Connect with us

Tech

SpaceX denies claim that Starlink and OneWeb satellites almost collided

Published

on

A stack of 60 Starlink satellites being launched into space, with Earth in the background.
Enlarge / A stack of 60 Starlink satellites launched in 2019.

SpaceX has accused satellite-broadband rival OneWeb of spreading a false story claiming that the companies’ satellites nearly crashed into each other.

In reality, “[t]he probability of collision never exceeded the threshold for a [collision-avoidance] maneuver, and the satellites would not have collided even if no maneuver had been conducted,” SpaceX told the Federal Communications Commission in an ex parte filing. The filing describes a meeting that SpaceX and OneWeb representatives had with FCC staff yesterday in which SpaceX said it “corrected the record regarding recent press reports regarding physical coordination between SpaceX and OneWeb.”

The meeting came one day after The Wall Street Journal published an article titled “Elon Musk’s Satellite Internet Project Is Too Risky, Rivals Say.” The Journal article described OneWeb’s allegations as follows:

Starlink satellites have come alarmingly close to other spacecraft twice in the last two years, including on April 2, when a Starlink satellite prompted another operated by OneWeb, controlled by Indian conglomerate Bharti Global and the UK government, to make evasive maneuvers, according to OneWeb and the US Space Command.

Mr. Musk’s satellites are equipped with an AI-powered, automated collision avoidance system. Yet that system had to be switched off when a Starlink satellite came within 190 feet of the rival’s satellite this month, according to OneWeb’s [government affairs chief Chris] McLaughlin.

When contacted by OneWeb, Starlink’s engineers said they couldn’t do anything to avoid a collision and switched off the collision avoidance system so OneWeb could maneuver around the Starlink satellite without interference, according to Mr. McLaughlin.

The Journal said that “SpaceX didn’t reply to requests for comment” about the OneWeb incident and another event from 2019 in which the European Space Agency said it performed a collision-avoidance maneuver to avoid a SpaceX satellite.

The Journal also quoted McLaughlin as saying, “SpaceX has a gung-ho approach to space… Every one of our satellites is like a Ford Focus—it does the same thing, it gets tested, it works—while Starlink satellites are like Teslas: They launch them and then they have to upgrade and fix them, or even replace them altogether.”

In yesterday’s filing to the FCC, SpaceX said that “OneWeb’s head lobbyist recently made demonstrably inaccurate statements to the media about recent coordinations of physical operations. Specifically, Mr. McLaughlin of OneWeb told the Wall Street Journal that SpaceX switched off its AI-powered, autonomous collision avoidance system and ‘they couldn’t do anything to avoid a collision.’ Rather, SpaceX and OneWeb were working together in good faith at the technical level. As part of these discussions, OneWeb itself requested that SpaceX turn off the system temporarily to allow their maneuver, as agreed by the parties.”

SpaceX’s “autonomous collision avoidance system was and remains fully functional at all times,” SpaceX also wrote.

OneWeb admitted it was wrong, SpaceX says

OneWeb offered to retract its false statements during the meeting with SpaceX and the FCC, according to SpaceX’s recounting of yesterday’s meeting with seven staffers from the commission’s International Bureau, including International Bureau Chief Tom Sullivan and Satellite Division Acting Chief Karl Kensinger.

“Despite recent reports to the contrary, the parties made clear that there was no ‘close call’ or ‘near miss.’ SpaceX and OneWeb agreed that they had conducted a successful coordination, resulting in a positive outcome,” SpaceX wrote. The SpaceX filing continued:

SpaceX expressed its disappointment to the Commission that OneWeb’s officials chose to publicly misstate the circumstances of the coordination. Ongoing successful coordination depends on trust and transparency between the operators and the types of tactics used in this case by OneWeb result in a less safe space environment as they detract from the technical work needed to manage a satellite constellation safely. SpaceX was therefore grateful that OneWeb offered in the meeting with the Commission to retract its previous incorrect statements. SpaceX looks forward to hearing confirmation from OneWeb when those retractions have been made.

OneWeb’s misleading public statements coincide with OneWeb’s intensified efforts to prevent SpaceX from completing a safety upgrade to its system. For instance, immediately after the first inaccurate quotes came out in media accounts, OneWeb met with Commission staff and Commissioners demanding unilateral conditions placed on SpaceX’s operations [See OneWeb filing]. Ironically, the conditions demanded by OneWeb would make it more difficult to successfully coordinate difficult operations going forward, demonstrating more of a concern with limiting competitors than with a genuine concern for space safety.

