Forwarded from: The Unknown Security Person
Show How Easy It Is
To Get Data From the Sky
September 15, 2006
JAKARTA, Indonesia -- How safe is your satellite?
Satellites are nothing new: They've been in orbit for nearly half a
century, since the Soviets launched Sputnik 1 in 1957. The first
commercial geosynchronous satellite -- hovering in the same place above
the earth's surface and allowing transmission of telephone, television
and radio -- was launched in 1965. They keep us in touch with each
But they aren't invulnerable. A couple of Indonesian hackers -- computer
geeks who like to test other people's defenses -- have found a way into
a commercial satellite and have published some details of how they did
it. While some are skeptical about the hackers' claims, they raise some
questions because our data, whether phone conversations, Internet
traffic, flight reservations or even banking transactions, are carried
by satellites, often without encryption. The hackers' point: While
satellite communication systems have made enormous advances in
capability and performance, security hasn't kept pace, leaving current
satellite systems vulnerable.
The problem is this: A satellite is just another way to get information
from point A to B, like your telephone line, a message in a cleft stick,
or a fiber-optic cable. It's still about data moving from one point to
another, with the possibility that a bad guy may try to intercept it.
The only difference is that it's in the sky. That introduces some
problems, to companies using satellites and to hackers trying to get
into them. Until recently, the advantage lay with the former, but that
may no longer be the case.
Let me introduce the hackers: Jim Geovedi, a 28-year-old from
Jakarta-based security consultancy PT Bellua Asia Pacific; and Raditya
Iryandi, a 26-year-old hacker. On Aug. 17, they set up a satellite dish
in the garden of a house in the Java hill city of Bandung and, amid
$2,000-worth of cabling, computer screens and what looked like kitchen
scales, captured data being transmitted by a commercial satellite. A
video of what they did shows this data scrolling across a computer
screen; there's nothing sensitive in there, but there could be. They're
keen to stress they didn't do anything with the data, but they've proved
they can access it. "If someone knows the basics of setting up a network
and...a little bit about satellites and, the most important thing, (has)
the right equipment, he or she could do the same thing as I did," Mr.
Mr. Geovedi informed Indonesian law enforcement agencies before
conducting the experiment, Fetri Miftach, director for professional
services at Bellua, said. Indeed, the hackers have also held discussions
with law enforcement officials since about improving satellite security
against possible terrorist attacks. Mr. Fetri said that as far as the
company knows there is no Indonesian law that would cover hacking a
So how hard is what they did? Mr. Geovedi won't go into detail, but says
not very. They used a 3.7-meter dish, but could have used an ordinary
satellite-TV dish. (They had to use the bigger one because of a problem
with a neighbor's house blocking the signal, he explains.) A Web site
lists all the nonmilitary satellites in orbit, along with identification
numbers and frequencies. If you know which companies use which
satellites, you're already some of the way to tapping into their data
streams. This, Mr. Geovedi says, is easy in Indonesia since its
geography -- a string of islands -- makes satellites the cheapest and
most practical way for companies' branches to communicate with each
other. The last piece of the puzzle, Mr. Geovedi says, is to take
advantage of human error, where a backdoor is left open by a
misconfiguration, or a factory setting is left unchanged.
If it's this easy, why hasn't it been done before? It has, says John
Pironti, principal security consultant at Pennsylvania-based
technology-services company Unisys Corp., which has worked on security
issues for clients that use satellite communications -- but it's not "as
well publicized as (ordinary) Internet attacks because it is not as well
understood." Mr. Pironti declines to give more detail, except to say
targets have been commercial satellites rather than military. Hackers,
he says, tend to go for the easiest and cheapest way into data, and
satellites aren't at the top of that list. Mr. Geovedi would seem to
confirm that. He says he and others have known how to do this for
several years, and only decided to do it now because he felt the public
needed to know about it.
It's worth stressing that no sensitive data was found or captured.
Neither was anything loaded into the satellite's computer -- false data,
or an attempt to hijack the satellite itself and throw it off course.
But all these things are possible. Even data such as transactions from
automatic teller machines are based on the same protocols as ordinary
Internet traffic and so aren't that hard to interpret, says Mr. Geovedi.
And Mr. Pironti says that in places where landline connectivity such as
copper wire or fiber-optic cable isn't available or cost-effective,
companies and governments use satellites to communicate all sorts of
The other thing to stress is that there are a lot of old satellites up
there -- satellites have an average lifespan of between 10 and 15 years
-- and it was one of those that Mr. Geovedi was targeting. More modern
satellites are better protected, although probably not invulnerable. The
problem, Mr. Pironti says, is twofold. First, it's expensive to send
technicians into orbit to upgrade the hardware, meaning that we'll be
relying on some elderly tin cans for a few years to come. Secondly,
sending data via satellite is more expensive than sending it via land,
so those doing the sending are keen to keep costs low. This means
sending the smallest amount of data they can, leaving off any encryption
that swells the size of what they transmit.
David Kennedy, a senior consultant at Ohio-based technology security
consultants SecureState, says that while in theory all data being
transmitted by satellite are vulnerable, he would be shocked if
sensitive data such as ATM traffic weren't fully encrypted and hard for
hackers to get into. Says Wicak Soegijoko, Singapore-based commercial
head for data services at Asian mobile phone satellite operator ACeS
International: "It's possible, just, that most satellites are protected
against" the kind of attack the Indonesian hackers showed.
That said, we should be concerned. This kind of attack may not be new,
or particularly sophisticated, but it does undermine the conventional
wisdom that hacking into a satellite is something only the big boys,
with lots of money, equipment and power, can do. As satellite use grows,
as hackers get more adventurous, and as prices for the tools involved
fall, these kinds of attacks are bound to increase. "Hackers are always
looking for the easiest ways to capture information," says Mr. Pironti
of Unisys, "and as terrestrial systems become more complicated and as
encryption becomes more widely used, a motivated and capable adversary
will look to see where else can they go for that is a weak link in the
chain. The satellite is that weak link."
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/