Slashdot Mirror

← Back to Stories (view on slashdot.org)

South Pole Research Station Hacked Twice

Posted by ryuzaki0 on from the doors-wide-open dept.

Marda writes "It's been known for a while that Romainian cyber extortionists cracked the computer network at the Amundsen-Scott South Pole Station last year. Now SecurityFocus is reporting that another computer intruder penetrated the station just two months before, and cracked the data acquisition system for the Degree Angular Scale Interferometer (DASI), a radiotelescope that measures properties of the cosmic microwave background. It turns out the station was insecure 'purposely, to allow for our scientists at this remotest of locations to exchange data under difficult circumstances,' according to internal reports."

17 of 292 comments (clear)

  1. Re:??????WTF?????? by xedx · · Score: 3, Informative

    fyi then. you can do ssh(server client) and vpn on Windows(TM)

  2. Re:So uh... by Anonymous Coward · · Score: 1, Informative

    What unclaimed land?

  3. Eric S. Raymond Vocabulary Enforcement by duffbeer703 · · Score: 2, Informative

    Hackers are harmless dorks. Crackers are the evil ones. Learn the difference

    http://catb.org/~esr/jargon/

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  4. On purpose for a reason... by Q-Hack! · · Score: 5, Informative

    The main reason for running unsecure, is that the data pipe running to the South Pole is only open for just a few seconds at a time. You have to be able to transfer your data packet in little bitty windows of opportunity. If you have your data packaged in nice large security packets it will take forever to transfer your files, if at all. As soon as they come up with a better way to communicate with those stations I think they will be the first to secure there data.

    --
    Some days I get the sinking feeling Orwell was an optimist.
    1. Re:On purpose for a reason... by Phil+Karn · · Score: 4, Informative
      It is not possible to put a geostationary satellite over a pole. To be stationary, a satellite must be in a circular orbit over the equator with a period that exactly matches the earth's sidereal rotation rate. Such satellites are not visible at all from the poles.

      It is possible, however, to use inclined orbits to provide good coverage at high latitudes, including the poles. You'll need multiple satellites to provide continuous coverage, though. It's my understanding that the South Pole links use retired geostationary satellites that have run out of stationkeeping propellant. Without stationkeeping, solar and lunar perturbations increase the orbital inclination, the angle between the orbital plane and the equator, which is nominally zero for a geostationary satellite. This causes the satellite to move in a north-south figure-8 pattern, making it visible for part of each day at each pole.

      Two good examples of satellites in orbits specifically designed to provide good high latitude coverage are the Russian Molniya series and the new Sirius digital radio broadcasting satellites. (Sirius' competitor XM Radio uses conventional geostationary satellite orbits.)

      Both Molniya and Sirius use elliptical orbits with inclinations of about 63 degrees. At this inclination, the effect of the earth's oblateness on the orbital argument of perigee is canceled out. That means the apogee (farthest point from the earth) will always occur at the same latitude, which in these two cases is selected to be the northernmost point of the orbit (since northern latitudes are being served). The result is a satellite that, while not stationary, spends much of each orbit nearly motionless at high latitude.

      The Molniya and Sirius orbits differ in that the Molniya orbits have fairly low perigees and orbital periods of about 12 hours. The Sirius satellites are in geosynchronous (but not geostationary) orbits, meaning that even though they do not sit motionless over the equator, they still complete exactly one orbit per sidereal earth day.

      The Russians use these orbits because their country sits at high latitudes. Sirius uses their orbits to increase the elevation at which their satellites appear over the northern US and southern Canada, minimizing blockage by buildings and reducing the number of terrestrial repeaters needed in urban areas.

      A Sirius orbit can be seen here and a Molniya orbit can be seen here.

  5. Re:So uh... by cranos · · Score: 3, Informative

    Hate to break it to you but, Antartica has been split between half a dozen nations for a long time now, Australia in fact claims the largest chunk.

  6. Re:??????WTF?????? by arivanov · · Score: 4, Informative

    You have not dealt with academentia from a system managements perspective I guess. If you had you would have heard the phrase: "I am a professor and you are not even a PhD, you will not tell me what to do".

    In btw, I am speaking out of experience here.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  7. Re:Very usefull data by WindBourne · · Score: 2, Informative
    1. the main system that was cracked was life support. Not a good thing.
    2. Not everything is what it appears to be. Much of the DOD work is done out in the open under "civilian" contracts ( think DARPA). Also, think about Iraq and the WMD search and why did the admin insist that the universities be searched first, prior to even going after any Iraqi government installation.
    --
    I prefer the "u" in honour as it seems to be missing these days.
  8. Here's a view from the pole by Raetsel · · Score: 5, Informative

    I just found Big Dead Place a couple days ago, and read their account of one of these 'hacker attacks' and Raytheon Polar Services' (RPSC) reaction to it.