We contacted OneWeb about SpaceX’s filing today and will update this article if we get a response. There was no OneWeb response to SpaceX’s filing in the FCC docket as of today.

Update on April 22: OneWeb filed a reply, denying that it offered to retract any statements to the media. “In an ex parte filed yesterday by SpaceX, it states that ‘OneWeb offered in the meeting with the Commission to retract its previous incorrect statements’ to the press,” OneWeb told the FCC. “OneWeb made no such offer to retract any previous statements made to the press. OneWeb simply noted during the meeting that press coverage can sometimes be erroneous in certain respects—a fact noted by SpaceX itself when requesting the FCC meeting in the first place. OneWeb stands by its story as reported to the press. In this regard, OneWeb notes that SpaceX was contacted by reporters at The Verge and The Wall Street Journal for comments during the preparation of the articles in question, but SpaceX apparently refused to comment.” OneWeb also wrote that it “is committed to full cooperation with SpaceX and all other satellite operators on physical coordination of satellites.”

Minuscule chance of collision

SpaceX’s filing included an attachment with a fact sheet and timeline describing the incident with OneWeb. It said that the “recent technical coordination with OneWeb was not an exceptional event and the Starlink team has successfully conducted similar coordinations with other satellite owner/operators.” The “probability of conjunction” was initially estimated at between 1 in 10,000 and 1 in 100,000, SpaceX wrote.

OneWeb contacted SpaceX via email on April 1. “SpaceX responded within minutes and communicated to OneWeb that Starlink-1546 was/is maneuverable,” SpaceX told the FCC. During a phone call the next day, “SpaceX volunteered to perform a manual maneuver, but both parties agreed to wait for the next CDM [conjunction data message],” SpaceX wrote.

SpaceX and OneWeb had a second call less than two hours later, in which “SpaceX reiterated its recommendation to wait for another CDM… before planning a maneuver because SpaceX systems indicated this was the least risky approach.” However, “OneWeb satellites need more time to coordinate and plan their maneuvers than Starlink satellites require, so OneWeb did not want to wait and chose instead to maneuver OneWeb-0178,” SpaceX wrote. “Because OneWeb decided to plan a maneuver, it asked SpaceX to turn off Starlink-1546’s autonomous conjunction avoidance system. SpaceX obliged this request and confirmed to OneWeb that the system had been turned off.”

Further data showed that “the probability of collision was already below any threshold that required a maneuver and kept dropping,” SpaceX wrote. OneWeb performed the maneuver on April 3, and the satellites ended up missing each other by more than 1,000 meters, SpaceX wrote. The final probability of collision was “one in one hundred million million million—this was not a close call or a near miss,” SpaceX told the FCC.

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Published

on

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Sean Rayford | Getty Images

Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distribution on the East Coast, reports emerged on Friday that the company paid a 75 bitcoin ransom—worth as much as $5 million, depending on the time of payment—in an attempt to restore service more quickly. And while the company was able to restart operations Wednesday night, the decision to give in to hackers’ demands will only embolden other groups going forward. Real progress against the ransomware epidemic, experts say, will require more companies to say no.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don’t have the backups and other infrastructure necessary to recover otherwise, can’t or don’t want to take the time to recover on their own, or decide that it’s cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims’ financials before springing their traps, allowing them to set the highest possible price that their victims can still potentially afford.

wired logo

In the case of Colonial Pipeline, the DarkSide ransomware group attacked the company’s business network rather than the more sensitive operational technology networks that control the pipeline. But Colonial took down its OT network as well in an attempt to contain the damage, increasing the pressure to resolve the issue and resume the flow of fuel along the East Coast. Another potential factor in the decision, first reported by Zero Day, was that the company’s billing system had been infected with ransomware, so it had no way to track fuel distribution and bill customers.

Advocates of zero tolerance for ransom payments hoped that Colonial Pipeline’s proactive shutdown was a sign that the company would refuse to pay. Reports on Wednesday indicated that the company had a plan to hold out, but numerous subsequent reports on Thursday, led by Bloomberg, confirmed that the 75 bitcoin ransom had been paid. Colonial Pipeline did not return a request for comment from WIRED about the payment. It is still unclear whether the company paid the ransom soon after the attack or days later, as fuel prices rose and lines at gas stations grew.

