Russian-Speaking Hackers Tap Satellite Internet Connections


The three elements anchored the plot of the James Bond movie Goldeneye.

They’re also apparently the basis for a real-life Russian-speaking spy operation that covers its tracks with consumer satellite Internet connections, Russian computer-security firm Kaspersky Lab ZAO said Wednesday.

The release arguably is as notable for its authors as its content. Kaspersky has had to fend off accusations that it is too close to the Russian government – just as America’s FireEye Inc. is cozy with Washington or European security companies work with their governments.

Calling out the “Russian-speaking cyberespionage actor” known for the malicious software called Turla, as Kaspersky did Wednesday, is an effort to push back against that perception. The security company didn’t identify the hacker or hackers, and didn’t say whether it thinks Moscow is linked to the operation.

Kaspersky alleged the hackers have infected computers in 45 countries, including the U.S. and China, by laundering their traffic through satellite Internet connections often used in sparsely populated areas, such as Africa. It didn’t name any specific victims.

The satellite connections appear to be an attempt to shield the hackers’ identities.

Here’s how it works: The spies eavesdrop on unencrypted satellite connections, and then locate the Internet address of some customers. The hackers then instruct other computers, on which they are spying, to send data those Internet addresses. The data works its way through a global network of pipes, is beamed into space and back down to a consumer’s desktop or laptop, sometimes in Africa. The hackers then collect the data from the consumer, who is none the wiser.

The process seems unnecessarily complicated. But Kaspersky said it can make it harder to determine who is pulling the digital strings behind the hacking.

Kaspersky detected the odd practice after it captured samples of the malware used by the hackers. It noticed that they repeatedly connected to seemingly random Internet addresses at satellite-based Internet service providers.

The security of satellite Internet connections has been studied for several years. But now that digital spies have figured out how to exploit this weakness for espionage, regular criminals likely won’t be far behind, said Stefan Tanase, a senior researcher at Kaspersky.

“It’s an exquisite strategy,” he said. “It’s the ultimate level of anonymity.”