Ukraine: intelligence satellites, cyberattacks… The war is also being played out in space

Ukraine intelligence satellites cyberattacks The war is also being played

It is 3:02 GMT, 5:02 a.m. in Ukraine, on February 24, when technicians from the American operator ViaSat detect a particularly high data flow rising towards its KA-SAT satellite. From its geostationary orbit, this six-ton ​​machine distributes its beams in a hundred ellipses extending from Morocco to the Caspian Sea, to the Nordic countries. That morning, a Russian attack passed through ground equipment operated by Skylogic, a subsidiary of French Eutelsat. Hackers take advantage of a vulnerability in the configuration of network equipment. No one knows how long the door has been forced open – that’s the charm of cyberattacks: you discover the extent of it when it’s too late to act.

At the Turin control center in charge of KA-SAT, Skylogic technicians witness, dumbfounded, the live destruction of thousands of modems affected by the pirate signal. In forty-five minutes, 30,000 terminals of all kinds are taken out of service. The instructions sent by the attackers corrupt the central memory of the terminals, which are then transformed into irreparable “bricks”. Among them, mobile communication consoles used by the Ukrainian army, which are obviously the first targets of the Russian attack. The trouble is that there is collateral damage. “That’s the problem with cyberattacks, they always drool,” notes a specialist. In this case, that of February 24 contaminated 5800 wind turbines belonging to the German operator Enercon – they were connected to ViaSat.

In the days that followed, Elon Musk got into the game with the shipment of Starlink terminals to Ukrainians. The SpaceX constellation, which is being deployed, was quickly modified to cover Ukraine and today 10,000 terminals are in service. Russia responded by attempting to jam the signal from the 2,000 Starlink satellites. SpaceX had to send a patch – a software patch – to its devices in orbit, then reconfigure those who were about to leave.

Targeting Russian Generals

The weaponization of space plays an active role in the war in Ukraine. Very early in the conflict, the space powers of NATO – United States, France, United Kingdom – first massively shared the images taken from the sky to guide the counter-offensive. But it was the satellites specializing in signals intelligence that were the most decisive. SIGINTs – for Signal Intelligence –thus played a central role in the most destructive action for the morale of the Russian troops: the elimination of a dozen of its generals.

According to a senior French officer with knowledge of the facts, the Allied satellites are capable of isolating a specific signal in the skein of ambient electromagnetic noise, including radio traffic and cell phone calls, including metadata – locations, times, numbers called – are often instructive.

In Ukraine, NATO is primarily interested in the location of the command posts of the Russian army. To protect its exchanges, it uses a technique called FHSS – Frequency Hopping Spread Spectrum-, which consists of constantly changing frequencies to prevent interception and jamming; it is enough that the transmitters and receivers are synchronized with precision to converse in all discretion. It is effective, except that today, it can be seen from space.

The Russians have been using the same method of frequency evasion for ages, so much so that NATO has compiled the characteristics of their signals, especially those that betray the presence of an “authority”, to use military jargon. Once the correct signal has been detected, an additional analysis makes it possible to map the exchanges (but not to listen to them, because they are encrypted) and to confirm the importance of the target. The coordinates are then transmitted to the Ukrainian army, which only has to send a Bayraktar drone equipped with a missile to put a premature end to the careers of Russian generals.

“In the case of the attack in Ukraine, identification is facilitated by the obsolescence of Russian means of communication”, explains the French officer, who has long dealt with the subject. The equipment they have in Ukraine is much older than what they are capable of producing. “But the level of corruption is such in the Russian army that their best equipment is sold on the black market.” It even happens that equipment ends up on eBay; it is then bought by a CIA agent before being sent to the United States, where it is greedily peeled. Space did not wait for the war in Ukraine to be the discreet theater of a tripartite cold war, involving the space powers of the West on the one hand, Russia and China on the other.

Suspicious proximity

A few years ago, the French soldiers of the Joint Space Command received an indication from the Pentagon, according to which a suspicious object was near the satellites of the Syracuse network, which manages the communications of the armies. Nothing official in the notification. “It was done from one staff to another”, specifies a French officer, who recognizes that the allies exchange a lot of tactical information, in particular on the selection of targets in the context of the fight against terrorism in the Middle East and Africa.

If France is not officially part of the Five Eyes Anglo-Saxon intelligence (United States, United Kingdom, Canada, Australia, New Zealand), operational pragmatism prevails. On the strength of American intelligence, the French military asked the National Center for Space Studies to point a telescope in the direction of our satellites. “Indeed, an unidentified craft was near one of them, says the witness of the incident. The analysis of the orbital trajectories showed that it was a Russian satellite Luch Olymp-K, specialized in radio intercepts and operated by their Ministry of Defense and their intelligence services. We then switched the traffic to another satellite.” France protested to Moscow, which removed the device.

the Luch Olymp-K was he trying to intercept the communications of the French army? “Not directly, specifies an engineer specializing in cyber defense. He was carrying out what is called a ‘side channel attack, which consists of placing yourself near a satellite to analyze the electromagnetic activity of its internal components and see what type of operation it is performing. If he stays long enough near his target, he can nab a cipher key, which is potentially annoying…”

The Russian machine reappeared some time later near civilian satellites this time, operated by the Luxembourgish Intelsat and the French Eutelsat. What was he hoping to find in the traffic supposed to transmit television channels? “In fact, these satellites carry a lot of military data, such as that of American drones which are used in the Middle East,” explains the intelligence officer. While piloting instructions and telemetry pass through the military network, the images and videos are entrusted to civilian operators. At the height of the war against ISIS, more than 80 drones were over the area, generating huge amounts of data. The Russian satellite therefore also sought to understand the encryption methods.

The vulnerability of satellites will become a major problem. Firstly because their number increases exponentially with the multiple constellations planned. Then, because land installations are often poorly protected. “Our engineers are appalled by the low level of encryption compared to the current standards of banking and medical systems, explains Mathieu Bailly, CEO of Cysat, a Swiss company specializing in space cybersecurity. It is in a flourishing market: according to Euroconsult, 1,700 satellites will be launched each year by 2030.


lep-general-02