[liberationtech] Exactly how are satellite transmissions tapped/intercepted, in Syria and elsewhere?

Mon Nov 28 16:22:21 PST 2011

On 11/28/2011 05:42 PM, Brian Conley wrote:
> Hi all,
> 
> First of all, thanks Brett for that article about Area SpA, great news!
> 
> Secondly, I'm in the middle of some research into how satellite
> communications are being used by activists, as well as how they are being
> used/intercepted by Syrian authorities in an attempt to quell the uprising.
> I've read a number of articles in a disjointed fashion, and am just now
> beginning to coordinate my efforts. I am working on a series of best
> practices for being "most safe" as I'm not sure we can offer much better
> than that with regard to satellite equipment, furthermore I'm hoping to
> provide an educated understanding of just what the risks are and what might
> be done to mitigate them. However my impression is that the guide will
> primarily be about understanding the full extent of the risk you place
> yourself in.
> 
> I have heard rumors about Syria's capacity direct from Syrian activists,
> including that some calls made with thuraya phones have been recorded, and
> that a phone simply making a call, for the first time, in a distant
> location was tracked by syrian authorities. unfortunately, as many of you
> know, such anecdotes are not as helpful as they might seem, and that its
> important to understand, as best we can, just why thuraya phones seem to be
> "less safe" than inmarsat or iridium, and to ensure that syrians don't
> become lax and begin to depend on an alternate tool to thuraya such as
> inmarsat phones, only to find themselves equally targeted via that means,
> though it may take the regime longer to establish practices.
> 
> Anyhow, what I'm looking for are accounts of how satphones have been
> used/tracked in syria, as well as articles about syria's capacity to
> monitor satellite transmissions. Separately I'll be researching the
> practical capabilities of various satphones to ensure that readers of the
> guide have access to the best information available, though this will
> obviously need to evolve over time.

Hi Brian,

Access has also heard a number of reports from Syria that Thuraya
satellite devices have been giving away the location of the device
operators as soon as the devices are used. Our reports suggest this is
limited to Thuraya devices only, and that the use of satellite
technology from other providers does not seem to have the consequence of
position information leakage to the authorities at this time.

We do know that Thuraya devices transmit their location periodically as
part of their communications protocol[1][2]. While this information is
encrypted there seems to be some doubt as to the strength of that
encryption. The US military complex did not have much faith in it and
seems to have been able to bypass or crack the encryption to access the
location information of Thuraya devices used by Iraqi Government
officials[2]. While it is not clear exactly how this was achieved we do
know that Thuraya devices were manufactured by Boeing and this fact may
have contributed to an easy decryption route for US forces.

In addition to this the location information clearly appears in
unencrypted form in server logs at Thuraya itself[1]. This is worrying
as it turns out that Thuraya is predominantly owned by Etisalat, a telco
from the UAE with a dark history regarding surveillance of their users[3].

Etisalat have telecommunications interests in places including Egypt,
Iran, Saudi Arabia, Qatar, Indonesia, and Sri Lanka. Etisalat was also
alleged to be involved in a $39 billion scam in 2010 in India[4], and
they deployed and manage the internet censorship system under the
direction of the authorities in the UAE[5].

Due to the above-mentioned technical and ownership issues we
recommend civil society do not use Thuraya satellite devices in the MENA
region. To our knowledge devices from other vendors do not seem to be
affected at this time. Access is working to gather further evidence from
the ground in Syria and elsewhere in the MENA region to shine further
light on the possible misuse of Thuraya satellite device location
information. We also welcome any further information from anyone on this
mailing list.

[1] http://americas.xsatglobal.com/news.php?ArticleID=13
"XSAT USA plays role in recent K2 mountain rescue
Thursday, 14-Aug-08
XSAT USA played an intricate role in the survival of two climbers after
the recent mountain disaster on K2. A team of twenty two explorers were
attempting to successfully reach the summit and descend the deadly K2
when disaster struck. While descending the mountain, an ice wall
collapsed upon the weary climbers and destroyed the ropes and lines
necessary for the safe descent. Team members were scattered throughout
the mountainbs bdead zoneb with no possible chance of survival without a
rescue attempt. Survivor Wilco Van Rooijen used a Thuraya Satellite
Phone to contact his brother in desperation. Rooijenbs brother contacted
Tom Sjogren of the mountaineering website ExplorersWeb. Tom then reached
XSAT USA President Jan Rademaker on Friday, August 1 at 10:30 p.m. in
need of Satellite GPS coordinates from Van Rooijenbs call history. XSAT
employees in Dubai managed to access the information necessary to mount
a rescue attempt through Thuraya, a satellite communication company
based out of Abu Dhabi, United Arab Emirates. When Rooijen used his
phone to call his brother, his GPS location was saved at the Thuraya
ground station in Sharjah, UAE, giving Pakistani helicopters a chance to
rescue two of the stranded climbers. The men were successfully rescued
and taken to a Pakistani hospital for frostbite treatment."

[2] http://www.strategypage.com/htmw/htecm/articles/20030424.aspx
"April 24, 2003
During the Iraq war, the coalition unexpectedly ordered all civilians
(mainly reporters) near coalition military units to immediately turn in
their Thuraya satellite phones. These phones, made by Boeing, are
satellite phones that also incorporate normal cell phone service and GPS
capability. The phones were provided by a cell phone company in the
United Arab Emirates. Thuraya recently announced that while the phones
did transmit the GPS location periodically (to insure a good satellite
signal), the information was sent in encrypted form and only someone
with access to the codes, or with powerful decryption capabilities,
could get the location information (of the phone broadcasting the
information). Boeing is a major American defense contractor, and the
U.S. has the most powerful decryption capabilities on the planet. It is
suspected that the United States did use access to decrypted Thuraya GPS
signals to make bombing attacks on known Iraqi government users of
Thuraya satellite phones."

[3]
http://www.itp.net/561962-etisalats-blackberry-patch-designed-for-surveillance
"July 14, 2009
Etisalatbs BlackBerry patch designed for surveillance
Expert says software developed by surveillance firm SS8
The battery-sapping "performance patch" that Etisalat sent to its
BlackBerry subscribers over the last few days was designed to give the
UAE operator the ability to read its customers emails and text messages,
a Qatar-based software expert told CommsMEA yesterday."

[4] http://en.wikipedia.org/wiki/2G_spectrum_scam

[5] http://opennet.net/research/profiles/uae
"07/Aug/2009 United Arab Emirates"

-- 
Gustaf BjC6rksten
Technology Director
Access
https://www.accessnow.org
GPG ID: 0xFEB3D12A
GPG Fingerprint: C10F FC31 B92A 3A32 40A0 1A72 43AC A427 FEB3 D12A
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE