Although most people have never seen one up close, and even fewer have spoken to one, satellites are a big part of hacker folklore. In 1986, Captain Midnight exploited HBO's satellite network to propagate his famous "Good Evening" message about the evils of encrypted television programming. Despite HBO's investment in encryption for enforcing its fee structure, the satellites could not tell the difference between a legitimate signal and an impostor's.
More than 16 years later, the number of satellites in space has ballooned from a few hundred to well over two thousand. Yet, according to a new report from the General Accounting Office issued on Thursday, little has changed about their security since the days of Captain Midnight. Despite the U.S. spending millions to defend satellites from its own high-powered laser weapons, many of these computers in orbit still obey commands without authenticating their source.
This kind of non-security was once commonplace on networks all over the world, providing the global hackers' playground which fostered some of today's computer luminaries. Over the years we have seen the decline of this phenomenon, falling off even more sharply in recent times with the proliferation of "script kiddies" and government panic-mongering. Yet, according to the report, Commercial Satellite Security Should Be More Fully Addressed, many satellite systems are still designed for "open access." The report finds that "not all commercial providersí tracking and control uplinks are encrypted," attributing this realization to the National Security Agency (NSA).
Is it possible that one of the great 20th Century playgrounds for hackers still exists in the blackness of space? While military men work on the ground to erect concrete barricades and run fiber optic cables through pressurized steel conduits, does an "open access" network spiral just beyond our atmosphere? Just waiting for arbitrary commands sent with an anonymous beam of energy?
Sadly, if this is the case, it is not so benign as it would have been twenty or even ten years ago. The stakes have risen and the GAO report warns of critical satellites crashing out of control, rendering inoperable some systems we have come to depend upon in this age of information. And while such vulnerable systems in the 1980's were the result of more innocent oversights, Thursday's report points to corporate negligence as a major factor. Not one satellite operator has complied, the GAO found, with a 2001 regulation mandating encryption when a satellite handles national security information.
In June, John Locker, a respected satellite hacker in the UK, went public with his discovery that live video from U.S. surveillance drones was available to anyone with the right satellite dish. While the government downplayed the significance of Locker's findings, the bigger picture of satellite security is now painfully apparent. And as the problems in the GAO report are slowly corrected, so may finally close an innocent first chapter in hacker history.