from the as-predicted dept
For literally more than a decade researchers have been warning that global satellite telecommunications networks were vulnerable to all manner of attacks. These attacks vary in nature but allow an intruder miles away to both intercept and disrupt satellite communications. In 2020 hackers again clearly demonstrated how these perpetually unresolved vulnerabilities were putting millions of people at risk.
Fast forward to 2022 and a major hack of Viasat’s satellite systems has caused, you guessed it, massive problems for an estimated 27,000 users. The attack on Viasat’s KA-SAT satellite system, suspected to be the work of the Russian government, appears to have been intended to disrupt Ukraine communications in the lead up to war, but managed to impact a very large chunk of Europe:
Viasat told Reuters that the cyberattack Viasat says was made possible courtesy of a misconfiguration in a “management section” of its network. The impact was severe enough that many users of the satellite in Germany, the UK, France, the Czech Republic, and elsewhere found that their modems had effectively been bricked and “rendered unusable.”
Thousands still remain offline across Europe—around 2,000 wind turbines are still disconnected in Germany—and companies are racing to replace broken modems or fix connections with updates. Multiple intelligence agencies, including those in the US and Europe, are also investigating the attack. The Viasat hack is arguably the largest publicly known cyberattack to take place since Russia invaded Ukraine, and it stands out for its impact beyond Ukraine’s borders. But questions about the details of the attack, its purpose, and who carried it out remain—although experts have their suspicions.
Such spillover impact is routine in such attacks. The attack not only impacted basic broadband connectivity, 5,800 wind turbines in Germany were knocked offline, preventing them from being reset remotely should problems develop.
Again, this could have been avoided if companies had heeded researchers and white-hat hacker warnings. But instead, the dominant paradigm tends to be to try and silence those researchers, or misdirect our attention toward security and privacy issues that grab easy headlines, but are less of a direct threat (see: the two year long Trump-era freak out about TikTok).
Vulnerabilities such as the ones in satellite networks, or the massive, obvious security and privacy problems in the “internet of broken things” sector, tend to be downplayed and ignored because they’re “boring” for the press and politicians. As a result, there’s little incentive to do better. Wash, rinse, and repeat.