The document discusses satellite communication systems and potential vulnerabilities. It describes how VSAT networks are used to provide services like automated teller machines and banking networks. It then outlines some hypothetical attacks against different parts of satellite systems, including denial of service attacks against uplinks and downlinks, commandeering spare satellites, and spoofing orbital positioning. The document cautions that insiders pose the biggest risk, and discusses frameworks for distributed scanning of satellites to identify vulnerabilities early. It advocates for monitoring spectrum usage and carrier signals to detect anomalies.

1. Hacking a Bird in the Sky
The Revenge of Angry Birds
Jim Geovedi, Raditya Iryandi, Raoul Chiesa

2. Satellite Communication
When terrestrial communication FAIL, we PREVAIL!
Arthur C. Clarke
1917-2008

3. Broadcast Video to
Cable Headends
Local ISPs
Direct Broadcast TV Video
Last-mile Broadband Contribution
Corporate Data Networks Teleport PSTN
(Interactive & Multicast)
End Users
Teleport Internet
End Users

4. average distance to moon:
384,400 km
Medium Earth Orbit
Altitude: 8,000-20,000 km
Low Earth Orbit
EARTH
Altitude: 500-2,000 km
Geostationary Orbit
Altitude: 35,786 km
Highly Elliptical Orbit
Altitude: >35,786 km

5. Propulsion System
Telemetry, Attitude Control,
Solar Arrays Commanding, Fuel, Batteries, Solar Arrays
Power/Thermal Systems
Transponder Down-converter, High Power, Transponder
Receiver Pre-amplifier, Amplifier, Transmitter
Section Filter Filter Section
RX Antenna TX Antenna
Jakarta Jayapura
Uplink Downlink
Earth Stations / Antennas

6. Telkom-1 Footprint / 108.0º East (C Band)
C Band
38 40 42

7. Frequency Band Designations

8. Example of Frequency and Polarisation Distribution
Transmit
3720 3760 3800 3840 3880 3920 3960 4000 4040 4080 4120 4160 4199
1 3 5 7 9 11 13 15 17 19 21 23 T/M
Polarisation
Horizontal
3701 3740 3780 3820 3860 3900 3940 3980 4020 4060 4100 4140 4180
T/M 2 4 6 8 10 12 14 16 18 20 22 24
Polarisation
Vertical
Frequency MHz
3700 4200
Receive
5945 5985 6025 6065 6105 6145 6185 6225 6265 6305 6345 6385 6424
1 3 5 7 9 11 13 15 17 19 21 23 CMD
Polarisation
Vertical
5965 6005 6045 6085 6125 6165 6205 6245 6285 6325 6365 6405
2 4 6 8 10 12 14 16 18 20 22 24
Polarisation
Horizontal
Frequency MHz
5925 6245
Channel spacing = 40 MHz — Usable bandwidth = 36 MHz

9. VSAT / Very Small Aperture Terminal
‣ Two-way satellite communication
‣ Use small dish antennas
(diameter: 75cm-2,4m)
‣ Managed by the HUB
(master earth station)

10. VSAT / Services
‣ One-way multicast
‣ One-way with terrestrial return
‣ Two-way satellite access

11. VSAT Network Topologies / Simplex Transmission
Hub Equipment Hub Equipment Hub Equipment Hub Equipment
TV Station / HQ Network Affiliated TV Stations

12. VSAT Network Topologies / Point-to-Point Duplex Transmission
Public Network Public Network
Private Network CPE CPE Private Network
Customer Site Customer Site

13. VSAT Network Topologies / Point-to-Multipoint Transmission
CPE CPE CPE
Network or Sites Network or Sites Network or Sites

14. VSAT Network Topologies / Mobile Antenna Service
Public Network
Hub Equipment Private Network
Customer Site

15. VSAT Network Topologies / Star Network
Hub Equipment Hub Equipment Hub Equipment Hub Equipment
Public/Private Networks Networks or Sites

16. VSAT Network Topologies / Mesh Network
Hub Equipment Hub Equipment Hub Equipment
Networks or Sites Networks or Sites Networks or Sites

17. Access Methods / FDMA (Frequency Division Multiple Access)
f1 f2 f3
Transponder
f1 f2 f3

18. Access Methods / TDMA (Time Division Multiple Access)
f1
Transponder
f1
f1
f1 f1

19. Access Methods / CDMA (Code Division Multiple Access)
++++++++++++++++++++++++++++++++++++++++++
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
oooooooooooooooooooooooooooooooooooooooooo
------------------------------------------
Transponder
f1 f1 f1 f1

20. Satellite Vulnerabilities
Current systems are vulnerable to a variety of attacks, and
future systems promise little improvement.

