Hacker News new | ask | show | jobs
by ipodopt 1566 days ago
Aren't Starlink terminals hyper-directional? Seems like it would be hard to triangulate them.

EDIT 1: https://media.defense.gov/2022/Jan/25/2002927101/-1/-1/0/CSA...

Seems like the NSA recommends a vpn to obscure VSAT use. They don't have much else to say about anonymity.

EDIT 2: Found this thread:

https://old.reddit.com/r/SpaceXLounge/comments/t5y67a/updati...

EDIT 3:

After some thought, I think Starlink will be robust against tracking. They should be harder to locate then VSATs which the author mentions in the Twitter thread. In comparison:

1. They are beaming to a constantly moving swarms of satellites rather then a geostationary satellite: a. So timing attacks can't be used to find a search path. b. The beam is moving to even he a plane pickup on a signal it would quickly lose it as the beam moved. Although there is a workaround I won't mention.

2. They are lower powered so the signal is weaker. I assume they are just as directional.

3. They are smaller and harder to spot.

4. They are much more numerous.

5. They are portable.
4 comments
avianlyric 1566 days ago
“hyper-directional” is relative. It’s physically impossible to create a truly collimated RF beam, physics ensures that even if you do, it’ll still spread out over distance.

Normal dishes and antenna all spill RF power in many directions. Directional just means the antenna dumps the majority of its power in one direction, but certainly not all of it.

With a sensitive radio, and some signal analysis to identify Starlinks “wire”-protocol, you should be able to detect the spilled RF signal coming off a Starlink antenna, regardless of where is pointing. Get enough radios and you can start doing some trilateration to pin-point a terminal, then aim a missile in the general direction of the terminal, and equip it with a RF tracking system that can bring it home once it’s in roughly the right area, and the Starlink signal becomes strong enough to detect with simpler equipment, and bam, you’ve got yourself a Starlink killer.

Of course working out all the details of such a system is non-trivial. But don’t think for a moment having a directional antenna is going to save you. Might buy you more time, but you’re far from invisible.

link
caleb-allen 1566 days ago
A VPN will do nothing to deter an enemy from detecting the radio signal from a starlink terminal
link
mrjin 1566 days ago
I guess what he was trying to say was that by using VPN the user could hide the fact that he was using StarLink as the real IP address was hidden.

But just as you said, why would anyone need to check someone's network traffic to determine whether he was using StarLink? The RF signal itself is more than enough.

link
ipodopt 1566 days ago
- If your adversary has access to your ISP's data they can tie IP to address/geofences.

- If they where clever they could time the latency and find how far you are on relative to the satellite. Giving a circle path to look at. Meaning plane could find you by flying along the circle. So I guess it could help them track the radio signal...

link
rosndo 1566 days ago
> - If they where clever they could time the latency and find how far you are on relative to the satellite. Giving a circle path to look at. Meaning plane could find you by flying along the circle. So I guess it could help them track the radio signal...

If they had compromised your satellite providers infrastructure, otherwise no. This isn’t how the internet works.

link
ipodopt 1566 days ago
"This isn’t how the internet works."

Okay, here is my understanding.

Lets say I control a few assets like a website, news.com, a DNS server, and relegram, a messaging app, and control the ASs that route to them.

Let's say the target posted something to relegram. I grab to logs and gain the IP. Cool, now I have the IP.

I add the IP to a list that instructs my controlled ASs to collect latency stats during handshake protocols (could do it from the end assets but this should be easier/better).

Meanwhile I also look up who owns the blocks the IP is from, likely finding their ISP.

If it a satellite provider I could go grab a a friendly dish in a known location and add that to list as well for the baseline. I could at this point double check my seconds/meter converter by moving said dish but it likely to track with physical constants.

After getting ten thousand hits or so I take the difference between the mean baseline latency and target latency and translate it to distance with my constant. Now I know the target should be within ~x of the satellite. I also have a map with terrain so the torus becomes a circle with a hole in it.

Now I take a plane and hopefully it can fly high enough between the satellite and the circler path as to 'shadow' a statistically significant portion of the area as it goes around.

link
mirashii 1566 days ago
There's a bunch of flawed assumptions hidden in this. Some examples:

* The distance between the user and the satellite is fixed. With a LEO system, the difference between a satellite being straight overhead at 400km elevation and at 10 degrees elevation over the horizon is a difference of 1000km. Passes at this elevation are minutes long, capping out around 15 minutes.

* The path from the satellite to the groundstation is fixed. Same reasoning above.

* A user in a fixed location's traffic would go through only a single groundstation to the internet. Unless that user is colocated with a groundstation, there's going to be periods of covisibility with different groundstations, so there's going to be wholly separate paths for the traffic to take. This varies even more as you start to look at polar satellites, which SpaceX has outfitted with optical crosslinks. Your traffic could be getting dumped onto the internet at groundsites thousands of kilometers away within the a single pass.

This isn't to say that there's zero chance of latency analysis from an adversary with enough internet presence, but it's many orders of magnitude harder than your simple analysis would suggest.

link
ipodopt 1566 days ago
I was assuming geostationary satellite in example to point out that obscuring the IP could add a layer of security.

In regards to your general point I am making assumptions and it would be harder. But within an order of magnitude. A great place to use some basic machine learning.

In regards to LEO being harder... I agree the the latency analysis will have more moving pieces. But it being better in terms of resulting anonymity would depend on its implementation...

link
sudosysgen 1566 days ago
EW equipment can detect even very faint emitters.
link
rosndo 1566 days ago
Ukraine is kind of a scary environment to fly any EW-kitted planes, those things tend to be rather more vulnerable than tactical bombers.
link
dzhiurgis 1566 days ago
Doesn't Russia have some satellite constellation that does that anyway? Or some private company just sells this. Even some amateur kubesats would be able to detect this.
link
sudosysgen 1566 days ago
They have tremendous range and are immune to MANPADS, so it's as safe as could be.

Russian AWACS has been up since the beginning, and there are no reports of it being shot down.

link
rosndo 1566 days ago
For jamming, sure. To accurately locate SpaceX dishes you’ll probably need to get within Buk range.

Ukraine has much more than MANPADS still operational.

link
sudosysgen 1565 days ago
No, not for jamming. AWACS are supposed to be able to detect signals beyond the noise floor from very high distances passively.

A starlink dish only has around 35dB of gain and around 4W of transmit power. It's sidelobes can almost certainly be detected from large distances by specialized aircraft.

There is no indication Ukraine has had much success with anything beyond MANPADS.

link
rosndo 1563 days ago
> There is no indication Ukraine has had much success with anything beyond MANPADS.

You just aren’t following closely enough.

link
virtuallynathan 1566 days ago
Yes, the dish tends to change satellites every 15 seconds, targeting would probably be a nightmare.
link