    Short version: Everyone at the pole was pissed. Denver (RPSC headquarters) took away their porn^H^H^H^Hnet access, and thus made a bunch of already deprived individuals even more deprived.

    There's a ~500 K newsletter-spoof PDF on the site that expresses some of their feelings.

    • "Kudos to the Denver IT staff for quickly responding to a hacker attack on South Pole Station. The attack occurred Friday night Denver time and our crack professional team denied the attacker access by immediately pulling the plug on Pole. They got back to dealing with the aftermath of this knee jerk response sometime Wednesday shortly after the last chocolate sprinkle donut had been eaten but shortly before nap time."
    There's also: Top Ten Reasons South Pole Can't Access the Internet

    Some other interesting things on the site:

    • Raytheon says Antarctica is a 'foreign nation' for purposes of the Fair Labor Standards Act (overtime) and OSHA (asbestos exposure, etc.)

    • However... the IRS considers wages earned while working there the same as if they'd been earned inside the US.

    • Some people working there question whether or not the US Constitution applies (specifically the First Ammendment)

    • The whole bit about the Symmes Antarctic Intelligencer

    • Frontierwatch is a terrifically Dilbert-esque look into the day-to-day goings-on at the Pole.
    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
  9. The real link... by Unnngh! · · Score: 3, Informative

    ...is, of course, here.

  10. Security is against scientific spirit! by Reservoir+Penguin · · Score: 3, Informative


    Remember, RMS was against introducing passwords into the MIT AI lab, and when they eventually did it he sabotaged the system buy coercing users to choose a blank password. He even brags about it in the Revolution OS documentary.

    --
    US-UK-Israel: The real Axis of Evil
  11. Re:burn karma burn! by noselasd · · Score: 2, Informative

    Get it right next time;
    "all your base are belong to us".
    See here for the origin of that phrase.

  12. Re:You gotta wonder... by dave420 · · Score: 4, Informative
    Low bandwidth is no excuse, but intermittent bandwidth is. If the link is only open for a very brief period of time, you could very well waste all that time establishing an SSH connection or VPN. By the time you came to securely download your data, the link is already closed and won't be back up for ages.

    It's unsecured through necessity, not through choice.

  13. Re:Put it in perspective... by jcasey · · Score: 3, Informative

    "Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted, we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole,"

    We need to take three big steps back and look at the forrest as a whole. Systems are frequently compromised for indirect gains. Ie. A compromised system can be used as a "diving board" - to access other systems that the attacker may not otherwise have access to. This exposes the organization that owns the system to additional "RISK". If an attacker compromises your system, and uses it to launch a damaging attack against another system, the finger will point at YOU until you or someone else can prove that your system was just a pawn. IANAL but I would imagine that the owner of the compromised system could be subject to legal action for neglecting to secure their system in the first place.

    --
    X
  14. RTFA. by Anonymous Coward · · Score: 4, Informative

    RTFA. The life support systems weren't controlled by the hacked system. That was added by the US department of propaganda to make the threat of cyber-terrorism sound scarier.

  15. bad summary of the article by kirkjobsluder · · Score: 2, Informative
    Why link to a great article on the web if you are not going to provide an accurate summary?

    The point of the securityfocus.com article was not "South Pole Research Station Hacked Twice", but that the US DoJ has used this as a spin campaign to justify the cyberterrorism provisions of the patriot act.

    "The hacked computer ... controlled the life support systems for the South Pole Station that housed 50 scientists 'wintering over' during the South Pole's most dangerous season," reads the Justice Department report. "Due in part to the quick response allowed by [the USA Patriot Act], FBI agents were able to close the case quickly with the suspects' arrest before any harm was done to the South Pole Research Station."


    However, the FBI and DoJ's version of events is contradicted by the NSF internal assessment of the attack...

    And as described in the memo, released as a partially-redacted draft, the incident was something less than a cyber terror attack to begin with, and prompted a measured response from network administrators. "Given the fact that no financial records or systems were compromised, no safety or loss of life was threatened, and no critical system corrupted, we need to balance legitimate security needs with the legitimate needs of our scientists at the Pole," the memo reads.


    The previous security problems at the South Pole appears in the second to last paragraph as support for the claim that the attack was not threatening to life support at Amudsen-Scott.
  16. Hacked or Cracked? by runswithd6s · · Score: 3, Informative

    You know. I'm disappointed that /. would get this wrong. Although the content of this topic has it right, why would you then title it with "hacked" instead of "cracked"? Of all places, /. should be setting the bar by using correct terminology.

    --
    assert(expired(knowledge)); /* core dump */