Malicious actors of unknown origin seized control of a NASA earth-observation satellite twice in 2008, says a an annual report from the U.S.-China Economic and Security Review Commission.

The report, released Nov. 16 says on June 20, 2008 and again on Oct. 22, 2008, an outside party "achieved all steps to command" the Terra EOS AM-1 orbiter, but did not issue any commands.

Commissioners also say that the communications with Landsat-7, an earth observation satellite managed by NASA and the U.S. Geological Survey, experienced interference on Oct. 20, 2007 and July 23, 2008. At least in the latter cases the intruder did not gain command of the satellite, the report says.

The report says intruders were able to gain access to the satellite systems because they interfaced with commercially-operated ground stations outside the United States that used the public Internet for data access and file transfers.

Although the commission lacks evidence of where the attacks originated, "the techniques appear consistent with authoritative Chinese military writings."

The report also notes that the Chinese government asserted a great level of control over its domestic Internet in 2011. Virtual private networks used to circumvent censorship tolls (known as the Great Firewall of China) were disrupted several times throughout 2011, it says.

The Chinese Academy of Social Sciences also announced in July that the government shutdown 1.3 million websites throughout 2010. Some of those websites probably hosted malicious software as opposed to content deemed undesirable, the report notes, but the Chinese government "did not make available figures with that level of specificity."  

For more:
- download the 2011 report to congress of the U.S.-China Economic and Security Review Commission (.pdf)
- download prepared remarks of the commission's chairman, William Reinsch, on release of the report (.pdf)

Related Articles:
Chinese phishers attacking Chinese targets, says Anti-Phishing Working Group 
'Nitro' hackers target chemical and defense companies, says Symantec 
Lewis: Common assumptions about cybersecurity policy are wrong