I was able to see the sort of traffic people were sending over their satellite Internet connections, so stuff like text messages from people who are using in flight Wi Fi services, or things like passengers on cruise ships when they were making payments at point of sales systems. Also a lot of like passport numbers, really concerning data to be getting in clear text from Bloomberg News and iHeartRadio. It's the big take, I'm West Kasova today. The latest
target for hackers satellites. Thousands of satellites circling high above our heads make it possible to do many of the things we take for granted every day. When you send it texts, find your way with Google Maps, use your credit card, even check the time on your phone, chances are some bit of your info was beamed up to a satellite from one place and beamed back down instantly
to where it needed to go. The downside to this invisible miracle of technology, satellite systems aren't always as secure as they should be, and this means they can be easy targets for hackers looking to steal information for profit, or governments looking to steal secrets or cripple the communications systems of their rivals. What's extraordinary is it seems that the Russians, if it were them, were prepared to take extraordinary risks because they were aiming for the Ukrainian military.
That's my Bloomberg colleague Katrina Manson. She investigated a real life example of this, a mysterious satellite hack on the day Russia invaded Ukraine, and she joins me now to tell us what she found. Katrina, can you start by describing the satellite hack that happened in February of twenty twenty two, just a little over a year ago, as Vladimir Putin was saying he was launching a special military
operation on Ukraine. Ukrainian military communication connections that rely on modems that link up to a satellite, we're going dead. And it turned out that satellite communications were going dead across Europe. These are all broadband internet connections that rely on one single satellite, and it provides satellite connections to more than one hundred thousand users across Europe. But specifically, the thing that mattered so much to the Ukrainian military.
So imagine military are often in frontline positions in remote locations where they can't get Internet the usual way you would through a static connection. This allows you to dial up essentially to connect to a satellite more than twenty thousand miles up in space, and that's how you get your Internet connection. And that's what went dead across Ukraine and Europe. Now, this satellite is owned by a company named Viasat. That's a US company based in California, so
a continent away. Users who rely on that satellite, their connections started going dead. So when that happened, what actually was happening? Why were these connections going dead? After a lot of research and forensic analysis and all the things that people have to do to what's called reverse engineer a hack like this, and it turns out to have been a very complicated hack. Attackers breached what's called a VPN, a virtual private network that's an entry point into a
network that is meant to be secured. It wasn't. There was what's called a misconfiguration. We don't have much more information about that. They got into the network and then they moved across the network again, another thing they shouldn't be able to do. There should be doors, as it were, fire doors preventing you from making the next move. They get to a network management server that's essentially something that
controls the flow of information. They put in a malicious software toolkit that's basically the bad instruction, and then that bad instruction is sent to modems across Ukraine and Europe and it wipes the modems. It overrides a part of the modem which is used for memory, and the modems are no longer operable, they can no longer make that connection to the satellite. The rest of the system get online. So essentially a piece of malware was distributed throughout the
network and it fried the modems. It's a really extraordinary attack because people connect to the Internet through the satellite just via your home moodem. That's the same thing that gets the Internet signal into your house, and then it's often distributed through a router so you can connect via Wi Fi. That was the ultimate target of the attack. So more than forty five thousand modems that connect to the satellite system effectively were wiped. And when they were wiped,
they couldn't make the connection. So they determine that this was a hack. Do they know who did the hacking? Well, interestingly, vias at the company that owned the satellite and its partner, Utel Sat that's a French company that ran the network in partnership with Viasat, have never said They have only ever said attackers. When I press them, they explain that they are quite cage in order to preserve the network.
What did happen is it fell to countries. It fell to the European Union, to the US, to the UK, Australia and Canada to blame Russia And what basis did they blame Russia for being responsible for this attack? US intelligence spent something like four weeks looking into this attack.
