Slashdot Mirror
Code for Running GPS Satellites Stolen
twivel was one of many to send this in: "According to this article a hacker has obtained top secret space codes that could yield access to guiding ships, rockets and satellites. Why launch your own spy satellite when you can just borrow ours?" The funny thing is that the code was stolen only a couple of days after it was deployed.
The wording of the headline is a little deceptive... if you read carefully, you will see that it was actually the source code that was stolen, not "secret codes" for accessing the system. Of course, the source code might give someone some insight into how the system works which may allow them to hack in, but it's not like someone has stolen the launch codes for the Army's fleet of ICBM's...
This sig is umop apisdn.
So they got the source code for guiding the systems. If the system is properly engineered, it shouldn't matter if you know how to guide it, you still need access to the system. If the system is poorly engineered, I'm going to buy some pillows like that TV guy in Willabong Australia or wherever.
Actually, you are talking about two different things. Selective Availability, the degredation of the general-use signal, was turned off last January. However, you seem to have confused SA with the different codes available.
There are two (three, actually) codes transmitted by the GPS satellites. The C/A-code (coarse/acquisition) is the "general use" code, available to all, and (formerly) subject to SA. The P-code (precision code) is the "military" code; it requires special receivers, and you have to have a DoD license to get said receivers. The third code is the Y-code, and is used in conjunction with the P-code, and is not relevant for this discussion.
There is no way to get to the P-code from the C/A-code; the P-code is approximately 1 millisecond in length (1,024 bits, transmitted at 1.023 MHz); the P-code is a week long, even transmitted at ten times the rate (10.23 MHz).
The C/A- and P-codes are not "encrypted" in the classical sense of the word, they are just signal formats. (The P-code is encrypted to form the Y-code, but that's another matter.) SA does not perform any "encryption" on the C/A-code, it blurs the timing slightly between satellites, so your receiver doesn't know the precise length of time the signal took to arrive from the satellite. This causes the receiver to have a certain amount of ambiguity, and degrades the accuracy of the signal.
For more information on the system, check out the Naval Observatory's site on GPS.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
This provides even more support for the government moving to open source. If an open source model was adopted for this type of project then the system would have sufficient security that examination of the source ideally would not be an issue of national security. Who knows what backdoors the hacker has uncovered?
---
Cool! Now maybe we will start seeing shirts with the GPS source on them.
For those that don't know, SA is a set of two different time signals broadcast by the satelites. The military time signal is pure, but the civilian one had some noise injected into it to degrade the accuracy. Now that the signal degradation is no longer being done, your commercial receiver is just as accurate as the military versions.
Khadaffi | Saddam | Osama Bin Laden | Joe Militia just needs a unit from Garmin | Magellan | Trimble, and they can pick off anything in range. This has been the case for quite a while, as even with SA in use, the accuracy was about 100 FT. A good large bomb/missile has a blast radius larger than that.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
Actually, they turned off the encryption during the gulf war due to the lack of military grade gps receivers. Many troops were using standard commercial off the shelf receivers that could not decrypt anything no matter what they key was.
As for the ability to rekey, if the NSA is involved, there is always a way to rekey in the event of the disclosure of the key (they also have rather strict policies for the lenght of time that a key can be in use. The best thing is that the keys are typically distributed on paper tape because it is so easy to destroy).
What I really want to know is who attached a 'top secret' system to the internet (or any other non classified system). Having worked in that industry before, doing so was a very quick way to getting not only fired but thrown in jail.
"Selective Availability" - the US government's policy of degrading the GPS signal available to commercial and civilian receiver operators was ended last year.
Selective regional or local denial of GPS signals (through the equivalent of jamming) is possible, howvever.
Just some hopefully useful background information.
D
ELITISM: It's always lonely at the top. Uninvited company is rarely welcome.
Since when are 'computer experts' policemen?
Actually, it would be the other way around. Police men can be computer experts. However, what I've read in the local news is that police hired five computer consultants to help them in the raid
Did they have a warrant?
The police had one, yes.
The mystery here is.. why the raid? Obviously they must have figured someone at the company being an accomplice in the crime, or they would simply had asked for access. Of course now they know they look stupid for raiding the place (which is not commonplace over here), and so they're doing damage control in the media by saying how pleased they were with the company being open and helpful during and after the raid.
Apparantly the company, whose name I forgot, runs a webhotel-ish service, and the alleged criminal simply used them for free space. That got them raided.
So yes, it's fishy. Local police probably relied heavily on information only coming from the FBI. Bleeech.
Belief is the currency of delusion.
--Later, friends--
--Later, friends--
Frogisis, Master of
Accordiing to the article: Computer experts raided the offices of an information technology company in Stockholm last month and found a copy of the source codes for the software program OS/COMET Since when are 'computer experts' policemen? Did they have a warrant? This reminds me of Jon Johansen's statement wondering about why the police in his country arrested him for a 'crime' theoretically committed in the U.S..
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
I can see it now. 10 thousand slightly confused 40-something yuppies all the sudden completely unable to get anywhere because they've learned to rely on their fancy On Star GPS in their DeVilles. Break out the map and compass.
I don't have an anger problem, I have an idiot problem
The noise perturbation function was turned off (set to introduce an error of zero) about a year ago. This feature of the system is called 'Selective Availability'. This can still be adjusted for military purposes, even on a regional basis, but SA is a dying feature.
Too many of our (western) armed forces rely on non-milspec GPS units. If the milspec receivers are in short supply, Magellan and Garmin civilian units are often used in the field instead.
The error introduced is variable, but still smaller than the inherent error in a non-modern missile system such as Iraqi/Russian SCUD. More modern weapons would hit a target by video or uv laser seeking reckoning, not by onboard GPS receipt.
Civilian uses for SA=0 are the official reason it was shut off. An ambulance called to a location given by an OnStar GPS would potentially know which side of the road it's talking about; important where a highway has long tall medians. Also, civil pilots rely on GPS heavily for lesser-mapped airstrips.
[
Check Freshmeat II for any suspicious copies of Missile Commander. :)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The American GPS system is used by both the military and civilians. Up until a few years ago, the civilian users only had access to signals degraded by "Selective Availability," and were only good to +/- 300 meters or so.
Of late, SA has been turned off, and now both civilian and military users have the high-accuracy signal. This was in part due to the FAA's efforts to "undo" SA though their WAAS, Wide Area Augmentation System. WAAS stations near major airports would provide additional resolution to SA-crippled GPS so that precision approaches based on GPS could be created. Currently GPS approaches are non-precision (lateral guidance only, no altitude guidance), and usually are overlays of existing VOR or NDB approaches.
All your GPS are....ahh never mind.
---
There seems to be a bit of confusion about this.
I know GPS was encrypted with a perturbation signal, which if you could decrypt it allowed you to determine your position more precisely. Now that they've turned off those codes, that is no longer the case.
There was one perturbation code for all the GPS satelites; the behavior shown during the gulf war (turning the encryption off rather than distributing secure receivers to troops) indicates that the satelites cannot be re-keyed.
I imagine that many of the secret keys are hardcoded into the programs, thus mudding the line between the two. Is a program partially evaluated over a key secure or obscure or both?
Hopefully there is significant redundant security in the system. You know that the NSA aint that stupid. They realise that obscurity != security, but they DO know that obscurity AND security is better than either of the alternatives alone.
Hopefully the cipher codes remain secret, while the algorithms and protocols have been exposed.
The article clearly says "Source Code" not "access codes". All this means is the military (and Exigent) will getting their first lesson is Systems Security 101: Obscurity != Security.
cat