“I can’t say I’m surprised, but it’s certainly disappointing,” says Brett Callow, a threat analyst at antivirus company Emsisoft. “Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

In a briefing on Thursday, White House press secretary Jen Pskai emphasized in general that the US government encourages victims not to pay. Others in the administration struck a more measured note. “Colonial is a private company and we’ll defer information regarding their decision on paying a ransom to them,” said Anne Neuberger, deputy national security adviser for cyber and emerging technologies, in a press briefing on Monday. She added that ransomware victims “face a very difficult situation and they [often] have to just balance the cost-benefit when they have no choice with regards to paying a ransom.”

Researchers and policymakers have struggled to produce comprehensive guidance about ransom payments. If every victim in the world suddenly stopped paying ransoms and held firm, the attacks would quickly stop, because there would be no incentive for criminals to continue. But coordinating a mandatory boycott seems impractical, researchers say, and likely would result in more payments happening in secret. When the ransomware gang Evil Corp attacked Garmin last summer, the company paid the ransom through an intermediary. It’s not unusual for large companies to use a middleman for payment, but Garmin’s situation was particularly noteworthy because Evil Corp had been sanctioned by the US government.

“For some organizations, their business could be completely destroyed if they don’t pay the ransom,” says Katie Nickels, director of intelligence at the security firm Red Canary. “If payments aren’t allowed you’ll just see people being quieter about making the payments.”

Prolonged shutdowns of hospitals, critical infrastructure, and municipal services also threaten more than just finances. When lives are literally at stake, a principled stand against hackers quickly drops off of the priorities list. Nickels herself recently participated in a public-private effort to establish comprehensive United States–based ransomware recommendations; the group could not agree on definitive guidance about if and when to pay.

“The Ransomware Task Force discussed this extensively,” she says. “There were a lot of important things that the group came to a consensus on and payment was one where there was no consensus.”

As part of a cybersecurity Executive Order signed by President Joseph Biden on Wednesday, the Department of Homeland Security will create a Cyber Safety Review Board to investigate and debrief “significant” cyberattacks. That could at least help more payments be made in the open, giving the general public a fuller sense of the scale of the ransomware problem. But while the board has incentives to entice private organizations to participate, it may still need expanded authority from Congress to demand total transparency. Meanwhile, the payments will continue, and so will the attacks.

“You shouldn’t pay, but if you don’t have a choice and you’ll be out of business forever, you’re gonna pay,” says Adam Meyers, vice president of intelligence at the security firm CrowdStrike. “In my mind, the only thing that’s going to really drive change is organizations not getting got in the first place. When the money disappears, these guys will find some other way to make money. And then we’ll have to deal with that.”

For now, though, ransomware remains an inveterate threat. And Colonial Pipeline’s $5 million payment will only egg on cybercriminals.

This story originally appeared on wired.com.

Continue Reading

Tech

Talend: 36% of business leaders don’t rely on data to make decisions

Published

on

40% of business leaders still rely on gut decisions, not data.

Join Transform 2021 this July 12-16. Register for the AI event of the year.


Even as enterprise leaders tout the importance of data, 36% of business leaders don’t rely on it for making critical decisions, according to a survey by Talend, an open source data integration platform. The same survey found that 78% of business executives face challenges effectively working with data to make decisions.

Above: 40% of business leaders still rely on gut decisions, not data.

Image Credit: Talend

Our relationship with data is not healthy. Talend’s survey found only 40% of executives always trust the data they work with. For decades, managing and using data for analysis was focused on the mechanics: the collecting, cleaning, storing, and cataloging of as much data as possible, then figuring out how to use it later. Companies don’t know what data they have, where it is, or who is using it, and, critically, no way to measure their data health.

Data health is Talend’s vision of a comprehensive system for ensuring the well-being and return of corporate information. Data health offers proactive treatments, quantifiable measures, and preventive steps to identify and correct issues, ensuring that corporate data is clean, complete, and uncompromised.

Data health is a complex journey of unique requirements, regulations, and risk tolerance. It will take substantial market collaboration and research to align on appropriate standards for different companies. Eventually, data health solutions will help create a universal set of metrics to evaluate the health of corporate data and establish it as an essential indicator of the strength of a business. Talend’s initial framework imagines four primary focus areas to establish data health: reliability, visibility, understanding and value. We believe that data health will become a key, if not the most important, performance framework used within and across organizations to monitor and evaluate the health of the company. With this new data health first approach, and new standards, leaders can level the employee playing field and drive a data-charged cultural change.

From March 24th to April 8th, 2021, Talend led a survey via Qualtrics among a base of 529 independent respondents worldwide. (57% North America, 26% Asia-Pacific, 17% Europe). The respondents are all executives — with titles ranging from director to the C-suite — from medium and large companies making more than $10 million in annual revenue.

