Swedes are any better at telling Idaho and Iowa apart.
Generally speaking, these kinds of leeks (if it's even true) come from the gov't.
Although Gov't work does pay off, software companies get screwed all the time. Basically, the gov't doesn't have to have any accountibility to with these types of products. They can even go so far as to call tech support and when questions on who and where they are refuse to answer and demand support. Not a lot you can do if you want to keep your contract. This fosters some pretty lax standards.
Again, this story has a 50-50 chance of ending up in the Hoax category like the "spy satilite" taken over bit last year.
I hope they don't find out the hacker was using a linux or bsd box
:(
If M$ started saying that Linux and BSD are breeding grounds for hackers who pilfer topsecret information that could get the ball rolling on anti open-source OS Laws
---
-shut up
The code is for GPS and rockets.
How many individuals would use this? Some countries and mega-corporations would I'm sure but this is hardly the thousands of eyes needed to look and test each piece of code.
I'm not sure that Open Source would have been that much better than the people they already had working on it.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
This is just like that james bond movie where they stole the secret computer LEDs that controlled the GPS satelite and steared a sub offcourse and then sank it. How cool is that?
The guy grabbed the code months ago and nobody knew what he had until now!? I bet that sometime in the future in will be found out that the people that hacked MS got all the code to Whistler or something.
__________________ Hey Moderators!! Fuck Off! Thanks.
I used to work in satellite control. OS/COMET is a commercial satellite control package that is (highly) customized for a particular satellite. It is mainly used for *monitoring* health and status of a particular bird. All satellites use encryption for commands, so having access to this software is worthless. It is probably annoying for the company to have this source code out, but by no stretch of the imagination is it a threat to any existing satellites.
This just in...the stolen source code was originally kept on a server at Los Alamos...details at 11...
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
Mind you, with NASA up the proverbial creek, that's probably what we'll end up with. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Servo: You don't know how to fly. Mike: Sure I do! I'm fully instrument-rated for Microsoft Flight Simulator. Crow: Well, then you fly the Satellite of Love! Servo: Yeah. Mike: What, this thing? No, I can't do that, see, 'cause it's not the same. There's no air-foil, so there's no ability to turn when you're up in the... Oh, alright, alright. Fine, you two. Spread out, spread out! Gypsy: What would you do on the drunken sea, early in the morning? Hey, hey... Mike: Okay. Out, baby. Out, out, out, out, out. Gypsy: Well, don't come crying to me when you get us all killed. Mike: Alright, okay. Let's see here... Well hey, this is going to be easier than I thought! Hehehe. ...Oh!
Servo: The hell?
Crow: Hey Mike, you hit something! It's the Hubble! You killed the Hubble!
Mike: Gypsy, could you please maybe help...
Gypsy: Uh-uh! No way! This is your dishwashing liquid, you soak in it!
Mike: Ah, ah! The Manipulator Arm! The, the Manipulator Arm.
Servo: Carefully, carefully... There Wait, wait. It's only $6 billion, remember.
Crow: Hope you're insured, Mike.
Servo: It's just the most expensive satellite ever built.
Crow: It's very fragile... Well, was very fragile.
Servo: Better leave a note on the windshield, Mike.
Crow: Yeah. Just back away slowly, and... Aah!
Servo: Don't do that!
Mike: Oh! I'm sorry. I'll just... Now, I'll just release it gently like a sparrow into the night's sky.
Crow: Good night, sweet Hubble, and a flight of angels sing thee to thy rest.
Mike, Crow and Servo: Aah!
Crow: Oh, good one, Mike.
cryptochrome
---If you can't trust a nerd, who can you trust?
what are the odds of someone like saddam or khadaffi being able to have super accurate missiles?
Access to - a significant portion of the GPS satelites, and the code for how a GPS satalite actually determines your position, would probably increase odds emensely...
You say you want a revolution?
Since when are 'computer experts' policemen?
Actually, it would be the other way around. Police men can be computer experts. However, what I've read in the local news is that police hired five computer consultants to help them in the raid
Did they have a warrant?
The police had one, yes.
The mystery here is.. why the raid? Obviously they must have figured someone at the company being an accomplice in the crime, or they would simply had asked for access. Of course now they know they look stupid for raiding the place (which is not commonplace over here), and so they're doing damage control in the media by saying how pleased they were with the company being open and helpful during and after the raid.
Apparantly the company, whose name I forgot, runs a webhotel-ish service, and the alleged criminal simply used them for free space. That got them raided.
So yes, it's fishy. Local police probably relied heavily on information only coming from the FBI. Bleeech.
Belief is the currency of delusion.