At the moment that the attack happened, via SAT told defense contractors and the US government through a specific way that they share information because that same satellite that provides your average Internet for users at home who just want to stream movies or go on the Internet, the same
satellite also provides sensitive government services. It's a different part of the satellite, but bias that immediately informed its government partners, and the US launched an intelligence investigation into what had happened. So did intelligence services in France and the UK, and after four weeks, US intelligence determined that the GRU were the attackers. The GRU is a Russian military intelligence unit
that has acquired quite a reputation for hacking. Do they say with certainty that it was the Russians so they just suspected? How were they able to determine that it was actually the GRU. They haven't said much about that, and in fact, in the public attribution, I think it's only one country, Estonia, that has ever publicly labeled it as the GRU. So all of these assessments have stayed private. But the EU blamed clearly Russia. Others blamed Russian military hackers.
So there's a range of public contribution, but their private work of the intelligence community is not something that anyone's made public. And I imagine that the Russians take exception to this conclusion. I did speak to the Russian embassy in Washington, DC, and the statement they sent me, I think, said, this is total nonsense. Internet users who were customers of this satellite had their Internet and knacked out, but they weren't really the target of this hack, is there? Right? Yeah?
What so extraordinary is it seems that the Russians, if it were them, were prepared to take extraordinary risks because they were aiming for the Ukrainian military communications and that's what was knocked out. But there was what's called overspill. So I'm told that they knew that the attack that they pursued would affect other countries. And not only did it affect other countries, they were NATO countries, and it wasn't just people sitting at home, it was critical infrastructure.
So five thousand, eight hundred systems that monitor wind turbines in Germany and across Europe, those monitoring systems were knocked out. That counts as critical infrastructure, which is protected, and the other is just sitting at home being on internet. Internet communications are considered critical infrastructure. All of that is significant because it raises the question of whether NATO had any
responsibility or potential to respond. Article five, which is that mutual defense clause, the idea that if one is attacked, everyone is attacked and you can respond, has been very clearly expanded to include cyber No one's ever acted on that yet, but there, of course there was potential for NATO to say we two have been attacked. What was the file out would eventually happen? How did they or did they fix the problem. They ended up having to send out more than forty five thousand modems and this
took weeks. They say that they prioritized getting modems to Ukrainian distributors, so that was their main effort. And then I think the other thing that's really interesting is the US led a quiet diplomatic campaign over the course of six weeks. Once they got that internal decision or assessment that it was the gru the Russians military hackers who were responsible for this, they tried to commence the European
Union that this was the case as well. They shared technical information and then they went above and beyond and shared additional intelligence information with two key members of the European Union who were also the biggest victims of this attack outside of Ukraine, France and Germany. And that is so important because they are also the most influential members of the European Union. And they have also historically been very reluctant to blame anyone for attacks in public, even
if they reached that same assessment in private. They don't tend to attribute attacks because of two main reasons. Really. One, you can make things worse, you can incite attacks against yourself and you could be wrong. It's quite difficult to do attribution. And a ladder third. Germany in particular, was navigating very complex relations with Russia right at the start of that invasion because it took them so much by surprise, and figuring out what their response would be of course
changes the rest of European history. In the end, did the alleged target of this attack, the Ukrainian military, suffer big setbacks in the early days of the war because of this. Was it successful in carrying out what it was trying to do? One Ukrainian cyber official said they suffered a really huge loss in communications at the start of the war. That's pretty much the most they've ever put on record about this. My understanding is that two
main things were affected. Military communications. Command and control. Your ability to reach your frontline troops and say move your troops here really really matters at the start of any invasion, and particularly this invasion, which, as we know now, the Russians were intending to take the capital within three days. This was intended to be a blitz quig, so disabling satellite communication and the ability for the military to move around and respond was an attempt to stave off any
counterattacked by the Ukrainians. Ultimately it did not work, but that was what I'm told is the intention. The other thing is that drones for espionage for tracking where the Russians are rely on satellite internet, and I'm told that it affected that as well. I think what's interesting about this is the Ukrainians were able to come back very very quickly, essentially because of a tweet to Elon Musk
and saying can we please have starlink. Starlink is the satellite system owned by SpaceX's Elon Musk SpaceX that provides an equivalent satellite Internet. It works in low Earth orbits, so it has multiple thousands in fact, of satellites circulating the Earth, so it's harder to take out a single satellite, whereas the vias system relied on a geostationary satellite much higher up and just that one single satellite. Vias AT
continues to face threats against this network. They told me they face on and dynamic threats even up to today. So although nothing has been successful at all in the way that that February attack was last year, it certainly could conceptually happen again. Our conversation continues after the break, Katrina, what are our governments and companies doing to try to harden their systems to wark future attacks. I think the answer there is not enough. That's certainly what the researchers
I speak to are saying. But there is a push to develop standards. These are minimum cybersecurity standards that affect all parts of code in the satellite, encrypting data in that link, raising standards across the board. But this is a process that is really just beginning today. Something like five thousand active satellites are in orbit around the Earth. That's already a huge amount to try and protect, given you also have all the associated systems that make them work.
