397
Russia is using SpaceX’s Starlink satellite devices in Ukraine, sources say
(www.defenseone.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 10 Feb 2024
397 points (98.3% liked)
Technology
55692 readers
2623 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
It's not though. The data goes both ways. As long as the device id was not altered, its history of movement can be tracked down, provided such a data is being recorded.
Also, there may be caveats about how accounts are getting created and activated. Those devices bought by Russia may come with pre-activated accounts that can be tracked by origin.
Finally, billing. Unless Russia is not relying on stolen Ukrainian credit cards it should be easy to identify that a group of devices/accounts is being paid for by entities that are neither Russian nor Ukrainian.
Based on all of that, they could filter groups of devices by location, confirm it with Ukrainian forces and ban maliciously used ones.
Yeah. Russia crosses many lines but stealing credit cards is NOT one of them /s
Edit: Null User was right. But just the be sure I'll edit in the /s
What do you mean? They steal basically everything they can when destroying cities and killing people. Should I mention it's a crime to make it more obvious?
Pretty sure the person you're responding to didn't think a /s was necessary, seeing how obvious the sarcasm was.
I don't get such a sarcasm. It doesn't target any specific point in my arguments, they are about how Starlink could locate the illegal use of devices, not about how justified or not Russian crimes are.
Are you being intellectually dishonest or are you actually missing the point?
I seriously can't tell.
For reference, Russian hackers 'steal everything' and have agents in every country. Using a stolen UA credit card to purchase access to spacex sattelites and then insuring the direct operator(s) stay in UA as an intel relay is not difficult.
The key point is right here. Staying in UA is not the same as using Starlink modules on the front lines. The UA territory is devided and it's visible on Starlink's availability map.
Russia has operatives worldwide. Just like every other country with any sort of intelligence agency. The idea that they aren’t able to come up with a credit card with a Ukrainian name that looks 100% legitimate to a billing company is farcical.
Let me just ask you point blank, do you think the CIA could manage to purchase a Starlink, activate it, and use it, without anyone having any idea it was the CIA that did all that? Because if so, it’s just as easy for Russia to do it.
Hell, I could likely do it.
Really? Let’s see…
Congrats! You are now the proud owner of a Starlink dish, under a fake name, with no traceable evidence left behind of who you actually were.
I see you don't know how credit card numbers work. You may also not be aware of the fact that credit cards aren't working in Russia for almost 2 years.
Just one or two is easy to manage. A dozen is much more difficult already, provided Starlink manages some security and has access to metadata (data that ultimately can't be faked such as location, accounts, device id).
… meaning that one of their many worldwide operatives could just get a credit card. Like, say, in Ukraine.
You’re focused way too hard on “following the law and doing things by the book” without realizing Russia is more of a “do what it takes.”
Yeah okay. Let's say we covered the billing. What about devices id, their origin and location? Those are not purchased through Ukraine and Starlink is ought to know that.
Who says they weren’t purchased in Ukraine?
They can't be. Ukraine must have them under full control because they rely on them too much.
Also it's much easier to assume that these modules, like any other modern tech these days are bought by Russia through other countries who it still does business with like China, Turkey etc.
You’re essentially saying “Tesla has to know, because it’s easier to believe that they do.”
Welp, Musk clearly isn't even interested in exploring the possibility and just calls it fake news. I guess you won the argument by essentially saying "Nobody knows and no one needs to try".
Not at all my point. My point was that it can be unknowable. And we have no idea if anyone has tried.
You literally said it in your first comment here:
I also don't exactly buy the possibility of Russian intelligence agencies being able to do stuff like this adequately. As anything else in Russia, they degraded seriously under Putin's regime. They might not even be involved - I wouldn't be surprised if those Starlink modules were just a nice opportunity found by whatever volunteers buying stuff like drones from Aliexpress and sending it to Russian army. Reports say they were purchased from UAE.
This isn’t some super difficult covert operation. The objective is to purchase a Starlink dish without it being obvious it’s being used by the Russian military. Apart from the fact that Russians were already living in Ukraine before the war, who likely already had Starlink, it’s trivial to purchase these things. They aren’t some super secret item, or locked down to government use only, it’s a consumer item that can be bought for “relatively” cheap, and doesn’t really have a method to do a deep dive into the background of every purchaser (not to mention, people would get pissed if a deep background check was done for every purchase.)
This is referring to the data. Unless you’re suggesting the Russian military is incapable of using a VPN, something literal children have used on their own to bypass school restrictions.
Puchasing anything through Ukraine is unviable at the thought level from the perspective of Russian army. Hence why it's much more likely to come from elsewhere.
