The biggest of its kind: Satellite hack targeting Ukraine hits Europe

Illustration: Joeygil | Bigstock

Satellites are flying over our heads at speeds of thousands of kilometres per hour, and it has become more common for ordinary people to receive internet and location services over satellite connections.

For many years, it was a luxury reserved for the military, which is still using satellites to this day.

It was therefore a hard blow when parts of the European satellite network operated by American company Viasat went dark a month ago—just as Russia’s more or less combat-ready troops crossed the border into Ukraine.

“It was a huge loss of communication in the very first part of the war,” said Viktor Zhora, head of SSSCIP—Ukraine’s cybersecurity agency—at a news conference. The abbreviation stands for State Services for Special Communication and Information Protection.

“Russia has deliberately targeted our information and communication channels. Both with this attack, and with physical attacks on, among other things, the radio and TV tower in Kyiv,” Viktor Zhora says.

Wind turbines disconnected from the internet

It is not only Ukraine that has been affected by the attack. This is the most comprehensive, publicly known attack ever on satellite infrastructure on the ground.

For example, Wired recently wrote that 2000 German wind turbines have been disconnected from the internet and are still off the grid. Wired also reported that European companies are struggling to upgrade modems that have been destroyed by the attack in order to be able to update and get back online.

The infrastructure is constantly being stress tested

As far as Version2 is informed, there appears to be no indication that Denmark has been hit particularly hard by the attack on Viasat’s infrastructure.

“Right now, there is nothing to suggest that Danish infrastructure is affected by this particular attack. But the infrastructure is constantly being attacked, and things are constantly being tried out,” says Torben Rune, who has for many years worked as a teleconsultant for telecommunications companies, internet providers, and the Danish Armed Forces.

“You don’t have to be in the military’s cyber units to figure it out. It takes just a few minutes for something that is put up online to undergo a hacking attempt, and infrastructure is absolutely no exception.”

Torben Rune believes that part of the reason why we have not experienced problems in Denmark is that we set relatively high requirements for companies that provide infrastructure—including the internet.

“Recently, we have introduced even more security layers. For example, it’s now required not to purchase technology from countries we are not allied with, as we saw with Huawei. Had we also applied those principles to oil and gas, we may not have found us in the unfortunate situation that we’re in right now,” says Torben Rune, who generally believes that Danish protectionism works.

Denmark is less exposed

At the same time, Denmark is less exposed to fluctuations in regards to satellites, because we have such an extensive and powerful fiber network as well as a relatively small country to cover.

Satellite connections are particularly good in areas with low fiber coverage, and they generally consist of three components. First and foremost the satellite itself, then the dish that receives the satellite signal, and last but not least the network on the ground that distributes the signal out to the internet itself and the end users.

Satellites are thus the best option for fast and reliable internet where there is no fiber.

It was not long after the war broke out that Ukraine asked Elon Musk to connect parts of the country to his private satellite network, Starlink. Whether this is due to the attack against Viasat or not is unknown.

How could this happen?

There is still not much technical information about the attack on Viasat’s infrastructure, and the company has not replied to Version2’s inquiries.

But all signs point to it being a targeted attack on very special parts of Viasat’s infrastructure. For example, the attack did not hit the Viasat’s airline customers using satellite navigation, and Viasat maintained on several occasions that no customer data has been compromised, as we have otherwise seen in the vast majority of recent hacker attacks.

On the other hand, the affected modems are completely bricked.

“We know that all impacted customers modems will be rendered unusable and therefore we need to replace hardware. We are currently awaiting advice from Viasat on the timelines for the supply of replacement equipment, which we need to resolve the situation as quickly as possible. We plan to start sending out replacement modems as soon as we receive them from Viasat, complete with clear instructions. This replacement will be at no cost,” writes the internet provider BigBlu, which among other things provides satellite internet to British customers.

Mark Dankberg, CEO of Viasat, said at a satellite conference that the attack could have been avoided:

“We believe that for this particular event, it was preventable, but we didn’t have that capability in that case,” the director said.

To Reuters, Viasat said that there was a misconfiguration in the management section of the satellite network.

The USA has confirmed Ukraine’s statement that Russia was behind the attack. However, the evidence is not publicly available, so Version2 cannot confirm or deny that claim.