Slashdot Mirror
Code for Running GPS Satellites Stolen
twivel was one of many to send this in: "According to this article a hacker has obtained top secret space codes that could yield access to guiding ships, rockets and satellites. Why launch your own spy satellite when you can just borrow ours?" The funny thing is that the code was stolen only a couple of days after it was deployed.
The wording of the headline is a little deceptive... if you read carefully, you will see that it was actually the source code that was stolen, not "secret codes" for accessing the system. Of course, the source code might give someone some insight into how the system works which may allow them to hack in, but it's not like someone has stolen the launch codes for the Army's fleet of ICBM's...
This sig is umop apisdn.
So they got the source code for guiding the systems. If the system is properly engineered, it shouldn't matter if you know how to guide it, you still need access to the system. If the system is poorly engineered, I'm going to buy some pillows like that TV guy in Willabong Australia or wherever.
Actually, you are talking about two different things. Selective Availability, the degredation of the general-use signal, was turned off last January. However, you seem to have confused SA with the different codes available.
There are two (three, actually) codes transmitted by the GPS satellites. The C/A-code (coarse/acquisition) is the "general use" code, available to all, and (formerly) subject to SA. The P-code (precision code) is the "military" code; it requires special receivers, and you have to have a DoD license to get said receivers. The third code is the Y-code, and is used in conjunction with the P-code, and is not relevant for this discussion.
There is no way to get to the P-code from the C/A-code; the P-code is approximately 1 millisecond in length (1,024 bits, transmitted at 1.023 MHz); the P-code is a week long, even transmitted at ten times the rate (10.23 MHz).
The C/A- and P-codes are not "encrypted" in the classical sense of the word, they are just signal formats. (The P-code is encrypted to form the Y-code, but that's another matter.) SA does not perform any "encryption" on the C/A-code, it blurs the timing slightly between satellites, so your receiver doesn't know the precise length of time the signal took to arrive from the satellite. This causes the receiver to have a certain amount of ambiguity, and degrades the accuracy of the signal.
For more information on the system, check out the Naval Observatory's site on GPS.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
The story implies that the "codes" were stolen, but the code that was stolen was source, not encryption keys.
It implies that a lone hacker in a foreign land got through a high-security installation to steal sensitive data. A team of hackers broken into what was probably a semi-secured system and got something that's probably been superseded by code changes already.
It states that the source code stolen is Top Secret. OS/Comet is not Top Secret. It's not Secret. It's not even Confidential/NOFORN. It might be used by some installations for Top Secret stuff, but I doubt it, and if they did it would be like saying "swedish teen-aged janitor steals Top Secret floor buffer!" When did Reuters become the Weekly World News?
It implies that the script kiddies can use it to control satellites. Well, yes, but only if they happened to steal the OTP, too. And if they did it's really easy to confound them by replacing the OTP. They can't control anything.
Someone else here posted that Exigent had "just deployed" OS/Comet. Huh. Heh. I've seen the insides of Comet, years ago, and baby, there's stuff in there that's older than most people here.
Now, that's not to say that Exigent should blow them off. It's proprietary software, and they make millions per year off of it. Mostly by selling consulting support to wedge the elephant into whatever hatbox it's being bought to drive, but still.
--Blair
--
Vidi, Vici, Veni
This provides even more support for the government moving to open source. If an open source model was adopted for this type of project then the system would have sufficient security that examination of the source ideally would not be an issue of national security. Who knows what backdoors the hacker has uncovered?
---
Plus, in any major conflict, the first thing to go down would be the GPS satellites, hence the military teaches alternate navigation skills (celestial, map reading for pilots, etc). Damage to the GPS system would mostly affect merchant shipping and just sort of annoy any military organization worth its salt.
Geoff
Cool! Now maybe we will start seeing shirts with the GPS source on them.
One Minor Point:
a Small to Medium Nuke blast a km or two away is survivable, even if in a mine shaft or a moderately deep underground bunker. Much closer, especially a bomb dropped into the mine shaft where someone is hiding is much nastier. Even with a long mine shaft.
"It is a greater offense to steal men's labor, than their clothes"
Here's a good GPS info page, for those who aren't sure about things like selective availability, P/Y vs CA codes, the differnet bands, etc. Some people have mentioned some of this already, but this covers a decent amount without going to in depth. At the bottom it even mentions differential GPS, which is the concept behind the Wide Area Augmentation System (WAAS). Interesting stuff.
http://www.colorado.edu/geography/gcraft/notes/gpFor those that don't know, SA is a set of two different time signals broadcast by the satelites. The military time signal is pure, but the civilian one had some noise injected into it to degrade the accuracy. Now that the signal degradation is no longer being done, your commercial receiver is just as accurate as the military versions.