>the Americans annoying incapability of telling our countries apart
....". I guess Dutch and Denmark start with the same letter :-)
I can tell you an even better story. I got my US recreational pilots license (rpl) based on my Dutch (that means I'm from The Netherlands aka Holland) license. So I got a temporary license, and the permanent one would be sent to me. When I finally got it, it said: "...only valid with Denmark license #xxxxxxx
nosig today
I agree.
Someone marked me down as Flamebait also.
Offtopic I can understand.
Over-rated I could understand.
Troll I would accept (but not agree with).
But Flamebait?
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
Wouldn't a nazi jew bitchslap himself?
That's right. The correct spelling is Kobenhavn. Well, close enough, anyway...
That said, I think it's time I changed my
Repeat after me, until it gets through the tinfoil helmet.
One. Way. Transmission.
GPS receivers are no more able to send back YOUR location as your Walkman is of telling the radio station that you've tuned in.
Remember Byron!
Allow me to apoligize, I made a slightly small mispelling in my post. Of course this is my being a vulgar American. I swapped the b for the p.
Tired of sitting at that karma cap? Start a flame war today! See just how low you can go!
In A.D. 2001
Cyberwar was beggining
Captin: What happen?
Mechanic: Someone set up us a crack
Opperator: we get signal
Captin: Main Bluescreen turn on
Captin: It's you
Cats: How are you gentalmen
Cats: All your GPS sattalites belong to us
Cats: You are on the way to being lost
Captin: What you say?
Cats: You have no way to find you way around make your time
Cats: hahaha...
Unless something has changed all planes have either barometric or radio altimeters which are the primary means of determining altitude. Autopilot controlled landings use these in conjunction with radio signals to determine the approach path. So while this might be an inconvenience I strongly doubt it would cause any planes to crash.>br>
Change all locations of Starbucks to the worst neighborhood in that city.
Actually, you missed HIS point
what he said, translated, is
"THERE IS NO WAY FOR THOSE SATELLITES TO FIND OUT ANYTHING ABOUT YOU, SO THEY CAN NOT VIOLATE YOUR PRIVACY/SECURITY"
So many of the comments on this article appear to be either off-topic or wrong.
For more information about the system itself, please see: http://biz.yahoo.com/prnews/001220/fl_exigent.html
Note also that GPS is merely a method for determining your position and as such even if "Evil people" have control over GPS, then the wrong signal still will not control anything...okay, some stuff, but very little is solely controlled by GPS.
Also, please note that this was merely the source code for the programs that allow communication with the GPS satellites, not access codes (not necessarily easy to determine) nor even the communication signal frequency(ies) (although that would probably be pretty easy to determine).
Is it me or is the HYPE here at Slashdot getting out of control?
--Later, friends--
--Later, friends--
Frogisis, Master of
Computer experts raided the offices of an information technology company in Stockholm last month and found a copy of the source codes for the software program OS/COMET
I'm sure the raid was under the authority of the Swiss law enforcement
The Swiss have jurisdiction in Stockholm???
somebody know just a little too much here. I mean, how convenient is this???
I hope that I am not being redundant..
Seriously? How many flaming aircraft parts have fallen on your house? I suppose 1 would count as "too many". But I'd be interested in hearing your tale...
________________________________________________
________________________________________________
suwain_2
Now shipping could be seriously endangered. Imagine reaching land a couple miles early..perhaps before you are even looking for navigation lights.
t
Wouldn't the satellite's boot software be in ROMs so that they could do a clean reload of the rest, with a new passwords?
Someone's been watching Die Hard II lately ;)
Umm...the code in question is 'unclassified' and 'now sold commercially' according to CNN reports on the story. http://www.cnn.com/2001/TECH/internet/03/02/navy.h acker.ap/index.html
.
I once found complete blueprints for a US nuclear weapons storage/containment facility; with details of the thickness and construction of walls, doors, etc. and locations of pretty much everything - including wiring diagrams for security systems.
I found 'em in a tube laying in the hallway of a building where several small companies (none of which had any obvious connection to the US fedgov) had just moved out (I was scavenging telco equipment if you must know).
Since I have a few aquaintances in low places, I arranged for the prints to be "discovered" outside the doorway of a naval installation with a neatly laser-printed note detailing where they'd been found originally.
I'm a little too paranoid to turn something like that in personally... might get Waco'ed or Rosenberged by the fedthugs.
--Charlie
Can be found here
Maybe they're just looking for a good game of interstellar pong...
Which falls out of the sky first: Mir or the Global Positioning System?
