

The Great Brazilian Sat-Hack Crackdown - ffernan
http://www.wired.com/politics/security/news/2009/04/fleetcom
CAMPINAS, Brazil — On the night of March 8, cruising 22,000 miles above the Earth, U.S. Navy communications satellite FLTSAT-8 suddenly erupted with illicit activity. Jubilant voices and anthems crowded the channel on a junkyard's worth of homemade gear from across vast and silent stretches of the Amazon: Ronaldo, a Brazilian soccer idol, had just scored his first goal with the Corinthians.<p>It was a party that won't soon be forgotten. Ten days later, Brazilian Federal Police swooped in on 39 suspects in six states in the largest crackdown to date on a growing problem here: illegal hijacking of U.S. military satellite transponders.<p>"This had been happening for more than five years," says Celso Campos, of the Brazilian Federal Police. "Since the communication channel was open, not encrypted, lots of people used it to talk to each other."<p>The practice is so entrenched, and the knowledge and tools so widely available, few believe the campaign to stamp it out will be quick or easy.<p>Much of this country's population lives in remote areas beyond the reach of cellphone coverage, making American satellites an ideal, if illegal, communications option. The problem goes back more than a decade, to the mid-1990s, when Brazilian radio technicians discovered they could jump on the UHF frequencies dedicated to satellites in the Navy's Fleet Satellite Communication system, or FLTSATCOM. They've been at it ever since.<p>Truck drivers love the birds because they provide better range and sound than ham radios. Rogue loggers in the Amazon use the satellites to transmit coded warnings when authorities threaten to close in. Drug dealers and organized criminal factions use them to coordinate operations.<p>Today, the satellites, which pirates called "Bolinha" or "little ball," are a national phenomenon.<p>"It's impossible not to find equipment like this when we catch an organized crime gang," says a police officer involved in last month's action.<p>The crackdown, called "Operation Satellite," was Brazil's first large-scale enforcement against the problem. Police followed coordinates provided by the U.S. Department of Defense and confirmed by Anatel, Brazil's FCC. Among those charged were university professors, electricians, truckers and farmers, the police say. The suspects face up to four years and jail, but are more likely to be fined if convicted.
======
patio11
If you can triangulate them then the solution seems fairly simple: automate
the triangulation, and have a pre-recorded voice respond to transmissions
randomly with a stern command in Portuguese: This is the United States Navy.
You are transmitting on a restricted channel. Your location is _blah_. Cease
communication via this channel immediately or we will take appropriate
measures to protect our national security.

I think it would be more effective if you made the monitor random than if you
made it deterministic and perfectly effective. If every transmission got the
reprimand, it would sound like a joke. If it happens infrequently enough then
the users will react like OH MY GOD THE FLOORBOARD IS CREAKING HOLY "#$"&
THERE ARE MARINES OUTSIDE MY WINDOW. (Google "panopticon". Yay, I actually
learned something in literary criticism!)

Incidentally: even if you can't triangulate them accurately, I'm going to bet
that an illiterate truck driver told he was broadcasting from 38.89767 N,
77.03655 E would believe you. Even though he is most probably not attempting
satellite piracy from the Oval Office.

~~~
sdurkin
Brilliant strategy. I remember a few years back a port scan of NSA.gov would
give a stern "THIS COMPUTER SYSTEM IS PROPERTY OF THE GOVERNMENT OF THE UNITED
STATES OF AMERICA. UNAUTHORIZED ACCESS WILL BE PROSECUTED."

As a twelve-year-old messing with netcat for the first time, it terrified the
s!&t out of me.

~~~
josefresco
Unfortunately Brazilians are not scared 12 year olds, and would probably not
be so concerned with a pre-recorded warning that has little chance of actually
effecting them (who's going to track down some random logger talking soccer
with a buddy?)

~~~
pavel_lishin
Anatel and the Navy, according to the article.

~~~
rbanffy
They should fear Anatel. The US Navy has no authority here.

------
tsally
If a bunch of impoverished Brazilians can use these satellites to communicate,
is a Denial of Service possible if organized by a well funded group? I admit I
don't know as much about this type of technology as I would like. I assume
they could saturate every frequency?

Also, a thought to fix this problem. How much money do you think the US is
going to spend to try to crack down on the hijackers? How much money do you
think it would take to build a decent infrastructure to remove the motivation
of hijacking? The numbers certainly are not equal, but they're probably closer
than you'd think.

~~~
forinti
Impoverished? Brazil is actually a middle-income country, with the South and
Southeast rapidly approaching european income levels. Brazil has 190 million
people and 150 million cellphones. Most of the population lives near the
Atlantic coast in large metropolitan areas.

~~~
tsally
I'm very well aware of Brazil's economic status as a country. I wasn't seeking
to comment on the country as a whole, simply the segment of the population
hijacking signals. I stand by my statement that this segment of the population
has very little resources in the grand scheme of technical attacks. Seems as
if you were looking for something that wasn't there.

~~~
rbanffy
Believe if I say the Brazilians who are doing this are not "impoverished".
They just found a freebie and many of them don't even know they shouldn't do
it.

As for the military implications, I don't know why the hell those birds were
not DoS'ed before. If a couple clever civilians figured that out, I can't
believe no bad guy ever tried that.

How effective a DoS on those satellites would be on denying US-Navy fleetwide
communications?

Actually, I assume badguys are already using those satellites for short bursts
of encrypted data that looks an awful lot like navy traffic sent via very
narrow beams the satellite (and ground people) have no hope of finding where
it came from.

Perhaps, instead of cracking down, the Navy should call the NSA and listen
more carefully to what is being transmitted.

------
forinti
This is why Brazil has the safest banking system in the world: Brazilians are
unruly and the police is ineffective.

~~~
carterschonwald
Could you elaborate on what you mean here? Eg do you mean that if a bank
flubs, they'll have a riot, so they take care to do things right?

~~~
forinti
I mean that because of past economic troubles, the whole system was integrated
in the 80s. You can easily transfer between any two banks in any point in the
country. The banks are also responsible for the safety of their ATMs and
internet services so if your account is hacked, it's their responsibility and
therefore they make sure it's safe (unlike in England where it's the
customer's responsibility and the banks don't take security as seriously as
they should). My card number was stolen once, and my bank immediately rolled
back all the transactions the crooks had made. Also, if your bank goes under,
your money is insured, but they rarely do because they are tightly regulated
by the central bank. To sum it up: because we had so much economic turmoil, we
ended up with a very safe banking system in both financial and technological
terms.

