This suggests that anyone could install similar equipment anywhere else in the world and likely end up with their own collection of sensitive information. In the end, the researchers limited their experiment to just off-the-shelf satellite hardware: a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card, for a total cost of less than $800.
“These were not NSA-level resources. These were DirecTV user-level resources. The barrier to entry for this type of attack is extremely low,” says Matt Blaze, a computer scientist and cryptographer at Georgetown University and a law professor at Georgetown Law. “By next week we'll have hundreds or perhaps thousands of people, many of whom won't tell us what they're doing, copying this work and seeing what they can find up there in the sky.”
One of the only obstacles to replicating their work would likely be the hundreds of hours they would spend on the roof setting up their satellite, the researchers said. As for their in-depth, high-tech analysis of little-known data protocols, it may now be easier to replicate: The researchers are releasing their own open-source software tool for interpreting satellite data, also called Don't Look Up, on Github.
They acknowledge that the researchers' work could allow others with less benevolent intentions to obtain the same sensitive data from space. But they argue it will also encourage more satellite data owners to encrypt that data to protect themselves and their customers. “As long as we're on the side of finding things that are unsafe and protecting them, we feel pretty good,” Shulman says.
They say there is no doubt that intelligence agencies, with vastly superior satellite receivers, have been analyzing the same unencrypted data for years. In fact, they note that the US National Security Agency has warned 2022 Security Recommendations about the lack of encryption of satellite communications. At the same time, they suggest that the NSA—and every other intelligence agency from Russia to China—has installed satellite dishes around the world to take advantage of the same lack of protection. (The NSA did not respond to WIRED's request for comment.)
“If they're not doing it already,” jokes UCSD cryptography professor Nadia Heninger, who co-led the study, “then where are my tax dollars going?”
Heninger compares the results of his research – the extent of unprotected satellite data available for use – with some of the discoveries Edward Snowden it showed how the NSA and the British DSP received telecommunications and Internet data on a massive scale, often secretly connecting directly to the communications infrastructure.
“The threat model that everyone had in mind was that we need to encrypt everything because there are governments that are tapping undersea fiber optic cables or forcing telecommunications companies to give them access to data,” Heninger says. “And now we see that same data simply broadcast to most of the planet.”