21. Unless you have millions of dollars and a team
of engineers, you have no hope of taking over
commercial or governmental satellites.
If someone did put together the power to try
such a stunt, they would be more likely to
damage a satellite than take it over.
How to Break into Satellites: Not!
Carolyn Meinel’s GUIDE TO (mostly) HARMLESS HACKING
Gobbles!

22. hackers will eventually find a way to hack

23. employees
management
vendors
customers
spieS
government
network of trust

24. It is worth noting that the most likely cause of damage
to or loss of service from a satellite is the actual operator.
Dan Veeneman

25. Dan Veeneman
Low Earth Orbit Satellites
Dan Veeneman
Future & Existing Satellite Systems
Warezzman
DVB Satellite Hacking
Jim Geovedi, Raditya Iryandi,
Hacking a Bird in the Sky: Hijacking VSAT Connection
Jim Geovedi, Raditya Iryandi, Anthony Zboralski
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Adam Laurie
$atellite Hacking for Fun & Pr0fit!
Leonardo Nve Egea, Christian Martorella
Playing in a Satellite Environment 1.2
Jim Geovedi, Raditya Iryandi
Hacking Satellite: A New Universe to Discover
Jim Geovedi, Raditya Iryandi, Raoul Chiesa
Hacking a Bird in the Sky: The Revenge of Angry Birds
1996 1998 2004 2006 2008 2009 2011

26. Veeneman’s Satellite Hypothetical Attacks
Denial of Service Orbital Positioning Takeover Spare Satellite
Raging Transponder
Spoofing
?
Jam Uplink
Direct Commanding
Overpower Uplink
Command Replay
Jam Downlink
Insertion

28. Satellite TT&C Ground Networks
Frequency
Network Gateway Receivers/Modems
Conversion
Ground
Geolocation Antenna
Digital/Analog
Spectrum
Record and Replay
Monitoring
IP
Network Gateway COMSEC Front-end Processor
Command and Control

29. Land Earth Station Attacks

30. Satellite-based Attacks Against
ATMs and Bank Networks
It's not a big truck. It's a series of tubes.

31. TRADE FINANCE TREASURY
DATA WAREHOUSING
ANTI MONEY LAUNDERING
REMITTANCE
CORE
CRM
ATM SWITCH
COLLECTION SYSTEM
MOBILE BANKING
INTERNET BANKING
ISLAMIC (SHARIA) BANKING CARD MANAGEMENT

32. VSAT / Automated Teller Machine Networks
ATM ATM ATM ATM
Standard Network
Hub Equipment Hub Equipment Hub Equipment Hub Equipment
Equipment
Core Banking Networks Automated Teller Machines

33. VSAT / Automated Teller Machine Networks

35. Automated Teller Machine

36. Automated Teller Machine

37. OMFGWTFKTHXBYE

39. The Usual Culprits
People Problems System Problems
Weak Passwords Outdated Systems
Lack of Awareness Insecure Configurations
Lack of Skills Insecure Protocols

40. MANAGEMENT PROBLEMS

41. Distributed Satellite Scanning
Framework
Identify potential problems at an early stage.

42. Framework Goals
‣ Dead or Alive status / checking if the bird is still alive
‣ Protocols / understand which protocols the target is running
‣ Service type / knowing which service we can (ab)use
‣ Distributed IP C&C / widening the coverage

43. Distributed IP C&C

44. Satellite Carrier Monitoring System
‣ Spectrum Analyser and Digital Spectrum Processor
analysis
‣ Reference trace and measurement
‣ Automatic alerts for abnormal and missing carriers

45. Shared Data

46. What’s Next?
No, the journey doesn't end here.

51. http://www.dunnspace.com/leo_on_the_cheap.htm

52. Fin.
Jim Geovedi <jim@geovedi.com>, @geovedi
Raoul Chiesa <raoul.chiesa@mediaservice.net>