- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypted.
- I remember reading that drug cartells in South America are using disused military communications satellites. - These satellites simply takes a signal recieved on one band and rebroadcast it on another band over a wide area, so as long as the satellite can pick up your signal you can basically talk to an entire continent at once, all while remaining anonymous. - There must be some additional steps. Otherwise those satellites would be overloaded by hooligans. - Nope, lol. These suckers are fucking ancient. There isn’t any processing, you can’t overload something that isn’t actually reading the data or using a protocol. - They still use energy, no? To relay signals on another frequency. That should come from somewhere, and also the more different signals, the more noise. And without their input frequency being regulated, there must be lots of noise. - You can do this same attack on any antenna, noise can’t be protocolled away. Repeating both signal and noise is a downside to bent-pipe setups. - Input frequencies are regulated via band-pass filters. - I’m not talking about technical things, just that IRL on regulated frequencies one can do something because people using it for bullshit are legally prosecuted. Depends on wavelength, of course. - But OK, now I think I get what you are talking about. - Oh. Yeah most bands used by satellites are also regulated. 
 
 
 
 
- Someone tell me how to join team “satellite hooligan”. - You can get a cheap SDR for a few bucks and an antenna for about the same. The rest is software and ingenuity. - Is it illegal to do this? I mean they aren’t being used anymore so no harm no foul right? - The legality is questionable, but just listening is harmless. 
 
 
 
- Well the biggest steps I’m going to assume are having a satellite dish, knowing where to point it, knowing what to send, then hope that someone is listening. Much easier for a hooligan to throw a rock at someone or find a can of spray paint 
 
- That’s fuckin rad, I love satellites! So eerie and mysterious ~ 
 
- Original pdf paper: Don’t Look Up: Sensitive internal links in the clear on GEO satellites 
- “Generally, our users choose the encryption that they apply to their communications to suit their specific application or need,” says a spokesperson for SES, the parent company of Intelsat. “For SES’s inflight customers, for example, SES provides a public Wi-Fi hot spot connection similar to the public internet available at a coffee shop or hotel. On such public networks, user traffic would be encrypted when accessing a website via HTTPS/TLS or communicating using a virtual private network.” - Can’t decide the side of the fence I am on for this. Of course the vast majority of Internet traffic across the world is unencrypted. Anyone could be on the line between me and this Lemmy instance, just as they could if there was a satellite between us. However, you’re also broadcasting it to like 25% of the globe and not even making any kind of physical infrastructure efforts. - Quest can’t entirely guarantee nobody will snoop a fiber line, but they do bury them. - vast majority of Internet traffic across the world is unencrypted. - In 2023 between 80% and 95% of web traffic was encryted. Unencrypted web traffic is getting pretty rare. - https://www.eff.org/deeplinks/2023/12/year-review-last-mile-encrypting-web - I should’ve been more clear, I didn’t mean the data, but at the protocol level it’s all open. - Same with the Internet traffic through these satellites. - You should be clear with the difference between link encryption and application encryption here 
- I mean, some parts of the protocols we use for the Internet need to be in the clear to work, DNS comes to mind. If you want that kept private as well you need to use something like tor. - But regardless, what people generally actually care about keeping secret is the content, not the protocol. - I mean, some parts of the protocols we use for the Internet need to be in the clear to work, DNS comes to mind. If you want that kept private as well you need to use something like tor. - Not really. We also have DNS over HTTPs, DNS over TLS, and DNSCrypt which are all becoming more popular. But that’s still application level data that I’m not really talking about. - But regardless, what people generally actually care about keeping secret is the content, not the protocol. - A lot of information can be gleaned from protocol metadata though. Source, destination, which applications are being used, maybe more depending on protocols. Not exactly information I want to be easily available to the public, but also not exactly critical either. 
 
 
 
- Typically satellites have beams they turn on and off to service different areas, with one beam pointing towards the RAN that receives the data rather than just repeating a broadcast out to everywhere the satellite can theoretically reach. For mobile telecom backhaul via satellite it is standardized that the data should be encrypted for untrusted transport links so this seems to me like an issue of not following specs. 
 
- A fascinating read, thanks for sharing :-) 






