VSAT terminals are opened for targeted cyber attacks
Los Angeles, California - January 05, 2014
Security researchers from IntelCrawler, a Los-Angeles based cyber intelligence company, announced that very-small-aperture terminal (VSAT) used for satellite communications are exposed to external cyber attacks, especially, on distributed critical infrastructures and network environments.
VSATs are most commonly used to transmit narrowband data (point of sale transactions such as credit card, polling or RFID data; or SCADA), or broadband data (for the provision of satellite Internet access to remote locations, VoIP or video). They are also widely spread in industrial sector, such as energy, oil and gas, where the whole infrastructure is based on distributed environments located in different regions, cities or sometimes continents. According to statistics, there are 2,931,534 active VSAT terminals in the world now, with the majority installed in the US (The Comsys VSAT report).
"We have scanned the whole IPv4 address space since 2010 and update the results in our Big Data intelligence database, including details about satellite operators network ranges, such as INMARSAT, Asia Broadcast Satellite, VSAT internet iDirect, Satellite HUB Pool, and can see some vulnerabilities," comments Dan Clements, IntelCrawler President.
IntelCrawler has found approximately 313 open UHP VSAT Terminals, 9045 open HUGHES Terminals, 1142 SatLink VSAT and many others . It is important for the network engineers and system administrators to self-assess and close or plug any possible exploits.
VSAT devices are connected to many interesting devices all over the world, starting from Alaska climate metering systems to industrial control devices in Australia, and many work with the help of C, Ka, Ku and X-Band satellite ranges.
As IntelCrawler researchers have noted, many VSAT devices have telnet access with very poor password strength, many times using default factory settings. The fact that one can scan these devices globally and find holes is similar to credit card thieves in the early 2000's just googleing the terms "order.txt" and finding merchant orders with live credit cards. The onus is on the enterprises, governments, and corporations to police themselves.
"Intrusions to such open devices can allow you to monitor all the network traffic related to the exact device or host, sometimes with very sensitive information, which can lead to a compromise of the internal network," - said Dan Clements, IntelCrawler's President.
Some of the VSATs are readily visible in Google maps and Google Earth. Again, system administrators should assess the physical security to these locations and make sure all is secure.
Satellite network ranges have lots of interesting objects, including government and classified communications. For example, during some research IntelCrawler found Ministry of Civil Affairs of China infrastructure in the ranges belonging to Shanghai VSAT Network Systems Co. LTD, and Ministry of Foreign Affairs of Turkey in Turksat VSAT Services, which is a clear and present danger for hacks.
IntelCrawler.com is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result. This finite pool of cyber prints is then narrowed further by comparing it to various databases and forum intelligence gathered from the underground and networked security company contacts. The final result could be the location of a particular keyboard or a computer housing the threat.