Don’t Look Up: Sensitive internal links in the clear on GEO satellites [pdf] - https://news.ycombinator.com/item?id=45575391 - Oct 2025 (138 comments)
The unencrypted transmissions (SMS, phone calls) are much more interesting to listen in on, of course.
Had to look that up.
"Due process be damned" is the apparent attitude
...and some quote from it:
> One Zignal pamphlet from this year advertises the company’s work with the Israeli military, saying its data analytics platform provides “tactical intelligence” to “operators on the ground” in Gaza. The pamphlet also highlights Zignal’s work with the US Marines and the State Department.
Don't believe me or Jacobin. Verify yourself.
If I found anything on that regard, I'll post them, too.
IDF has massive contracts with american companies to provide AI services for variety of purposes, and confirms its use itself:
https://apnews.com/article/israel-palestinians-ai-technology...
AI lets you do sigint and treat it a lot more like humint. You can e.g. wiretap everybody a suspected terrorist has called in the last year, transcribe all their conversations and pass them through an AI model which flags anything "concerning."
Unlike traditional approaches, AI can distinguish between "bomb" in the context of playing counter strike, discussing a news report and planning an actual terrorist attack.
It can't do anything a human can't do, but it's orders of magnitude cheaper, especially if you can't outsource the human labor due to natsec concerns.
Would you mind if one of the 500 was your mother? What if it was you? Would you still be so cavalier?
-- Albert Camus
Contextualized: https://archive.org/details/AlbertCamusArthurGoldhammerAlice...
tl;dr: Satellite TV signals were originally unencrypted and one would watch TV for free with a suitable receiver, but the broadcasters didn't like that, resulting in them eventually being encrypted.
bigfatkitten•3mo ago
pmontra•3mo ago
Maybe and hopefully not known to the staff of those networks (the current staff could be maintaining what somebody else set up) as some of those companies fixed the problem when contacted by the researchers.
For sure not known to me and a lot of other people. I believed that everything in digital streams was encrypted. Ok, those ATM connections are probably tech from the 90s, but they probably had upgrades in part because of regulations. Privacy, security, nothing?
everdrive•3mo ago
Spooky23•3mo ago
Over the years, I’ve found shockingly bad failures, usually on areas of internal networks where there is ambiguity as to what internal org is responsible. In old companies with data centers and cloud, there’s often pretty bad gaps.
noir_lord•3mo ago
everdrive•3mo ago
noir_lord•3mo ago
Example: at the largest place I worked (5000 staff, 200 in Dev/QA) I found out by accident that the outsourced devs where using personal laptops when in a sprint meeting I asked where someone was and got back "His work machine died, he's nipped home to get his personal laptop".
That company constantly raved about how good it's security posture was...
I spoke to my oppo number on the IT/platform team and his response was "yeah we know that happens, I've been trying to get them to ban it/make it impossible for a while".
TZubiri•3mo ago
ErroneousBosh•3mo ago
You could be getting listened to from anywhere.
TZubiri•3mo ago
bigfatkitten•3mo ago
ErroneousBosh•3mo ago
People do this.
You can't assume that the people you pay to handle your traffic are doing it properly. You or I know not to do this, but it looks like we are not running large phone companies.
natch•3mo ago
bigfatkitten•3mo ago
natch•3mo ago
lukeinator42•3mo ago
"Our technical contributions include:
(1) We introduce a new method to self-align a motorized dish to improve signal quality. Specifically, we could receive IP traffic from 14.3% of all global Ku-band satellites from a single location with high signal quality and low error rate.
(2) We developed a general GEO traffic parser that can blindly decode IP packets from seven different protocol stacks that we observed in our scans. Five of these stacks have never been reported in any public research we are aware of."
matthewdgreen•3mo ago
I’ll let other people comment on the actual novel elements of the research, because those exist too. But I want to point out that some huge portion of the value of public security research is really “intellectual garbage pickup”: calling out bad technical debt that “everyone knew about” and turning it into actionable security upgrades. Security research is a good part of the reason it’s mostly safe to browse the web on public Internet connections, when it wasn’t a decade ago.
PS As someone who is very cynical about security deployment, even I thought cellular network backhauls would all be encrypted as a matter of course by now, at least in the US.
bigfatkitten•3mo ago
Black Hat, DEF CON etc seem to have a presentation just about every year that can be summarised as “DVB-S is fair game if you have a few hundred bucks and a quiet afternoon.”
Here’s a decent history of the state of play up to 2009. The authors recognised back then that this is already ground well covered.
http://archive.hack.lu/2009/Playing%20with%20SAT%201.2%20-%2...
And more of the same from 2020.
https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20M...
Then you’ve got coverage of the cool applications of this property of VSAT hops, such as the Russian intelligence services using it as a malware exfiltration vector.
https://media.kaspersky.com/pdf/SatTurla_Solution_Paper.pdf
matthewdgreen•3mo ago
I mean another way to put this is: maybe there’s a problem if you can say “there’s loads of previous work” and yet massive and systemic problems still exist. Where that problem is (holistic nature of the research or the disclosure process) is probably something you could drill down into. But you’ve basically admitted the previous research didn’t do the job, so all we’re doing is haggling about the price.
serf•3mo ago
it's a poor metric -- research doesn't exist to drive policy, but it does aid in decision making.
There are global policies around the world that make no damn sense from even a basic scientific understanding, with little to no research done.
If some research is done, a policy maker is pointed at it, and the only response is a shoulder-shrug you don't shit-can the research and do it over -- you appoint vocal political types to campaign on the existing research.
matthewdgreen•3mo ago
Just to give an example of effective change-driving work: I would argue that persistent efforts via tools like Shodan and Censys have done a huge amount to clean up the Internet, at least as compared to one-off research efforts followed by “appoint activists to do the rest.” The reason is that companies respond to persistent measurement campaigns in a way that they don’t respond to one-off PR dings.
Most of the research you cite is pretty obscure and you’d have to search for it. Most of it didn’t get a lot of follow-up. When some of the firms with unencrypted backhauls were contacted by the current researchers, they didn’t even know that their backhauls were unencrypted. Finding and communicating this stuff, then following up on it relentlessly is the difference between “we knew and nobody did anything” and “it got fixed.”
Also don’t think for a second the vocal political types can do this work without constant communication from researchers who are willing to continue this work over a period of years.
voidUpdate•3mo ago
bigfatkitten•3mo ago
The spacecraft carries a bunch of linear transponders. RF goes in on one frequency, and comes out on another frequency.
The satellite operator leases you space on a transponder with a specified frequency, bandwidth and power limit, that they monitor very closely for compliance to ensure that you aren’t getting more than you paid for and that you aren’t causing interference.
Everything else about the signal from layer 1 upwards, ie the modulation, symbol rate, FEC etc is largely for the customer to choose, though some operators like Intelsat used to be a bit more prescriptive in this respect. None are looking at your protocol stack from L2 upwards.