So, there’s lots of communication satellites in space. These things can be given commands via radio from the ground. There must be an encryption method used to authenticate said commands.
The private companies that build communication satellites (such as Orbital sciences) must have copies of the encryption keys. Also, their clients (the government, telecom companies, etc) must have copies as well or they would not be able to order their satellites to do things.
High security costs money. I’m imagining that the keys are probably on some ruggedized laptop or printed out in some file folder with CONFIDENTIAL stickers on it.
The laptop/files are probably kept in a safe or a vault when not in use.
But how secure could they possibly be? A crack team of commandos guarding them 24/7 doesn’t sound affordable. It’s doubtful the vault is a fancy one like at Fort Knox. I’m imagining an ordinary office building with perhaps 1-2 aging security guards patrolling it at night. The vault is probably no nicer than a medium range bank vault, if that.
So couldn’t a team of crack thieves, kitted out in the cool gear, plausibly steal the encryption keys and hijack a satellite? I’m sorta imagining a team in ninja suits sneaking their way in the building, stopping at key junction boxes to disable the security system. (they basically just clip the wires going to the modem and the audible alarm and use a cell phone jammer to block the system from calling for help).
They taser the guards and tie em up and use shaped charges to blow open the vault instantly. They grab the secure files and run. In the hours before dawn, before the theft is discovered, some elite hacker types frantically analyze the source code (that they stole) to the satellite’s control systems. They change the keys and digitally sign their firmware patch, and, using cobbled together antenna, send the satellite a firmware patch to change the keys permanently.
After that, they hold the satellite ransom for (pinkie in mouth) 1 MILLION dollars in bitcoins…
:dubious: That seems over the top even for a CSI episode.
How about I use one of the many generic virus toolkits around to put a virus on some USB keys, drop them in the satellite company parking lot, then do whatever from the comfort of my local coffee shop? Then I don’t have to split my bitcoins with those ninja whatchamadealies that probably aren’t cheap. (Or the pirate-assassins you’re gonna need to kill the ninja-commandos, right?)
Seems like a lot of effort and risk for the reward.
I think there would be a lot of time and expense in preparing: finding out exactly where the data is stored, reverse-engineering the control protocols / building your own control software (this sort of thing does not get done in a couple hours!), transmitters and antennas to actually send the control signals, etc. For the number of people and time required, the payoff probably wouldn’t be that great.
The break&enter half of the team would probably be better off dealing in physical goods that could be fenced, rather than dealing with risky ransom.
The software people should be able to get absolutely risk-free well-paying employment.
Assuming physical security at these places currently isn’t great, you probably couldn’t pull this off very many times before that changed.
Why not get an operative hired into the satellite firm (assuming that we are talking about a private company, not a government agency) and have that individual learn enough about the company’s security and processes to have them access the satellite from the headquarters? Then have the person perform whatever task that you intending and have them leave the company shortly thereafter.
Or…put someone ( male or female) in the path of the person who you know has the necessary access to control the satellite. After a whirlwind sexual relationship, have that person begin to gather information for you and allow you to gain access to the satellite company’s internal organization,including security details,passwords, telemetry,etc.
Or…locate a brilliant , but disgruntled employee. Either through bribes or guile have that person provide you with all of the necessary information to access the satellites and use that as when you see the need. Or have that person create a “back door” program for you to access the system yourself (assuming that it’s not an INTRAnet). Or have that person secretly gather other employees pass codes and use them to disguise his involvement in your accessing the satellite.
The limits are really the imaginations of the people who want to take over the satellite for whatever purpose.
The problem is that when they had originally designed the satellites there was no concept of security. It was deemed to far-fetched for anyone to actively pursue them due to technology constraints. Think security like back in the 80’s with “password, password” or “admin, admin” to get in. However, that main road block, SATCOM equipment, can now be found all over places like eBay, etc., as the terrestial stations are upgraded.
Can this equipment be used to go after the latest satellites? No. But, there are a whole lot of satellites that are still up there that can be accessed. True, one would need a largish SATCOM dish to accomplish this but it’s not the typical hacker that is going after them, it’s enemy states that are. They do have the resources as most countries that I can think of that we would need to worry about have terrestrial SATCOM stations. With relatively little effort one could take over any of the older, non-secured, satellites.
What about physically stealing it, would also count. We can dock with satellites and grab them with robotic arms, how likely is that to be able to happen? (yes this assumes having a spacecraft).