(2,3-Benzopyrrole)
Accordiing to the article: Computer experts raided the offices of an information technology company in Stockholm last month and found a copy of the source codes for the software program OS/COMET Since when are 'computer experts' policemen? Did they have a warrant? This reminds me of Jon Johansen's statement wondering about why the police in his country arrested him for a 'crime' theoretically committed in the U.S..
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
That cunt is fucking UGLY. (A) she's a gook (B) she has a lazy eye (C) she's fat (D) she's not white.
So your sister^h^h^h^h^h^hwife would be pretty upset if you showed up with her at the KKK rally?
"A source code contains full details of how a software program works."
Ah! So that's what source code is for! And I suppose that the words provide full details of what a book is about?
I can see it now. 10 thousand slightly confused 40-something yuppies all the sudden completely unable to get anywhere because they've learned to rely on their fancy On Star GPS in their DeVilles. Break out the map and compass.
I don't have an anger problem, I have an idiot problem
Dubya has no more clue than his old man did in front of a super-market checkout.
What are you thinking of? That he'll RTFM? He's dyslexic dude. He can't.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
How would you manage the development of an Open Source rocket guidance system? How many people would you find who would test it? Part of the reason Linux has grown the way it has is because anyone can set up their own test system (Assuming sufficient technical skill). How does Joe Blow hacker set up a test environment for Rocket Guidance?????
http://www.matthewmiller.net
"Live Free or Die." Don't like it? Then keep out of the USA
I for one have already have too many flaming aircraft parts fall on my house. So, why is this a good thing? It's [b]BAD[/b] to hack certain things (like our ICBM aresnal).
Douglas Adams
1952-2001 :(
Generally speaking, these kinds of leeks (if it's even true) come from the gov't.
.. most leeks come from farmers' fields.
Really?
Leaks are another matter.
--
Delphis
Helsinki is in Finland, Stockholm is in Sweden, Oslo is in Norway, Cobenhagen is in Denmark, and I am in Alabama.
If you are going to call someone and idiot, at least get your info right.
Get Geeky wid'it! Na, na, na, na, nana, na!!
Tired of sitting at that karma cap? Start a flame war today! See just how low you can go!
However, if the source code does exist, and does give sufficient information to allow the decoding of the data-correction information, it means that, for anyone with a hacked GPS receiver, they can still get an accurate signal even if the US government turns the scrambling back on.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Russia should beg the US to make a missile defense system, knowing our history with weak networks, they can just break in and take it over whenever they need it.
The noise perturbation function was turned off (set to introduce an error of zero) about a year ago. This feature of the system is called 'Selective Availability'. This can still be adjusted for military purposes, even on a regional basis, but SA is a dying feature.
Too many of our (western) armed forces rely on non-milspec GPS units. If the milspec receivers are in short supply, Magellan and Garmin civilian units are often used in the field instead.
The error introduced is variable, but still smaller than the inherent error in a non-modern missile system such as Iraqi/Russian SCUD. More modern weapons would hit a target by video or uv laser seeking reckoning, not by onboard GPS receipt.
Civilian uses for SA=0 are the official reason it was shut off. An ambulance called to a location given by an OnStar GPS would potentially know which side of the road it's talking about; important where a highway has long tall medians. Also, civil pilots rely on GPS heavily for lesser-mapped airstrips.
[
Why do that when you can just set one satalite's perception of ground to -500 feet around LAX, Dulles, Cape Canaveral, Hethro, and/or Logan? It may not be much to planes taking off, but those landing might get big a surprise 500 feet earlier.
...This is of course assuming that they have complete control over those kinds of operating parameters and can access and change sepecific fields of a satalite (the whole "access codes" vs. "software code" discussion in another thread).
The terrorist action against PANAM in 1988 (Lockerbie, Scotland) would be nothing in comparrision to 4 or 5 planes smacking into the ground within 15 minutes of eachother at various airports worldwide.
You say you want a revolution?
Check Freshmeat II for any suspicious copies of Missile Commander. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Seeing as the only reason that Khadaffi is alive is because of a GPS mis-calcualtion!
Good point, well Valdez X5 with no Alcoholic Skippers then....
You say you want a revolution?
I don't usually consider myself an open source zealot, although I'm generally in favor of it. However, it seems like this case could be used as a great argument for it -- or at least, an illustration of where it might be good or bad.
First of all, as has been mentioned, the article says the the source code, not the security codes, was stolen. If, however, the source code was open to public scrutiny, any holes which the thieves might make use of would more likely have been found by now. Since everyone could get the source, there would be no advantage to stealing it.
Mind you, there's a flip side to this. If the source code was open, it would be easier for Random Joe l33t, if he managed to find a security hole first, to break in -- since he didn't have to go through the trouble to steal the source in the first case. Which brings us back to square one -- security through obscurity.
