Security Laboratory: Methods of Attack Series
These papers introduce you to the most common attack methods against computer systems and networks and the basic strategies used to mitigate those threats.
Other Related Articles in Security Laboratory: Methods of Attack Series
Are Satellites Vulnerable to Hackers?
May 15th, 2007
By Stephen Northcutt, Google+
Strictly speaking, having someone attack your satellite would fall under denial of service for most such attacks; however, it could be so damaging that we want to focus on these particular attacks in this paper.
Ministry of Defence Satellite
In 1999, the Telegraph carried the following story, "A group of computer hackers suspected of seizing control of a British military communications satellite using a home computer, triggering a "frenetic" security alert, has been traced to the south of England.
A security source said that, up to a month ago, the hackers found a "cute way" into the control system for one of the Ministry of Defence's Skynet satellites and "changed the characteristics of channels used to convey military communications, satellite television and telephone calls". We were unable to find an additional source for this story, so it may not be valid, but this UK Government document does explain more about the UK space network.
The MoD story certainly gets your attention. However, the question a wise security manager asks is, can it be done, outside of a James Bond or Mission Impossible scenario? Is it possible to hack a satellite? If you mean use the satellite for your own signals, the answer is most certainly, yes. "Simply put, satellites are relay stations suspended 36,000 km (22,000 miles) up above the equator. At this altitude, satellites appear to be fixed in relation to earth, therefore the name geostationary satellites." They use their fuel to maintain their position and so fuel is the primary determinant in the lifespan of a satellite.
"Here's how it is possible to ride over a satellite with an unauthorized uplink:
- An uplink earth station transmits the desired signal to satellite.
- The satellite receives and processes the incoming signal by changing the frequency and amplifying it.
- The satellite transmits the signal back to earth, typically covering large geographical areas.
- Earth station(s) on earth receive the signal."
A communications satellite is simply a radio repeater. Most have 12 or 24 different "transponders" that use a certain frequency block. For C band, the earth station uplink operates in the 6 Ghz range. The satellite receives the signal, changes it to a 4 Ghz frequency, and sends it back to earth. Most satellites don't care what is modulated on the carrier. They just translate it and send it back out. (They could be designed to require security on the carrier for the satellite to repeat it, but I don't think many have been built with that. Most of the interest has been in encoding the video/audio/data itself to prevent unauthorized far-end decoding.)
Each transponder has a certain amount of bandwidth and power. Either one is the limit that can't be exceeded. In the early days, one entire transponder was used for one analog TV signal. Although, even then, Alaska used a bit of left over space to put up pubic radio audio-only signals.
Today, with most video and MPEG of one flavor or another you can get good quality using only part of a transponder, so you can have multiple signals--either multiplexed together onto one carrier (most efficient), or coming up on separate carriers. In that case, the center frequency of each carrier and its power level is chosen so as to not exceed available bandwidth and power for a transponder. (You also have to worry about intermodulation between carriers creating interfering carriers that also use up power.) The National Telecommunications University was one of the first to use multiple digitally encoded video signals on different carriers all on one transponder. When they first tried it, they had the carriers all nicely spaced out--and it didn't work.
If a transponder isn't "full" and has unused bandwidth and power, a person could easily identify an "empty" place on the transponder using a spectrum analyzer hooked up to a satellite receive dish. You can buy software to turn a computer into a spectrum analyzer for a few hundred dollars.
Figure out how much power and bandwidth you can use without messing up anyone else's signal and use most any satellite uplink (check eBay) to create the carrier. What kind of encoding you use really just determines what kind of receivers your end users need. (Again, check eBay for complete systems, including receivers, to send out.)
Like any good Trojan or Zombie, the key is to not be noticed. If you aren't messing up anyone else's feed, and aren't putting a big extra drain on the satellite, chances are no one is going to notice right away. Even when they do, finding your uplink can be difficult."
An attacker could create a denial of service condition where two or more carriers are on the same frequency at the same time. The carriers may be from the same or different uplinks. The audible effect of double illumination can range from almost no audible change to complete impairment depending on carrier power and other factors. Double illumination is the main reason for the ID legal uplinks have. Someone accidentally turns on an uplink into the wrong satellite space, often when tuning or moving a dish, wiping out other services. But if has been a significant impact accidentally, it could certainly be used on purpose.
Tamil Rebels Hijack US Satellite Signal 2007
In 2007, this discussion moved from theoretical to reality. Rebel independence fighters in Sri Lanka have been pirating the services of a US satellite to send radio and television broadcasts to other countries. In 1997, the US government identified this particular group, the Liberation Tigers of Tamil Eelam, or LTTE, as a terrorist organization. The satellite belongs to Intelstat, a US company. Intelstat officials have been meeting with technical experts and Sri Lanka's Ambassador to the US to discuss measures the company it is taking to prevent the satellite's unauthorized use. The rebels maintain they are not accessing the satellite illegally.[8,9,10]
The worst case, attacking the satellite itself
In, January 2007, the New York Times carried this story:
However, to attack a satellite probably does not require nation state space capability. Due to cost saving measures, the command & control channel to the satellite is unencrypted. The security is little more than a password. To hack such a system would require sophisticated & proprietary equipment, although with today's Digital Signal Processing systems it is becoming trivial. But, by the time it was noticed that a bird was put into a spin of death, the fuel is shot, there is very little fuel (and fuel is the primary limitation on the life span of a satellite), and there's a $75 million dollar paperweight spinning in space.
The bottom line
If your organization depends on satellite communications, it would be wise to start thinking about alternatives.
5. See Reference 4 above
6. email Tom McGrane to Stephen Northcutt, 4/18/2007
12. email Luke McConoughey to Stephen Northcutt 4/17/2007