James Bond films aside, it is impossible for a state-level actor (the only ones who could launch a spacecraft into orbit at this time) to surreptitiously launch a rocket, put a craft into orbit,approach a satellite and then attempt to forcibly retrieve it using the launched craft without all of those activities being detected by another state-level actor.
The nation(s) which did this would have to do some serious explaining as to what they were doing, had done or were going to do with the satellite that they seem to have purloined. Depending on the state of affairs and the reasons given, the other state-level actor might take a number of actions against the offending state, none them of very pleasant.
Finally, there’s the problem of what anybody would DO with a satellite stolen from orbit. It couldn’t be ransomed, it couldn’t be sold and it probably couldn’t be used making simply snatching an expensive exercise providing no tangible benefits for the purloiner.
First is there such a James Bond movie? which one?
Anyway
Bold mine
Such a action I would expect to be noticed - that would be the point, but the main point is that nation has the power to do so and is using it. Expressing superiority in space and to hold the world ransom and establish protocols, precedents and fees for country ‘overflights’. The reason for taking such a satellite would be enforcement for not paying such fees, investigation of potential spying, and also other ‘illegal’ activities such as relaying internet which portions of that may be banned in the country.
The primary advantage would be a denial of service (DoS) type attack. In theory, someone could hold a satellite hostage, or even potentially use it to threaten other satellites. The satellite and telecommunications industry originally had little in the way of security (despite that cautionary documentary of Dr. No) but they have since learned of the need for secure authentication and encrypted telemetry (two separate but related capabilities) and most modern satellites have reasonably sophisticated authentication protocols. The obvious method of making sure that any single set of authentication or encryption “keys” are not compromised is to have multiple sets of keys or several different key sets which allow recovery of command authority and lockout in the case of compromise, and thus, the Die Hard/Mission Impossible scenario can be averted by robust security protocols.
The patently absurd You Only Live Twice (the first Bond film that had nothing whatsoever to do with the source material, and the first to feature ninjas and a giant volcanic fortress).
There are far easier ways of doing this than attempting to “take over” a satellite, and any nation with the ability to threaten another country’s satellites will almost certainly have satellites of their own which are similarly vulnerable.
Well, it DID have Ernst Stavro Blofeld in command, and was set in Japan, and had “Tiger” Tanaka, and, after all, a volcano is close enough to mud geysers. But, yeah, it was the first to deviate significantly from the source. Blame Fleming, for being dead, and his pal Roald Dahl (Roald Dahl! Of Willie Wonka and The Witches and other great stuff!) for the whacko script. (He wrote about the experience in Playboy, which gives the impression that he wasn’t all that much in charge)
But the ninjas were cool*. And everybody always cheers when the swordsman takes out all the SPECTRE bad guys and re-sheathes his katana.
*the first major western movie I know to feature ninjas.
We aren’t exactly a high-value target, but I can give you some specific details on a cubesat I wrote the firmware for.
All upstream and downstream communication is encrypted with AES-128. Each direction has its own key. I chose this because there might be multiple parties which want to see the downsteam information, and like all secrets, the more people with possession, the more likely it is to leak. The upstream key is necessary to actually control the satellite and is kept quite private.
There is a further security layer that protects the more “dangerous” commands (anything that affects the physical structure of the satellite). The commands require an extra token to be sent alongside the data. If the token doesn’t match, the command is ignored. An attacker that knew the upstream key would not be able to trigger any of these commands until the first time we had used them ourselves–in which case an attack is irrelevant (these commands are really only useful near the end of life). It’s a simple form of a one-time-pad.
It’s the plot of the film the film You Only Live Twice.. A non-state actor kidnaps astronauts using a space capsule launched from the crater of an extinct volcano located on an island in Japan.
And simply jamming the satellite or blinding it with a ground-based laser would be far cheaper and easier. Also, if some nation or group wouldn’t pay the fees that they contracted to, their access would simply be cutoff and they wouldn’t get any information.
As far as Internet, it would be easier and cheaper to interdict it on the ground than trying to do so in space.
They’re stored in our source code repository. That is, admittedly, a weak part of the system–anyone that stole a laptop or guessed a password for the repository would have access to the keys and tokens. Obviously we aren’t as careful as we’d be if this were a billion dollar satellite.
To be honest, actual hacker-proofness is a secondary consideration. Our licenses with NOAA and other groups require encryption. So, the primary purpose is simply to comply with government regulation. We don’t want to be totally careless, but due diligence doesn’t require us to treat the keys like the nuclear football.