[liberationtech] Exactly how are satellite transmissions tapped/intercepted, in Syria and elsewhere?

[Jacob Appelbaum]

On 11/28/2011 04:22 PM, Gustaf Bjvrksten wrote:
> On 11/28/2011 05:42 PM, Brian Conley wrote:
>> Hi all,
>>
>> First of all, thanks Brett for that article about Area SpA, great news!
>>
>> Secondly, I'm in the middle of some research into how satellite
>> communications are being used by activists, as well as how they are being
>> used/intercepted by Syrian authorities in an attempt to quell the uprising.
>> I've read a number of articles in a disjointed fashion, and am just now
>> beginning to coordinate my efforts. I am working on a series of best
>> practices for being "most safe" as I'm not sure we can offer much better
>> than that with regard to satellite equipment, furthermore I'm hoping to
>> provide an educated understanding of just what the risks are and what might
>> be done to mitigate them. However my impression is that the guide will
>> primarily be about understanding the full extent of the risk you place
>> yourself in.
>>
>> I have heard rumors about Syria's capacity direct from Syrian activists,
>> including that some calls made with thuraya phones have been recorded, and
>> that a phone simply making a call, for the first time, in a distant
>> location was tracked by syrian authorities. unfortunately, as many of you
>> know, such anecdotes are not as helpful as they might seem, and that its
>> important to understand, as best we can, just why thuraya phones seem to be
>> "less safe" than inmarsat or iridium, and to ensure that syrians don't
>> become lax and begin to depend on an alternate tool to thuraya such as
>> inmarsat phones, only to find themselves equally targeted via that means,
>> though it may take the regime longer to establish practices.
>>
>> Anyhow, what I'm looking for are accounts of how satphones have been
>> used/tracked in syria, as well as articles about syria's capacity to
>> monitor satellite transmissions. Separately I'll be researching the
>> practical capabilities of various satphones to ensure that readers of the
>> guide have access to the best information available, though this will
>> obviously need to evolve over time.
> 
> Hi Brian,
> 
> Access has also heard a number of reports from Syria that Thuraya
> satellite devices have been giving away the location of the device
> operators as soon as the devices are used. Our reports suggest this is
> limited to Thuraya devices only, and that the use of satellite
> technology from other providers does not seem to have the consequence of
> position information leakage to the authorities at this time.
> 

This is not strictly correct. All satellite communications systems are
privacy invasive. BGAN, Thuraya, etc.

> We do know that Thuraya devices transmit their location periodically as
> part of their communications protocol[1][2].

This is common in all satellite communications systems.

> While this information is
> encrypted there seems to be some doubt as to the strength of that
> encryption. The US military complex did not have much faith in it and
> seems to have been able to bypass or crack the encryption to access the
> location information of Thuraya devices used by Iraqi Government
> officials[2]. While it is not clear exactly how this was achieved we do
> know that Thuraya devices were manufactured by Boeing and this fact may
> have contributed to an easy decryption route for US forces.
> 

Thuraya is easy to monitor. It's not even expensive. There are
commercial solutions and there are non-commercial projects that work
with common hardware. Satellite communication networks are absolutely
not secure to use without additional protection. If location anonymity
is important, I highly advise against using satellite communications
technology. Unless you've properly tampered with the device to falsify
the location reporting, you're probably not as secure as you'd like...

> In addition to this the location information clearly appears in
> unencrypted form in server logs at Thuraya itself[1]. This is worrying
> as it turns out that Thuraya is predominantly owned by Etisalat, a telco
> from the UAE with a dark history regarding surveillance of their users[3].
> 

All of these systems keep logs. All of the satellite companies have a
dark history.

> Etisalat have telecommunications interests in places including Egypt,
> Iran, Saudi Arabia, Qatar, Indonesia, and Sri Lanka. Etisalat was also
> alleged to be involved in a $39 billion scam in 2010 in India[4], and
> they deployed and manage the internet censorship system under the
> direction of the authorities in the UAE[5].
> 
> Due to the above-mentioned technical and ownership issues we
> recommend civil society do not use Thuraya satellite devices in the MENA
> region. To our knowledge devices from other vendors do not seem to be
> affected at this time. Access is working to gather further evidence from
> the ground in Syria and elsewhere in the MENA region to shine further
> light on the possible misuse of Thuraya satellite device location
> information. We also welcome any further information from anyone on this
> mailing list.
> 

It's all about threat models. If you're worried about people who have
control of Thuraya, use a BGAN. If you're worried about upsetting people
who have control of the Hughes network, use Thuraya. If you're worried
about location anonymity or evading content inspection, hack your device
to lie about the GPS location of your device. The location must be
within the same spot beam as your physical location or your device will
not sync with the birds in the sky. If you're using one of these devices
to transfer data at all, I highly encourage the use of Tor as you're
absolutely to be intercepted by multiple parties.

Some BGAN devices can be programmed to only send the spot beam ID but
again, you're trusting closed source, proprietary software/hardware with
your life. That's not a thing I'd suggest. Certainly not in a place like
Syria or other extremely hostile places.

All the best,
Jacob
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE