April 8, 2020:
The U.S. recently established a sixth military service, the Space Force. The Air Force and other American defense organizations are transferring existing weapons systems that are suitable for the new service. One of these is an upgraded (in 2014) version of CCS (Counter Communications System) the air force has been using since 2004 as a ground-based satellite communications jamming system. With CCS version B10.2 the United States has a satellite jammer comparable to systems used by other countries, especially Russia.
Russian systems were something of a mystery. But since 2014 many EW (electronic warfare) devices have been used in eastern Ukraine and Syria for testing “under combat conditions.” This is a unique opportunity to discover weaknesses, fix them and then promote export sales with a “combat proven” item. Equipment still in development is also tested. One example of that was the truck-mounted Tirada-2 orbital jamming system that showed up during early 2019 in eastern Ukraine. Tirada-2 was there help to hack the control signals and video feeds from American RQ-4B Global Hawk UAVs that regularly operate over eastern Ukraine. A successful hack would provide a look at what these UAVs see when they monitor Russian activity. Some RQ-4Bs are equipped with “space satellite quality” electronic sensors and the Russians were hoping to get an opportunity to monitor and perhaps hack those systems. Ukrainian and Western intelligence was aware of the existence of Tirada-2 if only because a less capable export model was being offered for sale. But now the more capable non-export Tirada-2 showed up in Eastern Ukraine (Donbas), As one would expect, no one provided any details of who has been able to do what to whom.
Hacking and jamming satellites are nothing new. Even Islamic terrorists are active in this area. For example in early 2015 a major French TV network (TV5) was hijacked by hackers working for ISIL (Islamic State in Iraq and the Levant). Calling themselves the CyberCaliphate, this group had apparently spent weeks getting past the formidable network security and did some major damage. TV5 satellite feeds sends programming to over 250 million customers (households and businesses) worldwide. All eleven TV5 channels were dark for three hours before a temporary data feed was established to put something on customer TV screens. It took over a week to clean the network of all the hacker malware and begin work on improving security. Other French media companies were informed of the threat and joint efforts were underway to improve security. Whatever enthusiasm there was for better security will probably not last because this was not the first time something like this happened.
It’s not that the threat was ignored or underestimated. Officially the hacker threat is taken very seriously by media companies, especially those who broadcast via satellite. Starting in the late 1990s, growing reliance on data networks and satellite distribution of programming resulted in more and more attacks on these networks by groups seeking to get some attention by briefly seizing control of or shutting down these systems.
These attacks reached something of a crescendo in 2007 when a Chinese satellite television channel was taken over by hackers. For about 90 minutes, the government had no control over the feed, which was replaced by anti-government material. The Chinese government tried to keep details of how this happened out of the news but, because over 130 million Chinese then had access to the Internet and even more had cell phones, it was impossible to completely blackout details of what happened. Senior officials were quite upset, especially because since 2002 there had been over a dozen incidents worldwide of hijacking satellite television signals. Several of these took place in China, but until 2007 the government assured everyone that the "problem" was fixed.
After 2000 the increasing number of incidents of space satellites being "hacked" was believed to be largely the result of an increase in the number of satellites up there, and the number of ground stations broadcasting information up into the sky. Many of these early "hacks" turned out to be satellite signals interfering with one another. Same with cases where people believe their GPS or satellite communications signals were being jammed. On further investigation, the real reasons tend to be less interesting and a lot more technical. All this usually had a large element of human error mixed in. But some of the disruptions were deliberate.
The 2007 China incident clearly indicated a security problem. If you have the proper passwords and security information, you can send commands to the satellite and do whatever you want. The Chinese had a security problem and to Chinese rulers that was more frightening than, well, just about anything. China has since greatly improved its satellite security but as TV5 discovered that is not always enough. Russian EW developers watched all this with great interest and considered the possibility of improving and “weaponizing” these hacking capabilities.
All of the accidental jammings demonstrated to hackers how easy it was to do it on purpose. There were a growing number of examples of that. In response, the U.S. Air Force has long (decades) been developing electronic tools for attacking and defending satellite communications, and the satellite operators themselves were already training people to attack and defend space satellites. This effort involved figuring out new or improved ways to jam satellites. Then you keep that stuff secret, in case potential enemies have not figured this out themselves. Next, you work on ways to defeat the weapons developed. Most of this is playing around with the signals. You can unjam a jamming signal with another signal. However, a lot of trial and error is required, and you want to get that done way in advance of any actual war. When you do have to use this stuff for real, you have to expect that the enemy may well have come up with some angle you missed. Thus there will be some rapid improvisation, and you will have more time and resources for this if you have worked out, ahead of time, the details of disasters you have already anticipated. No one releases much information about this, for obvious reasons. There isn't much discussion from any government unless there is a terrorist attack using these techniques. Now that has happened in a very public fashion, and it was done using clever and determined hacking of the ground-based networks that control the programming and the satellites.
Some satellite “hacking” problems have been solved. For example, it has been shown that if there is government jamming that could be identified as such. This was demonstrated back in 2003 when satellite broadcasters transmitting television shows to Iran found their signals being jammed. The source of the jamming was quickly traced to Cuba. A satellite signal is very difficult to jam as it comes down from the satellite. But if you are close to the ground station that beams the signal up to the satellite, you can more easily interfere with that. At first, it was thought that the Cuban government, using an old Soviet era electronic eavesdropping facility outside Havana, was doing the jamming as a favor to Iran (which buys Cuban support with supplies of cut-rate oil.) Back then the Chinese had already paid Cuba a lot of money to take over and revive the old Soviet facility electronic monitoring. The Cuban government denied it had anything to do with the jamming and said it would find out where the jamming was coming from, and they did. Soon the Cuban government reported that they had traced the jamming signal to a suburban compound owned by the Iranian embassy. The Cubans ordered the jamming to stop, and it did.
There have been few additional efforts like this, mainly because it was obvious that you could not easily hide a jammer. Satellite broadcasters also took measures to make such jamming much more difficult to do. There were also efforts to improve defense against hackers, but for TV5 the defenses were not robust enough.
Russia quietly worked on ways to not only hack satellite control and data signals but to easily eavesdrop and monitor them. Encrypted signals can be decrypted and if you can do that you do not talk about it. But now the Russian satellite signal monitoring and hacking equipment are coming out of the development shadows and practicing on American equipment.