Schneier on Security

So, the problem is repeaters in geosynch orbit that do no authentication and rely on obscurity to not be touched?

Outstanding!

One hopes that permitted users' traffic is not in the clear.

Two questions:

1) Another article I read says that the Brazilian government is fighting this. Why are THEIR tax dollars going to fight something stupid MY tax dollars are funding?

2) Why ARE my tax dollars funding something so stupid?

When I think of all the times I was in a mudhole someplace trying to connect to a satellite and not able to because the satellite sysop didn't like the looks of my signal and these guys are just switching on and blabbing away?!? Amazing.

As far as why Brazil is fighting it, there are international treaties establishing what service is allowed to use what spectrum for which purpose and its in Brazil's interest to make sure people in their country obey their frequency allocations.

The first time I heard about this was in the early nineties in a german satellite magazine. They had a series of articles about do it yourself spying using satellite and radio technologies. They had two articles about this usage. The first were italian immigrants in Argentina that used it as a cheap telephone connection to talk to their relatives in Italy. The second was about a criminal gang that used it to coordinate buying money counterfeit equipment.

This magazine had some other interesting stories involving the US military and satellites.

I've been hearing rumors for some time that a comsat was put into sleep mode by gov't hackers for the PRC as a proof of concept. The rumor was provided by a former special assistant to the president and verified by a former cia DO case officer.

I haven't been able to find an event that corresponds to what they describe...but I assign a tentative truth value to what they say.

This doesn't even seem to be hacking! The satellite just seems to be acting as a simple-minded, analogue open relay...

Heiko:
Do you recall the name of the magazine, or the approximate date?

So the details are these sats are nothing but dumb repeaters. And this is not new. So military traffic is encrypted point to point --not link to link, there are a lot of reasons for doing this way.

Also some people have been doing this for a while. Whats changed is the cost and size of the equipment and hence the number of people doing it. these sats are a long way up so its only "easy" with the newer equipment.

I wonder if they utilized IPv8 to pull this off?

www.infiltrated.net/rfc246810.txt (IPv8 RFC)

Whoever managed to wangle naming the satellites 'UFO' has a distinctly non-military sense of humour.

What bugs me is not that these satellites are obviously stupid in a 21st-century context. Any savvy internet user knows that an open service with no authentication is going to get abused.

What bugs me is that these satellites are obviously stupid in the Cold War context in which they were designed. If I went to the US Congress, circa 1975, and said that I wanted to build an open satellite repeater link, and oh by the way I was building a satellite repeater link for the Russkies to use too, they'd laugh me out of the committee room.

@jason "they'd laugh me out of the committee room"

That's why they weren't told all the "confusing technobable details".

@Eric Schmiedl:

I think the magazine was "Tele Satellit" and the articles were named "Spionage selbstgemacht".

Folks, you need to know a little bit about this sort of thing to understand the whys and wherefors of how they came to be.

Oh and realise that pirating "skirt bandwidth" is activly in progress today even with relativly modern sat systems.

First off most if not all transponders are going to allow this to happen in one way or another.

Effectivly all a transponder is is an antenna, a filter an optional band shifter, a high dynamic range linear amplifier with 40-80dB of gain and upto 100dB of automatic gain control, another filter and another antenna.

At no point did the signal get actually recieved and re transmited in the conventional sense (ie converted to the base band signal and up again).

There are a lot of similar systems used as "television relay" systems in out of the way places like sparsly populated areas on the other side of hills and mountains.

There are several reasons why these systems are as they are.

Firstly in the design of space systems reliability is very important, as is low weight and low power consumption.

This usually gives rise to extreamly conservative designs with tried and time proven (read old fashioned by launch time) electronics, which is why NASA buys up old ceramic "mil spec" 486 etc components.

Further back in the "good old analog (analogue for us Brits) electronics days" the transponders lack of parts both active and passive and the fact that they required no "re-cal", and therefor had better MTBF figures was highly desirable.

Also they where a known tried and tested technology used a lot in terestrial telecomunications (think multi channel phone links by frequency division multiplexing).

As some will know "availability" is expressed in terms of both MTBF and MTTR.

As MTTR figures for sats is usually considered to be close to infinite ;) the only way to improve availability is by upping MTBF.

The three usuall ways are use only high MTBF parts, use as few parts as possible and operating systems in parallel (ie MTBF goes up as root N of parallel paths).

As both power and weight are significant issues with launch costs and reliability. A lack of parts and parallel systems are highly attractive options to space systems designers of old.

Oh and remember the NSA docs that where released recently where they mentioned long cycle Crypto generators for space systems weighing in at +50lbs and you start to understand why these systems are as they are.

Further and importantly is the 100dB of AGC range, this ensures that the strongest signal(s) always get through the transponder and that it is actually difficult to jam especially when spread spectrum signals are involved.

Some of the sat systems actually had a rudimentry protection system that works extreamly well in that the oscillator used for band shifting was modulated by a non linear long sequence PRBS generator (ie that NSA Crypto generator). Look up JPL ranging codes and Gold generators to see how the linear versions work. Essentialy if you have another identical generator in your transmitter and you shift it's sequence in time to coincide with the one in the transponder then you can use it. The anti jaming margin can give you another 40-100dB of protection over that of the AGC...

However in the past ten years or so the reliability and availability of high dynamic range analog to digital converters with very high conversion rates have changed the equation a lot.

Not just for baseband processing but for high frequency RF processing as well. Have a google around for "channel bank receivers" and "software defined radio" to see the way of the future.

Sats of the future will not be as suceptable to pirating but there will always be those that know or can find out enough to make it possible (think the students that worked out the spreading codes for the European GPS test system just from monitoring the sat output).

@ Joe the Plumber,

"http://www.infiltrated.net/rfc246810.txt"

This is the latest upgrade to the "Hay Pril / Foo Lin" inspired protocol and just does not "cut the mustard" in the same way the avian version did ;)

It's worth learning a little about Gold codes and sliding correlators for many reasons, including CDMA mobile phones and GPS.

Most of what Tele-Satellite's article was about was the interception of Inmarsat-A telephone and fax calls. It's a fascinating story in that the author set up a DTMF (touch tone) decoder and looked for numbers to or from Iraq.

He seems to have documented several attempts by the previous government of that country to purchase embargoed or restricted technology through industrial and academic intermediaries. Naughty.

Oh, and it's really not all that hard to do if you're curious, though in the U.S. it's not legal to discuss what you hear that way.

If they'd just used low bitrate/power cdma all this coms would have never been detected.

Oh wait...

Amazing story, it is incredible that times.
Please dont tell me tomorrow, AES or worse TWOFISH are cracked, I will commit suicide. Just take this times with fun.LOL
Jose

Why you remove my posts, are you censurating me????????

jose

Jose, that's the second time you've shown up here complaining that your comments were being removed when, in fact, they weren't. I'm not sure if you are trolling or just confused. But I am going to start removing your comments if you can't manage to be on-topic, constructive, and coherent.

Sounds a little simplistic and urban myth like. dumb repeater? Uplink and downlink are different on even commercial sats. It looks like cyber security types are paranoid and chasing boogie men out of every closet. The power grid is in bigger danger of being jacked.