Using VPN for what purpose exactly? VPN won't deliver you a device from Ukraine. VPN won't change your physical location.
Russian military was using Ukraine's own mobile operators and its talks has been recorded (and locations discovered probably) many times thanks to that. Yes, they are stupid enough to not know about messengers sometimes.
…
You’re conflating so many things.
A VPN would prevent anyone from being able to tell what the data was, where it was going, what it was for. The moment a VPN is introduced, there’s no way to tell what the device is being used for. And there are dozens of options out there for network level encryption.
Russian operatives can still purchase things in Ukraine. I don’t see why you’d think they couldn’t? They don’t walk in in full military uniform and say “hey, I’m Russian military, I want to buy these things.”
And yeah, the grunts on the field are idiots, we have that problem elsewhere as well. Remember that marine who accidentally leaked his bases location with a geotagged photo? Doesn’t mean higher ups are all idiots as well.
VPN will not let the module use a satellite outside of its current location. Starlink is the service operator, not the website you connect to. Also SSL makes the VPN you describe redundant.
... And get them delivered how exactly?
lol SSL does not make a VPN redundant, good lord. Just because they can’t read the information being sent when SSL is being used, doesn’t mean they can’t see where it’s going, or what type of data it is.
And it doesn’t matter where they currently are. Unless you think starlink employees are going to be analyzing the location data of every device in and around Ukraine in an attempt to figure out which devices are potentially under Russian control?
And why would it be difficult to get them delievered? Have them delivered anywhere in Ukraine, wherever improves their chances of it actually arriving, and then transport it north. They aren’t going to have it shipped to the front lines, and most post offices aren’t fully operational right now so they’d need to ensure it’s going to one that’s at least semi-open.
You keep approaching this like the people involved would be idiots.
I said it about what you described, not about actual VPN. In context of Starlink it's like proposing to wear a mask while your neighbor still sees you from your window in your room.
Check the Starlink availability map. Starlink is able to command what each satellite does, and surely they can see the list of connected modules for each satellite, with accounts. Wether they use VPN or not is irrelevant.
They could, it won't take much effort, and it will be in everyone's interest to analyze what can be done about it.
North - where? Europe? Then to Russia and to the front lines? Then there is no point in involving Ukraine at all. Ukraine bashes EU for not controlling export with Russia properly, why would it not strictly control its own exports anywhere?
Where they were shipped before getting delivered to the front lines is not much of an interest, as it will still be different from batches that Starlink directly shiping to Ukrainian military as per agreement with the US government.
I know a lot of people involved are not educated good enough to understand that they should not help Russian aggression.
What approach do you recommend? All I see is nasicay "Russians control everything and we are powerless".
Yeah I’m done. You’re not actually following what I’m saying and just keep going.
If you want to believe there are zero Russians with basic opsec knowledge, it’s a damn good thing you’re not making command decisions.
Peace.
This is false.
This was never assumed in my comments.
Though if you want to believe actions of Russian army like "buying Starlink terminals and using them on the front lines" can't be opposed, I wish there would be enough people around to point out this fallacy publicly.
Since when can you not spoof any of that? Grab a used android phone from local used market. Put any rooted rom on it. Spoof the gps... Device id is irrelevant at that point. As for origin, not sure what you mean by that, you can just order the starlink equipment to a random address in a different country, it will look legit. As others said, it's trivial to bypass/spoof all that metadata.
Once you got the connection up and running you just use a vpn to hide everyrhing.
The only thing they could do is block starlink for a whole region, that would affect everyone in there. But you still couldn't distinguish who is using the service.
you don't even need to root to spoof gps, you can just do that on android
Starlink modules are not Android devices.
Device ids should be required for pairing with the satellite from my understanding. Same with IMEI on smartphones - except it should be useless to try to fake it as the number of devices is magnitudes lower than smartphones and it should be possible to pin-point any misbehaving device.
Spoofing GPS is not exactly useful. Starlink satellites are very low-orbit so again misbehavior should be detectable. I mean you can connect to some satellite but if you report location that should be served by a different satellite then you got yourself caught.
Starlink is shipping devices to Ukraine directly for the military it seems. It should know the difference between these and others that are shipped all over the world by anyone.
VPN is out of scope for this I think. It's about locating the device physically by the provider, not about specific sites trying to watch actual internet activity.
They are already doing this but not the whole region. Occupied territories of Ukraine are selectively blocked according to their own availability map.
This is kinda scary. Sanctions are one thing, but do you really want your internet provider to investigate people and act like an intelligence service for the state?
It's not about what I want. It's about what Starlink can do to make sure their help to Ukrainian army (which is paid by the US department of defense) goes only to Ukrainian army.