This is growing so fast that I think that's why it's been such a wake up call to the industry. By twenty thirty, some high end estimates suggest that there could be one hundred thousand active satellites in orbits, So from five thousand to day to one hundred thousand in the space of seven years. This problem is so set to rise, and there are so many different ways to
attack satellites. Way back at the beginning of the space age, no one even conceived anyone would be hitting And it turns out that I've spoken to hackers, individual hackers, security researchers, who've proved, who've shown that each of these is vulnerable. What are some of the things that all these satellites are doing. Well, there's Internet, that's one. There's satellite TV, there's earth observation, earthquake monitoring, spying. The US has its
own spy satellites. But it was explained to me that every single element of the US economy that matters, whether it's chemical, industrial processes, looking for oil, even atomic clocks. So the way we get our time, the way cash machines function, the way you get gas at the pump,
everything now depends on satellites. What are the things that you're paying a specially close attention to Given everything that you're describing here, I think I'm really interested in any time China puts up a system that could potentially be independent of the US, anytime China has a relationship with
a US satellite company. All of those things are areas that I think you'll see the US government look at more and more, and really a push from the US government to see how far they're going to squeeze industry to actually do anything about this. A White House official told me that companies need to radically improve the security of satellite ground systems, and that they even go to companies on occasion and tell them, hey, we've discovered a vulnerability.
You need to patch this. And they don't want to say it a public because that would raise awareness of a vulnerability that could be exploited by attackers. They tell companies in private, and they say sometimes companies do not take that advice and do not patch. And I think companies would have just as many criticisms back if they
were speaking freely of the US government too. And so that relationship between government and commercial satellite players has got to get if it's to be solved a lot closer. They haven't quite got the level of trust that I think everyone would want. And there's a problem with classified briefings. A lot of this information is classified, and yet a lot of the hacks are happening on a commercial sector. So really breaching that gap needs a lot more work.
Kultri in a man saying thanks so much for talking with me today, thank you for having me. Let's hear now from someone who knows how easy it can be to hack a satellite, because he's done it himself. James Pervoor tapped into commercial satellites as part of his PhD program at Axford Universe. He now works on satellite security for the Pentagon. James, let me just start by asking you first, how did you become a hacker. I've been doing computer security stuff basically since I was a child.
So when I was like in middle school, I was playing around with like shutting down people's computers while they're sitting next to me in the lab, that kind of like little windows hacking type thing. And I've just always been really interested in seeing how things work under the hood. And as a hacker, like exploiting things is all about like understanding technology behind the scenes, and so that's really
been super interesting for me. It's just always been like figure out how something works and then figure out how he can break it. And then you took that kind of plane around as a kid much more seriously a PhD now from Oxford, and as part of that dissertation, you actually were hacking satellites for real to show vulnerabilities.
