The question a wise security manager asks is, can it be done, outside of a James Bond or Mission Impossible scenario? Is it possible to hack a satellite? If you mean use the satellite for your own signals, the answer is most certainly, yes. “Simply put, satellites are relay stations suspended 36,000 km (22,000 miles) up above the equator. At this altitude, satellites appear to be fixed in relation to earth, therefore the name geostationary satellites.” They use their fuel to maintain their position and so fuel is the primary determinant in the lifespan of a satellite.

“Here’s how it is possible to ride over a satellite with an unauthorised uplink:

  • An uplink earth station transmits the desired signal to satellite.
  • The satellite receives and processes the incoming signal by changing the frequency and amplifying it.
  • The satellite transmits the signal back to earth, typically covering large geographical areas.
  • Earth station(s) on earth receive the signal.”

Most satellite links are unencrypted and can be intercepted by anyone within a radius of more than 600 miles. That means a connection between someone located in, say, a remote location in Africa and a satellite-based ISP can be monitored or even hijacked by an attacker.

Satellite Hacking: Star Wars Could be a Reality in the Near Future

COULD HACKING OF SATELLITES BRING WORLD CLOSER TO A STAR-WARS TYPE NIGHTMARE? IT MAY SOUND A BIT FILMY AND UNREAL BUT IT IS DEFINITELY POSSIBLE.

Until now we had believed that star wars could not happen in real life.. it was something that only occurred in galaxies far far away but not in our world. But in a startling new report released by a London-based research entity Chatham House, it has been revealed that it could be possible in the near future.

According to Chatham House’s report [PDF], catastrophic attacks might occur if individual hackers, rogue states, threat actors, and even terrorists try to exploit satellites. In order to avoid this, a radical review of the state of cyber-security in space needs to be conducted. The reason is that currently there are various ambiguities surrounding the vulnerabilities of satellites as well as other assets in space. The report states:

However, to attack a satellite probably does not require nation state space capability. Due to cost saving measures, the command & control channel to the satellite is unencrypted. The security is little more than a password. To hack such a system would require sophisticated & proprietary equipment, although with today’s Digital Signal Processing systems it is becoming trivial. But, by the time it was noticed that a bird was put into a spin of death, the fuel is shot, there is very little fuel (and fuel is the primary limitation on the life span of a satellite), and there’s a $75 million dollar paperweight spinning in space.

The bottom line
If your organization depends on satellite communications, it would be wise to start thinking about alternatives.

===
1. http://www.sans.edu/resources/securitylab/denial_of_service.php
2. http://www.telegraph.co.uk/connected/main.jhtml?xml=/connected/1999/03/04/ecnhack04.xml
3. http://www.parliament.uk/documents/upload/postpn273.pdf
4. http://www.panamsat.com/global_network/education.asp
5. http://www.sans.edu/research/security-laboratory/article/satellite-dos#otherlinks
6. email Tom McGrane to Stephen Northcutt, 4/18/2007
7. http://www.prss.org/resources/print_glossary.cfm
8. http://australianit.news.com.au/articles/0,7204,21549846%5E15322%5E%5Enbv%5E,00.html
9. http://www.radioaustralia.net.au/news/stories/s1897037.htm
10. http://www.dailynews.lk/2007/04/13/news01.asp
11. http://www.nytimes.com/2007/01/19/world/asia/19china.html?ex=1326862800&en=74a017e997a72c53&ei=5088&partner=rssnyt&emc=rss.
12. email Luke McConoughey to Stephen Northcutt 4/17/2007

MUST READ


How the Turla operators hijack satellite Internet links: Read
Satellite Turla:
APT Command and Control in the Sky


How highly advanced hackers (ab)used satellites to stay under the radar

One of the world’s most advanced espionage groups has already been caught unleashing an extremely stealthy trojan for Linux systems that for years siphoned sensitive data from governments and pharmaceutical companies around the world. Now researchers have discovered a highly unusual method that members of the so-called Turla group used to cover their tracks. They hijacked satellite-based Internet links to communicate with command and control servers.


The report’s co-author David Livingstone stated that: “the space industry is renowned as a forward-thinking, market-leading community and it needs to address cyber-security urgently. What we need is an international community of the willing that would be tasked with developing industry-led standards in order to develop pace and agility in response to the growing cyber-threat in space.”


“The vulnerability of satellites and other space assets to a cyberattack is often overlooked in wider discussions of cyber threats to critical national infrastructure. This is a significant failing, given society’s substantial and ever increasing reliance on satellite technologies for navigation, communications, remote sensing, monitoring and the myriad associated applications.”

It must be noted that the ground stations, satellites and space vehicles that have been sent to space are vulnerable to all kinds of cyber-attacks such as data corruption, cyber-jamming, data hijacking, cyber hijacking, cyber-spoofing and data theft. That’s why the reports urge think tanks and security researchers to identify and address space-related gaps in cyber security as well as salient weaknesses on urgent basis.

A Californian security firm CrowdStrike’s Intelligence vice president Adam Meyers informs that recently there has been an increase in activities against satellite systems especially of Israeli television stations in the Middle East. Meyers believes that such activities are actually “the hotbed of attacks.”

According to Meyers “They’re actually disrupting and hijacking these systems, not for intelligence interception per se.It’s increasingly more common to see these types of activities occurring. It’s certainly something that warrants additional scrutiny by security professionals.”

In the report, there are some suggestions for fixing vulnerabilities of satellites. As per the report, there is dire need of a global “community of the willing,” sort of a team that comprises of governments and stakeholders within the space domain as well as insurance industries. The reason for creating such a group is to devise best strategies for addressing the developing range of threats.