30 November 2011
Satellite Telecommunications Threat
Date: Wed, 30 Nov 2011 10:05:10 +0100
From: Eugen Leitl <eugen[at]leitl.org>
To: cypherpunks[at]al-qaeda.net, info[at]postbiota.org
Subject: Re: [liberationtech] Exactly how are satellite transmissions
tapped/intercepted, in Syria and elsewhere?
----- Forwarded message from Brian Conley
<brianc[at]smallworldnews.tv> -----
From: Brian Conley <brianc[at]smallworldnews.tv>
Date: Tue, 29 Nov 2011 12:33:10 -0800
To: Jacob Appelbaum <jacob[at]appelbaum.net>
Cc: "liberationtech[at]lists.stanford.edu"
<liberationtech[at]lists.stanford.edu>
Subject: Re: [liberationtech] Exactly how are satellite transmissions
tapped/intercepted, in Syria and elsewhere?
On Mon, Nov 28, 2011 at 11:47 PM, Jacob Appelbaum
<jacob[at]appelbaum.net>wrote:
> On 11/28/2011 08:46 PM, Brian Conley wrote:
> > For the most part I expect users will be relying on satphones and
not
> > modems, voice calling, SMS, and email are likely the only use
cases
> > they might consider.
> That is extremely scary. There is off the shelf hardware/software
for
> voice print analysis, recording of data transmitted, SMS archival, etc.
Of course its scary, so is being an activist and a revolutionary. Please
understand that is not meant to be flip, however I find that the
most
important aspect of any tool or guide is to create informed consent,
which
means being as clear and upfront as possible about potential risks and
the
reality regarding what can be done to create a "best case/worst case"
as
well as producing an accurate threat model. I feel that too often people
in
a position to help refuse to provide knowledge because they would feel
bad
if someone got killed doing something that put them at risk, rather
than
asking how many people will get killed without providing access to
better
knowledge.
The question I have is what is the method for intercepting the SMS or
email
sent by any specific Satphone, I'm assuming you can use radio
frequency
triangulation to get the data, and will need another tool to extract the
SMS or email content.
> Such users should consider this for that use case:
>
http://www.cryptophone.de/en/products/satellite/
>
> If someone elsewhere runs a cryptophone PBX, anyone could call in
and
> call insecure numbers from that PBX:
>
http://www.cryptophone.de/en/products/pbx-integration/
>
> It's not free software but I've used it with some success. Bare
satphone
> usage is Syria is just scary. I'll just say it directly, it's dangerous.
OK, but:
#1 this is operating on thuraya frequencies yes, so won't it still
be
subject to triangulation?
#2 i will certainly look into the possibility for acquisition of this
item,
but its definitely not going to be anywhere near as accessible as
inmarsat,
iridium, or thuraya phones, which brings me back to my core point,
since
activists will definitely continue to use these devices, and the barrier
to
access for other tools is still so high, there is a need for clear,
concise, accessible documentation about the best/worst case scenarios
for
these devices.
> > Any thought what the timeframe for radio direction finding might
be?
> The saying goes "Attacks only get better" and I'm certain that the
old
> adage applies here. There are real time systems for this exact task
and
> they are off the shelf surveillance solutions. When you see them
in
> action it will probably make you physically ill.
Oh I'm quite aware they will make me ill, that's why I brought the
questions to this list, to get some of the best "worst-case scenario
input"
I could find. I was asked to help with this, though I'm fairly certain its
a somewhat impossible job. As you've noted repeatedly,
satellite
communications are not safe by any estimation, its the proprietary
hardware
and many other things that are involved in these issues.
> > I'm also trying to determine whether iridium phones may be
any
> > "better" than Inmarsat, and how much better, etc. it's clear
thurayas
> > are no longer an acceptable option by any regard.
> Iridium phones and Inmarsat phones aren't so different in terms
of
> security, privacy, anonymity, etc.
>
> For example:
>
>
http://www.shoghi.co.in/Thuraya-System,GSM-Interception-System,Voice,
Fax-Internet_Monitoring-Analysis_System,Interception,Logging-system,Aerial-Vehicle.pdf
>
> With that said, I think the best device in the world for an
impossible
> job is an Iridium Satellite pager. These things are awesome. They are
a
> receive only satellite pager that uses the Iridium constellation.
It
> works for the entire planet and it's cheap cheap
cheap.
>
> You can transmit a message to the pager by visiting a web page
that
> works over Tor:
>
http://messaging.iridium.com/faq/
>
> More info here:
>
http://www.satellitephonesdirect.com/iridium_sendamessage.html
>
> This is the best device for the job:
>
http://www.highspeedsat.com/motorola-9501.htm
>
> This is probably also a reasonable device but I've never used
it:
>
http://www.highspeedsat.com/kyocera-sp-66k.php
>
> If two people have these pagers and both have access to the net via
Tor,
> it's possible for them to communicate in a way that doesn't leave
a
> trace beyond normal internet/Tor usage. Short of jamming, it's a
pretty
> reasonable way to ensure that messages reach a person but the
person
> isn't exposed beyond their general region. You can select
multiple
> regions too. The Motorola 9501 is a small device and it is easily
hidden.
>
> You could easily encrypt a Tor bridge IP address for your contacts
in
> Syria and send a new one every hour.
Thanks, thats great information and very helpful given the
circumstances
individuals in Syria are working with, however still not applicable
to
"majority access" however it is definitely worth it to begin
raising
awareness about the existence of this tool! I'm assuming it
roams
automatically but as with all satellite devices only works with a
strong
line of sight at the proper angle?
cheers
Brian
> All the best,
> Jake
--
Brian Conley
Director, Small World
News
http://smallworldnews.tv
m: 646.285.2046
Skype: brianjoelconley
_______________________________________________
liberationtech mailing list
liberationtech[at]lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator
in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on
http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
|