Is that right? Yeah, exactly. So. Over the course of my PhD at Oxford, I focused on satellite system security, and in particularly like radio signals that come to satellites from Internet users and like satellite broadband services. When I say satellite broadband services, what I really mean is basically when you're using a satellite to get Internet access, and typically that means that you send a message up to the satellite, which is like get me this website, and
the satellites basically a bent pipe. You can think of the satellites as fairly dumb objects. They receive data on one antenna and then they take the data they receive and send it out on a different antenna, basically, and they do no thinking, no processing, at least for Internet satellites. So they're just a pipe. You put information in one side and it comes out another side, and the only difference is when it comes out it covers a huge area.
And so when you send Internet requests up to a satellite, you're just pumping information into this pipe and then it's coming out the other side to your internet service provider. And when you get a response like a web page you've downloaded or a document you've received, it's the same thing. The service wrider is putting it into one end of the pipe and then it's coming out at the broad
end to your dish. The interesting thing about satellite services is that beam that comes back down to you can cover like a third of the Earth's surface, so an attacker can be thousands of miles away and getting that information. So I bought some gear and pointed at satellites and tried to interpret what was going on. And it turns out that there's like lots of really interesting and really sensitive information in these signals that an attacker with like
relatively inexpensive equipment can get access to. So you said you bought equipment, would you buy I mean, is it like, you know, going on Amazon just getting common stuff? Basically, yeah, So about four hundred dollars in home television equipment, the kind of satellite dish that you'd see on someone's house if they had satellite internet service, and then a special card that is designed to let you watch satellite TV
on your computer. But I basically repurposed it to take these Internet signals and get them in a format I could mess around with. I pointed my dish at satellites in geostationary orbit, so that means they're thirty thousand kilometers above the Earth's surface and they basically don't move. They're always in the same spot in the sky, which makes
them pretty easy to find and intercept signals from. And these were primarily like broadband Internet services, and I was able to see the sort of traffic people were sending over their satellite Internet connections, So stuff like text messages from people who were using in flight Wi Fi services when they're on like Transatlantic flights, or things like passengers on cruise ships when they were making payments at point of sales systems. So also a lot of like passport numbers.
So when like crews, especially like cargo vessels pull into ports, they'll send information about everyone on the ship to the port authorities. That's typically over a satellite feed, and so it's pretty easy to identify those messages when you're like listening to the satellite traffic and just get like a list of everyone on the crew and when they were born and what their passport number is. Like really concerning data to be getting in clear text. Did it surprise
you how much you were able to get? Yeah, I was stunned. I think that a lot of it comes from an assumption that you would need much more expensive equipment. The gear I used was very unreliable if I wanted to use it to actually be a satellite Internet customer when it worked, because I was missing a lot of packets, there was a lot of corruption. But what I was able to do is basically reconstruct enough of the transactions, like enough of the data that I could start to
get interesting information. Because a hacker doesn't need one hundred percent reliability to succeed. So the change in the model was this idea that you could get away with a lot less if you're just trying to be disruptive. So here you are hacking these satellite signals and you're doing it for academic purposes to show how vulnerable they are. But if you were doing it for nefarious reasons to try and steal this information, you would have had a lot of stuff that could have caused people a lot
of trouble. Definitely the data that was in there. I'm glad that as a security researcher, I was able to kind of get to it first and share it with the satellite Internet service providers and kind of raise awareness about this vulnerability so that they could work towards fixing it. Because I think adversaries, when they get access to data like this, could cause a lot of harm. So when you went to companies like that, what did they say they alarmed, did they immediately patch it? It was a
mix of reactions. There are some companies that were fantastic. They were immediately like, thank you for sharing this information, We'll get right on fixing it. And I think they did end up making improvements to their security. They ended up checking what kind of data they were sending. There are other companies that either ignored the research, like never responded, or there were even some who like threatened to sue us.
