That suggests anyone could set up similar hardware somewhere else in the world and likely obtain their own collection of sensitive information. After all, the researchers restricted their experiment to only off-the-shelf satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, totaling less than $800.
âThis was not NSA-level resources. This was DirecTV-user-level resources. The barrier to entry for this sort of attack is extremely low,â says Matt Blaze, a computer scientist and cryptographer at Georgetown University and law professor at Georgetown Law. âBy the week after next, we will have hundreds or perhaps thousands of people, many of whom wonât tell us what theyâre doing, replicating this work and seeing what they can find up there in the sky.â
One of the only barriers to replicating their work, the researchers say, would likely be the hundreds of hours they spent on the roof adjusting their satellite. As for the in-depth, highly technical analysis of obscure data protocols they obtained, that may now be easier to replicate, too: The researchers are releasing their own open-source software tool for interpreting satellite data, also titled âDonât Look Up,â on Github.
The researchersâ work may, they acknowledge, enable others with less benevolent intentions to pull the same highly sensitive data from space. But they argue it will also push more of the owners of that satellite communications data to encrypt that data, to protect themselves and their customers. âAs long as weâre on the side of finding things that are insecure and securing them, we feel very good about it,â says Schulman.
Thereâs little doubt, they say, that intelligence agencies with vastly superior satellite receiver hardware have been analyzing the same unencrypted data for years. In fact, they point out that the US National Security Agency warned in a 2022 security advisory about the lack of encryption for satellite communications. At the same time, they assume that the NSAâand every other intelligence agency from Russia to Chinaâhas set up satellite dishes around the world to exploit that same lack of protection. (The NSA did not respond to WIREDâs request for comment).
âIf they aren’t already doing this,â jokes UCSD cryptography professor Nadia Heninger, who co-led the study, âthen where are my tax dollars going?â
Heninger compares their studyâs revelationâthe sheer scale of the unprotected satellite data available for the takingâto some of the revelations of Edward Snowden that showed how the NSA and Britainâs GCHQ were obtaining telecom and internet data on an enormous scale, often by secretly tapping directly into communications infrastructure.
âThe threat model that everybody had in mind was that we need to be encrypting everything, because there are governments that are tapping undersea fiber optic cables or coercing telecom companies into letting them have access to the data,â Heninger says. âAnd now what we’re seeing is, this same kind of data is just being broadcast to a large fraction of the planet.â