Khadaffi | Saddam | Osama Bin Laden | Joe Militia just needs a unit from Garmin | Magellan | Trimble, and they can pick off anything in range. This has been the case for quite a while, as even with SA in use, the accuracy was about 100 FT. A good large bomb/missile has a blast radius larger than that.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
If that post right there isant enought for GW Bush to increase federal computer security I dont know what will be.
RTFA... the investigation was led by the FBI. I'm sure the raid was under the authority of the Swiss law enforcement. The "computer experts" were probably just added to the team to search the hard drives. Also, all they did was raid the damn ISP.
The article clearly says "Source Code" not "access codes"
Exactly... Not if they had "passwords" for the signal generators or attitude control systems then there might be an issue. Except that the passwords would probably have been changed immediatly.
The only way the source code might be an issue is if it contains embedded back doors.
Actually, they turned off the encryption during the gulf war due to the lack of military grade gps receivers. Many troops were using standard commercial off the shelf receivers that could not decrypt anything no matter what they key was.
As for the ability to rekey, if the NSA is involved, there is always a way to rekey in the event of the disclosure of the key (they also have rather strict policies for the lenght of time that a key can be in use. The best thing is that the keys are typically distributed on paper tape because it is so easy to destroy).
What I really want to know is who attached a 'top secret' system to the internet (or any other non classified system). Having worked in that industry before, doing so was a very quick way to getting not only fired but thrown in jail.
No, the satellites have a KG-xx device inside. It handles Key generation/decryption and is linked with another device with a similar name for commands decryption and analysis (found that on the web somewhere.)
This system uses the TS crypto called "baton", thought to be somehow related to skipjack
Sweden and Norway (since you mentioned Johansen), are not totalitatian police states, and people there have similar rights as in the US. You have to keep in mind that police agencies/departments *do* cooperate over international borders, and there are such things as extradition treaties. Why dont you ask yourself how the #1 on the FBI's most wanted list (Bin Ladin) is not a US citizen? In short: they would have needed a warrant. Everything is not a conspiracy. And Before you get to it; I have lived in all 3 of the above mentioned countries.
Damn these hackers, damn them all to hell!!
I love the smell of Karma in the morning
Someone marked me flamebait????
That was clearly offtopic.
If tits were wings it'd be flying around.
GPS satellites do not determine your position. They basically just broadcast a very accurate time signal. The receiver looks to see how far out of phase the time signal from several satellites is to determine your position. At no point do the satellites ever even know that your receiver exists, much less know where it is.
I could be wrong here, but the documentation for the GPS I got for my Palm Pilot said that it was a receive only protocol, so I receive telemetry data but am not sending any. Given the range of Cell phones, wouldnt a GPS have to be much larger to send data back into orbit???
http://www.matthewmiller.net
"Live Free or Die." Don't like it? Then keep out of the USA
I'd like to take this opportunity to tell the world that the first thing Swedes and Swiss talk about when they meet in the US, is the Americans annoying incapability of telling our countries apart. It's good for a few laughs.
Not that Swedes are any better at telling Idaho and Iowa apart.
Generally speaking, these kinds of leeks (if it's even true) come from the gov't.
Although Gov't work does pay off, software companies get screwed all the time. Basically, the gov't doesn't have to have any accountibility to with these types of products. They can even go so far as to call tech support and when questions on who and where they are refuse to answer and demand support. Not a lot you can do if you want to keep your contract. This fosters some pretty lax standards.
Again, this story has a 50-50 chance of ending up in the Hoax category like the "spy satilite" taken over bit last year.
"Selective Availability" - the US government's policy of degrading the GPS signal available to commercial and civilian receiver operators was ended last year.
Selective regional or local denial of GPS signals (through the equivalent of jamming) is possible, howvever.
Just some hopefully useful background information.
D
ELITISM: It's always lonely at the top. Uninvited company is rarely welcome.
Mind you, with NASA up the proverbial creek, that's probably what we'll end up with. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Servo: You don't know how to fly. Mike: Sure I do! I'm fully instrument-rated for Microsoft Flight Simulator. Crow: Well, then you fly the Satellite of Love! Servo: Yeah. Mike: What, this thing? No, I can't do that, see, 'cause it's not the same. There's no air-foil, so there's no ability to turn when you're up in the... Oh, alright, alright. Fine, you two. Spread out, spread out! Gypsy: What would you do on the drunken sea, early in the morning? Hey, hey... Mike: Okay. Out, baby. Out, out, out, out, out. Gypsy: Well, don't come crying to me when you get us all killed. Mike: Alright, okay. Let's see here... Well hey, this is going to be easier than I thought! Hehehe. ...Oh!
Servo: The hell?
Crow: Hey Mike, you hit something! It's the Hubble! You killed the Hubble!
Mike: Gypsy, could you please maybe help...
Gypsy: Uh-uh! No way! This is your dishwashing liquid, you soak in it!