So whole gamut of different things. But I think that's just the nature of like offensive security research and vulnerability research, is that you kind of play a game where people may get very defensive or very hostile to your findings, but it's still important to get it out there so people can kind of if they want to choose to fix things, at least they know what they should be fixing.
We'll be right back. Now that you've completed your research, you have your PhD, you've gone to work with the pentagain, what exactly are you doing for them? I work at the Chief Digital and Artificial Intelligence Office, which is a new office within the Office of the the Secretary of Defense, and my agency within that as called the Directorate for digital services, And it's a pretty generic name because the
job is incredibly broad. It's a lot of emergency engineering, so like something pops up in the world that needs something built, coded, or developed within like forty eight hours, and so instead of like going to defense contractors, we have like in house engineering expertise who can build that
kind of emergency tech. So obviously I can't go into a ton of detail about all the projects I work, but it's a lot of just like really rapid organic software development and security work and advisory work for like very impactful topics. What attracted you to the penan, I think for me, the opportunity to work as a civil servant in government is really compelling because you're close to the decision makers who are kind of deciding what the future,
in this case the military will look like. And having a seat at that table and having a voice in those conversations can be a much bigger impact than simply like finding vulnerabilities at a big contractor and then selling them off. So for me, that's what really matters, is this idea that I could shape a safer future by
being in the room when those conversations are happening. So walk us through how satellites actually work, what are the different components, and where are the places that are vulnerable to hacking you can break satellite security into. I guess there are four domains that I like to think about.
One is the ground systems, So those are the devices that users use to connect to the systems, think like a starlink modem or a ground station that's run by a satellite service provider to collect data from their satellites. And when you're hacking ground systems, typically it's going to look a lot like bread and butther hacking, you're going to be targeting like the Windows computer that's plugged into the satellite antenna and using your Windows malware to exploit it.
Then there's the communications link, so that's the radio signals that go from a ground station to a satellite, and that's what I was looking at in my PhD thesis. For the most part, that's often like radio signals engineering type work and kind of looking at communications security. Then there's the bird. So there's the satellite in orbit, and there's kind of a zone of trust once you're on the satellite. Everything on the satellite trusts everything else in
the satellite. So if you were like compromise a camera on a satellite, you could send instructions to a flight controller because they're all plugged into the same like bus, which is basically like a wire that sends messages from devices to other devices. And so when you're thinking about like satellite security, it's often about compromising these embedded systems in orbit. And then the last topic area is kind of this broader like policy domain in terms of how
people interact with and regulate satellites. I did some research on my PhD on space situational awareness data, for example, which is how countries tell each other what space debris is out there so we don't like crash into debris and cause damage to the space environment. And so I looked a lot at like what happens if countries lie to each other, How could those lies be detected? And that's kind of more ephemeral. There's not like a part of the satellite you can touch that is that, but
it's still an important component of space security. James, which of those four areas of vulnerability you're describing out the easiest for hackers to pry their way in. I think the vast majority of historical attacks on satellites have been against either the radio domain primarily jamming attacks, So a lot of countries as a mechanism of censorship or protest, will jam other people's satellites, and that's been going on
for decades. And then there's also the ground systems. Because there's so much like traditional IT systems with just like Windows computers plugged into a satellite antenna. It's easy to either accidentally hack them if you're just doing like a broad attack, or to find and hire the expertise you would need for a more targeted attack against those. So what can companies, governments due to satellites actually enhanced the
security so this sort of thing doesn't happen. I think that opening up a little bit to security research is a big step in that direction. The industry has gotten by for a long time on this assumption that satellites are so expensive and so complicated that no one will ever be able to hack them, and that has sort of been true. But as technology has advanced and satellites have become more and more like other Internet of Things devices,
