Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Exactly how are satellite transmissions tapped/intercepted, in Syria and elsewhere?

Enrique Piraces piracee at hrw.org
Tue Nov 29 11:11:24 PST 2011


Thanks Matt. Indeed there seems to be a significant number of options to intercept, for example, Thuraya.

For those interested, a few sample results of a quick google search:

"The L-3 TRL Thuraya Monitoring System that passively
intercepts C-band and L-band downlinks from the Thuraya satellites.
The TMS monitors transmissions from the Thuraya handset to the
network via the satellite at C-band, and monitors transmissions from
the network to the Thuraya handset at L-band. This provides full duplex
interception and recording for all calls passing through the seven
spotbeams centered on the installed system"

More on this: http://www.trltech.co.uk/app/webroot/files/L-3%20TRL%20TMS%20Brochure(1).pdf

Other:

http://www.interceptors.com/intercept-solutions/Thuraya-Satellite-Interception.html
http://www.stratign.com/communication_intelligence.asp

Brian, I'd be interested in learning more about the product of your research.

Best,
Enrique


On Nov 29, 2011, at 12:44 PM, Matt Mackall wrote:

On Tue, 2011-11-29 at 16:43 +0000, Enrique Piraces wrote:
Hi all, thanks for the detailed responses on this thread.

I'm trying to understand how weak BGAN, Thuraya, Iridium encryption
could be. For example one of them claims in its site that "Thuraya's
integrated satellite communication solutions are rapidly deployable,
employ the highest level of encryption, and are proven in meeting
exacting security standards for use in the field."

A security self-evaluation by a company's marketing department isn't
worth much.

Beyond the ability that some may have to detect the location of a
call/connection and log their calls, how true is that their encryption
can protect the contents of the information transmitted? Is the risk
the same for each voice/data/text?

Thuraya is a telecom company, which means the default assumption should
be that they:

- use poorly-implemented crypto that can be defeated by sophisticated
 third parties
- have built-in "lawful intercept capability"
- have extensive logging and data retention
- will hand this data over to authorities at the slightest provocation

The past decade has shown us the above is true of basically all
terrestrial providers, and there's no good reason to think satellite is
different. And there's no reason to think they've done a better job with
their crypto tech than the industry groups that created WEP and GSM.

Is part of the solution to use encryption modules like http://www.shoghicom.com/thuraya-encryption.html?

No. The first two bullet points above (at least!) probably apply. The
only way for a private citizen to get assurances that are better than
marketing copy is to use open source tools that have survived the close
public scrutiny of the security community.

--
Mathematics is the supreme nostalgia of our time.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20111129/a5fa8d1b/attachment.html>


More information about the liberationtech mailing list