Mike: Ah, ah! The Manipulator Arm! The, the Manipulator Arm.
Servo: Carefully, carefully... There Wait, wait. It's only $6 billion, remember.
Crow: Hope you're insured, Mike.
Servo: It's just the most expensive satellite ever built.
Crow: It's very fragile... Well, was very fragile.
Servo: Better leave a note on the windshield, Mike.
Crow: Yeah. Just back away slowly, and... Aah!
Servo: Don't do that!
Mike: Oh! I'm sorry. I'll just... Now, I'll just release it gently like a sparrow into the night's sky.
Crow: Good night, sweet Hubble, and a flight of angels sing thee to thy rest.
Mike, Crow and Servo: Aah!
Crow: Oh, good one, Mike.
cryptochrome
---If you can't trust a nerd, who can you trust?
what are the odds of someone like saddam or khadaffi being able to have super accurate missiles?
Access to - a significant portion of the GPS satelites, and the code for how a GPS satalite actually determines your position, would probably increase odds emensely...
You say you want a revolution?
Since when are 'computer experts' policemen?
Actually, it would be the other way around. Police men can be computer experts. However, what I've read in the local news is that police hired five computer consultants to help them in the raid
Did they have a warrant?
The police had one, yes.
The mystery here is.. why the raid? Obviously they must have figured someone at the company being an accomplice in the crime, or they would simply had asked for access. Of course now they know they look stupid for raiding the place (which is not commonplace over here), and so they're doing damage control in the media by saying how pleased they were with the company being open and helpful during and after the raid.
Apparantly the company, whose name I forgot, runs a webhotel-ish service, and the alleged criminal simply used them for free space. That got them raided.
So yes, it's fishy. Local police probably relied heavily on information only coming from the FBI. Bleeech.
Belief is the currency of delusion.
Because I'm afraid we'd have to mod you down as well.
GPS signals contain two separate codes for position locating: C/A (Coarse Acquisition) and P (Precise). C/A was indeed degraded by Selective Availability, and SA was turned off by order of the President in May of last year. However, the way it works is that the C/A code only modulates the L1 carrier (1545.72 MHz) at a 1MHz rate, while the P code modulates both the L1 and L2 carriers at a 10MHz rate. Furthermore, the P code is encrypted (which is then referred to as the "Y" code.) The military GPS recievers typically acquire the easier L1 code first and from there scan for the P code.
The C/A code is still good only to a few meters, while the combination of the two carriers carrying the P code is able to detect and compensate for atmospheric disturbances yielding an accuracy of 10cm or less.
For a much better explanation, see Trimble's How GPS works article.
John
John
Repeat after me, until it gets through the tinfoil helmet.
One. Way. Transmission.
GPS receivers are no more able to send back YOUR location as your Walkman is of telling the radio station that you've tuned in.
So many of the comments on this article appear to be either off-topic or wrong.
For more information about the system itself, please see: http://biz.yahoo.com/prnews/001220/fl_exigent.html
Note also that GPS is merely a method for determining your position and as such even if "Evil people" have control over GPS, then the wrong signal still will not control anything...okay, some stuff, but very little is solely controlled by GPS.
Also, please note that this was merely the source code for the programs that allow communication with the GPS satellites, not access codes (not necessarily easy to determine) nor even the communication signal frequency(ies) (although that would probably be pretty easy to determine).
Is it me or is the HYPE here at Slashdot getting out of control?
--Later, friends--
--Later, friends--
Frogisis, Master of
somebody know just a little too much here. I mean, how convenient is this???
I hope that I am not being redundant..
Seriously? How many flaming aircraft parts have fallen on your house? I suppose 1 would count as "too many". But I'd be interested in hearing your tale...
________________________________________________
________________________________________________
suwain_2
Accordiing to the article: Computer experts raided the offices of an information technology company in Stockholm last month and found a copy of the source codes for the software program OS/COMET Since when are 'computer experts' policemen? Did they have a warrant? This reminds me of Jon Johansen's statement wondering about why the police in his country arrested him for a 'crime' theoretically committed in the U.S..
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
I can see it now. 10 thousand slightly confused 40-something yuppies all the sudden completely unable to get anywhere because they've learned to rely on their fancy On Star GPS in their DeVilles. Break out the map and compass.
I don't have an anger problem, I have an idiot problem
How would you manage the development of an Open Source rocket guidance system? How many people would you find who would test it? Part of the reason Linux has grown the way it has is because anyone can set up their own test system (Assuming sufficient technical skill). How does Joe Blow hacker set up a test environment for Rocket Guidance?????
http://www.matthewmiller.net
"Live Free or Die." Don't like it? Then keep out of the USA
However, if the source code does exist, and does give sufficient information to allow the decoding of the data-correction information, it means that, for anyone with a hacked GPS receiver, they can still get an accurate signal even if the US government turns the scrambling back on.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Russia should beg the US to make a missile defense system, knowing our history with weak networks, they can just break in and take it over whenever they need it.
The noise perturbation function was turned off (set to introduce an error of zero) about a year ago. This feature of the system is called 'Selective Availability'. This can still be adjusted for military purposes, even on a regional basis, but SA is a dying feature.
Too many of our (western) armed forces rely on non-milspec GPS units. If the milspec receivers are in short supply, Magellan and Garmin civilian units are often used in the field instead.
The error introduced is variable, but still smaller than the inherent error in a non-modern missile system such as Iraqi/Russian SCUD. More modern weapons would hit a target by video or uv laser seeking reckoning, not by onboard GPS receipt.
Civilian uses for SA=0 are the official reason it was shut off. An ambulance called to a location given by an OnStar GPS would potentially know which side of the road it's talking about; important where a highway has long tall medians. Also, civil pilots rely on GPS heavily for lesser-mapped airstrips.
[
Why do that when you can just set one satalite's perception of ground to -500 feet around LAX, Dulles, Cape Canaveral, Hethro, and/or Logan? It may not be much to planes taking off, but those landing might get big a surprise 500 feet earlier.
...This is of course assuming that they have complete control over those kinds of operating parameters and can access and change sepecific fields of a satalite (the whole "access codes" vs. "software code" discussion in another thread).
The terrorist action against PANAM in 1988 (Lockerbie, Scotland) would be nothing in comparrision to 4 or 5 planes smacking into the ground within 15 minutes of eachother at various airports worldwide.
You say you want a revolution?
Check Freshmeat II for any suspicious copies of Missile Commander. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Seeing as the only reason that Khadaffi is alive is because of a GPS mis-calcualtion!
Good point, well Valdez X5 with no Alcoholic Skippers then....
You say you want a revolution?
The American GPS system is used by both the military and civilians. Up until a few years ago, the civilian users only had access to signals degraded by "Selective Availability," and were only good to +/- 300 meters or so.
Of late, SA has been turned off, and now both civilian and military users have the high-accuracy signal. This was in part due to the FAA's efforts to "undo" SA though their WAAS, Wide Area Augmentation System. WAAS stations near major airports would provide additional resolution to SA-crippled GPS so that precision approaches based on GPS could be created. Currently GPS approaches are non-precision (lateral guidance only, no altitude guidance), and usually are overlays of existing VOR or NDB approaches.
I don't usually consider myself an open source zealot, although I'm generally in favor of it. However, it seems like this case could be used as a great argument for it -- or at least, an illustration of where it might be good or bad.
First of all, as has been mentioned, the article says the the source code, not the security codes, was stolen. If, however, the source code was open to public scrutiny, any holes which the thieves might make use of would more likely have been found by now. Since everyone could get the source, there would be no advantage to stealing it.
Mind you, there's a flip side to this. If the source code was open, it would be easier for Random Joe l33t, if he managed to find a security hole first, to break in -- since he didn't have to go through the trouble to steal the source in the first case. Which brings us back to square one -- security through obscurity.
I don't have an answer to this -- just a thought.
-Puk
All your GPS are....ahh never mind.
---
Looks like you would still have to be a rocket scientist, or more exactly, a satellite scientist, to know how to precisely use it.
but of course, they could do a rewrite of the protocols, but that could take a while.
"It is a greater offense to steal men's labor, than their clothes"
There seems to be a bit of confusion about this.
I know GPS was encrypted with a perturbation signal, which if you could decrypt it allowed you to determine your position more precisely. Now that they've turned off those codes, that is no longer the case.
There was one perturbation code for all the GPS satelites; the behavior shown during the gulf war (turning the encryption off rather than distributing secure receivers to troops) indicates that the satelites cannot be re-keyed.
I imagine that many of the secret keys are hardcoded into the programs, thus mudding the line between the two. Is a program partially evaluated over a key secure or obscure or both?
Hopefully there is significant redundant security in the system. You know that the NSA aint that stupid. They realise that obscurity != security, but they DO know that obscurity AND security is better than either of the alternatives alone.
Hopefully the cipher codes remain secret, while the algorithms and protocols have been exposed.
Damn that's funny.
I'm an American who worked for a month in Sweden in January. Believe me, I would find it impossible to confuse Sweden and Switzerland.
Switzerland is the country where my frozen nuts are currently NOT located in.
If tits were wings it'd be flying around.
...the systems people were told by their bosses, "don't worry, what do we have that anyone would be interested in stealing?" like all the rest of us have heard? :)
--
Remove the rocks to send email
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
The article clearly says "Source Code" not "access codes". All this means is the military (and Exigent) will getting their first lesson is Systems Security 101: Obscurity != Security.
cat