Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
This suggests that anyone could install similar hardware anywhere else in the world and likely obtain their own collection of sensitive information. Ultimately, the researchers limited their experiment to just off-the-shelf satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, for a total of less than $800.
“These were not NSA-level resources. These were DirecTV user-level resources. The barrier to entry for this type of attack is extremely low,” said Matt Blaze, a computer scientist and cryptographer at Georgetown University and a law professor at Georgetown Law. “In the week after next we will have hundreds or perhaps thousands of people, many of whom won’t tell us what they do, replicating this work and seeing what they can find up there in the sky.”
One of the only obstacles to replicating their work, the researchers say, would likely be the hundreds of hours they spent on the roof adjusting their satellite. As for the in-depth, highly technical analysis of obscure data logs they obtained, that may now be easier to reproduce: The researchers are publishing their own open-source software tool for interpreting satellite data, also called Don’t Look Up, on Github.
They acknowledge that the researchers’ work could allow others with less benevolent intentions to extract the same highly sensitive data from space. However, they argue that this will also force more owners of this satellite communications data to encrypt this data to protect themselves and their customers. “As long as we’re on the side of looking for unsafe things and securing them, we feel very comfortable doing that,” Schulman says.
There is little doubt, they say, that intelligence agencies with far superior satellite receiver hardware have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in one Safety notice 2022 about the lack of encryption of satellite communications. At the same time, they assume that the NSA – and every other intelligence agency from Russia to China – has placed satellite dishes around the world to exploit this lack of protection. (The NSA did not respond to WIRED’s request for comment.)
“If they’re not already doing this,” jokes Nadia Heninger, a professor of cryptography at UCSD who co-led the study, “then where are my tax dollars going?”
Heninger compares the findings of her study – the sheer scale of unprotected satellite data available for recording – to some of the findings of Edward Snowden This showed how the NSA and Great Britain GCHQ obtained large amounts of telecommunications and Internet data, often by secretly tapping into the communications infrastructure.
“The threat model that everyone had in mind was that we have to encrypt everything because there are governments that are tapping undersea fiber optic cables or forcing telecommunications companies to give them access to the data,” Heninger says. “And what we’re seeing now is that the same kind of data is being sent to a large portion of the planet right now.”