basically that's getting less true. And there are transferable skills hackers might develop that can be applied to satellites, and so I don't think the space industry can continue to kind of hide in the shadows and get by with
their easier targets. So no one's going to bother with us, And so relying in like open source protocols that can be validated at like source code level for their communications, and relying on open firmware and operating systems that people can test and prove or secure will go a lot further than hoping that you're at a proprietary software will
just never be figured out by an adversary. I think that, like, there are tons and tons of people out there who would love to hack satellites, who would love to do research for free as basically a donation to the world to make it more secure because they think hacking satellites is cool. Don't think I'm the only person like that
out there. I've met other people like it. And if the space industry gives people the opportunity to contribute within the security research community, I think they'll be able to make really big progress in securing these platforms. What concerns you the most, like, what is the thing? As someone who knows how vulnerable these systems can be, makes you think this is the thing that makes me worry. For me, it's the environment. So most of the repercussions of a
satellite compromise are like bad. They could be very bad, like you could compromise GPS and it could lead to like a terrestrial catastrophe. But however bad it is, eventually we'll get over it. So I guess one of my biggest concerns is less about the virtual effects of hacking satellites, stealing data or disabling them, and more about the kinetic and physical effects, because those can have a lasting effect
on the environment. So if a satellite is destroyed an orbit in some way, that can have huge environmental repercussions. If someone hacks a rocket and causes it to break during a launch sequence, for example, then you end up with pieces of space debris that are stuck in orbit
for centuries. They move at literally bullet like speeds, and if they crash into other pieces of space debris or into each other, they can generate basically to bre cascade and block orbit for a long period of time and have a lasting detrimental impact on our abilities a species to make use of outer space. So when you look ahead, do you think satellites become more secure or do you think we go through a period of kind of chaos
and uncertainty before something gets done. I am cautiously optimistic that satellites will become more secure. There is a really great momentum around satellite security that's formed in the last four or five years. We have Defcon, which is a big hacker conference in Las Vegas every summer, and they have a dedicated track within what they call the Aerospace Village to just talk about space security. We have industry
advisory groups. There's a Space Information Sharing an Advisory Council which is formed between like different space industry people to talk about cyber threats. And we just have a lot of momentum building around space security. And my hope is that that momentum is coming at the right time because the decisions we make in the next three or four years, I think we'll have a big impact in what space looks like for the next decade or so. James, is there anything that we can do, just as you know,
people consumers of technology to protect ourselves. Definitely, So when you're trying to protect your like satellite, internet signals or really any traffic you send over the Internet. I think it's important to recognize that once that message you're sending leaves your house, you have basically no control over who gets to touch it as the gets handed off. I think, like you send a letter in the mail, you don't know who the postal workers grabbing your letter at each stage.
Will be same thing with Internet traffic, and so using end end encrypted protocols, whether that's using like an encrypted chat application or using websites that use t TLS is transport layer security. It's a protocol that's used to encrypt general like Internet traffic that you would have when you
visit a website. You'll see it like little lock icon in your browser when you're connected to a TLS website, and it's like proven with math to be very secure against adversaries who are trying to read the content you're sending. That's a really great way to stop people like me, because even if I got your packets off of a satellite, because it happened to get sent that way, I wouldn't
be able to read the contents of them. I could see the outside of the envelope, but if I opened it up, it would just be garbage, nonsense, and so whenever you can. Using an encrypted communications protocol defends you against just a whole mix of attacks, whether it's satellite attacks or any other kind of eavesdropping threat. James Pavoor, thanks for speaking with me, No problem, great meeting you. Thanks for listening to us here at The Big Take.
It's the daily podcast from Bloomberg and iHeartRadio. For more shows from my heart Radio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen, and we'd love to hear from you. Email us questions or comments to Big Take at Bloomberg dot net. The supervising producer of The Big Take is Vicky Vigolina. Our senior producer is Katherine Fink. Rebecca Shassan is our producer. Our associate producers Sam Gabauer. Phil de Garcia is our engineer. Our original music was composed by
Leo Sidrin. I'm West Kasova. We'll be back tomorrow with another Big Take