I don't have an answer to this -- just a thought.
-Puk
I'd just have to play chicken with the International Space Station!
and re-instate the mission to Pluto!
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
All your GPS are....ahh never mind.
---
Isn't this almost exactly what happened in the simulated space war with China? You'd think they'd be better prepared.
Bite the hand.
On a darker note, this is potentially very bad. Does not the US military use the global positioning system in tactical weapons guidance systems? I'd looove that to malfunction :(
(2,3-Benzopyrrole)
Looks like you would still have to be a rocket scientist, or more exactly, a satellite scientist, to know how to precisely use it.
but of course, they could do a rewrite of the protocols, but that could take a while.
"It is a greater offense to steal men's labor, than their clothes"
Yea, wtf do you think they would do when somone found a bug. Try to reprogram them? What if they arent reporgrammable. Assuming they aren't would mean open source would be pretty stupid. People could find all the bugs, but there would be no way to fix them. The only differences there would be if this was open source would be that the hacker wouldn't have to look for the backdoors himself, and 1337 d00dz would be h4x0ring them months ago.
Hmm.... Could be the next DeCSS
A would be hacker cock errects instantly.
..... oh Christ, shiver....
Picture this. Dark room. Cigarettes. Later era KMFDM. A Plan-9 laptop. They have the code for the satelittes!!! Now, they are one path sort of setting up us the fucking bomb! This is like every hacker movie amplified by a notch... Mabye they can crush the fucking White House? I'd push carriage return with my cock
mwtr / THIS SIG HAS BEEN PRAYED OVER AND MAY BE USED AS A POINT OF CONTACT (ACTS 19:12)
Cop1: "We found the thieves! They're at ## West by ## North!"
Cop2: "Good job! We're loading the coordinates into our GPS-guided missiles now. Let's see them try to jam this!"
no one has said "GPS SUCKS ITS NOT OPEN SOURCE ENOUGH!" yet. *knocks on wood*
-
- The source code that was stolen is only
for some of the ground stations. At best,
someone might now have better understanding
of what messages to the satellite would
cause what results--but to the best of
my knowledge, none of that information is
classified (For Official Use Only at best.)
If the source code *was* classified (which
is unusual but possible) it was possibly
at the SECRET level, but no higher.
- Nothing cryptographic was affected. There
are two separate cryptosystems involved--
the ones used to protect controlsatellite
comms, and the ones used to protect
satellite -> GPS receiver (one-way) comms.
No information about the cryptosystems was
in the program source code, and none of
the actual keying material was compromised.
- Even if the cryptosystem had been
revealed *AND* some keying material had been
compromised, then the Controlling Authority
for the keying material would direct an
emergency supercession, and the authorized
users would go to the new keying material,
and the system would be back to a secure
mode.
Bottom line--the press got their panties improperly in a knot due to failure to check the facts. Let's not spend all day talking about what a big deal this is, since it's not. The fact that someone out there has some program code for a US ground station is really just not a big deal--you can't get there from the Internet. Even if you could, and you had the source code for some of the control programs, it doesn't mean that you could commandeer a satellite. Really.There seems to be a bit of confusion about this.
I know GPS was encrypted with a perturbation signal, which if you could decrypt it allowed you to determine your position more precisely. Now that they've turned off those codes, that is no longer the case.
There was one perturbation code for all the GPS satelites; the behavior shown during the gulf war (turning the encryption off rather than distributing secure receivers to troops) indicates that the satelites cannot be re-keyed.
I imagine that many of the secret keys are hardcoded into the programs, thus mudding the line between the two. Is a program partially evaluated over a key secure or obscure or both?
Hopefully there is significant redundant security in the system. You know that the NSA aint that stupid. They realise that obscurity != security, but they DO know that obscurity AND security is better than either of the alternatives alone.
Hopefully the cipher codes remain secret, while the algorithms and protocols have been exposed.
Damn that's funny.
I'm an American who worked for a month in Sweden in January. Believe me, I would find it impossible to confuse Sweden and Switzerland.
Switzerland is the country where my frozen nuts are currently NOT located in.
If tits were wings it'd be flying around.
...the systems people were told by their bosses, "don't worry, what do we have that anyone would be interested in stealing?" like all the rest of us have heard? :)
--
Remove the rocks to send email
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Now all we need is someone to steal some cell phone traceing software and we've got a job for Charlie's Angel's. Oh Lucy Lui. Rescue me, please. Was it the Chad?
The article clearly says "Source Code" not "access codes". All this means is the military (and Exigent) will getting their first lesson is Systems Security 101: Obscurity != Security.
cat