Read Talend’s full report Data Health Survey.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Continue Reading

Tech

Pipeline attacker Darkside suddenly goes dark—here’s what we know

Published

on

Pipeline attacker Darkside suddenly goes dark—here’s what we know

Darkside—the ransomware group that disrupted gasoline distribution across a wide swath of the US this week—has gone dark, leaving it unclear if the group is ceasing, suspending, or altering its operations or is simply orchestrating an exit scam.

On Thursday, all eight of the dark web sites Darkside used to communicate with the public went down, and they remain down as of publication time. Overnight, a post attributed to Darkside claimed, without providing any evidence, that the group’s website and content distribution infrastructure had been seized by law enforcement, along with the cryptocurrency it had received from victims.

The dog ate our funds

“At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked,” the post stated, according to a translation of the Russian-language post published Friday by security firm Intel471. “The hosting support service doesn’t provide any information except ‘at the request of law enforcement authorities.’ In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

The post went on to claim that Darkside would distribute a decryptor free of charge to all victims who have yet to pay a ransom. So far, there are no reports of the group delivering on that promise.

If true, the seizures would represent a big coup for law enforcement. According to newly released figures from cryptocurrency tracking firm Chainalysis, Darkside netted at least $60 million in its first seven months, with $46 million of it coming in the first three months of this year.

Identifying a Tor hidden service would also be a huge score, since it likely would mean that either the group made a major configuration error in setting the service up or law enforcement knows of a serious vulnerability in the way the dark web works. (Intel471 analysts say that some of Darkside’s infrastructure is public-facing—meaning the regular Internet—so malware can connect to it.)

But so far, there’s no evidence to publicly corroborate these extraordinary claims. Typically, when law enforcement from the US and Western European countries seize a website, they post a notice on the site’s front page that discloses the seizure. Below is an example of what people saw after trying to visit the site for the Netwalker group after the site was taken down:

netwalker notice

So far, none of the Darkside sites display such a notice. Instead, most of them time out or show blank screens.

What’s even more doubtful is the claim that the group’s considerable cryptocurrency holdings have been taken. People who are experienced in using digital currency know not to store it in “hot wallets,” which are digital vaults connected to the Internet. Because hot wallets contain the private keys needed to transfer funds to new accounts, they’re vulnerable to hacks and the types of seizures claimed in the post.

For law enforcement to confiscate the digital currency, Darkside operators likely would have had to store it in a hot wallet, and the currency exchange used by Darkside would have had to cooperate with the law enforcement agency or been hacked.

It’s also feasible that close tracking by an organization like Chainalysis identified wallets that received funds from Darkside, and law enforcement subsequently confiscated the holdings. Indeed, Elliptic, a separate blockchain analytics company, reported finding a Bitcoin wallet used by DarkSide to receive payments from its victims. On Thursday, Elliptic reported, it was emptied of $5 million.

At the moment, it’s not known if that transfer was initiated by the FBI or another law enforcement group, or by Darkside itself. Either way, Elliptic said the wallet—which since early March had received 57 payments from 21 different wallets—provided important clues for investigators to follow.

“What we find is that 18% of the Bitcoin was sent to a small group of exchanges,” Elliptic Co-founder and Chief Scientist Tom Robinson wrote. “This information will provide law enforcement with critical leads to identify the perpetrators of these attacks.”

Nonsense, hype, and noise

Darkside’s post came as a prominent criminal underground forum called XSS announced that it was banning all ransomware activities, a major about-face from the past. The site was previously a significant resource for the ransomware groups REvil, Babuk, Darkside, LockBit, and Nefilim to recruit affiliates, who use the malware to infect victims and in exchange share a cut of the revenue generated. A few hours later, all Darkside posts made to XSS had come down.

In a Friday morning post, security firm Flashpoint wrote:

According to the administrator of XSS, the decision is partially based on ideological differences between the forum and ransomware operators. Furthermore, the media attention from high-profile incidents has resulted in a “critical mass of nonsense, hype, and noise.” The XSS statement offers some reasons for its decision, particularly that ransomware collectives and their accompanying attacks are generating “too much PR” and heightening the geopolitical and law enforcement risks to a “hazard[ous] level.”

The admin of XSS also claimed that when “Peskov [the Press Secretary for the President of Russia, Vladimir Putin] is forced to make excuses in front of our overseas ‘friends’—this is a bit too much.” They hyperlinked an article on the Russian News website Kommersant entitled “Russia has nothing to do with hacking attacks on a pipeline in the United States” as the basis for these claims.

Within hours, two other underground forums—Exploit and Raid Forums—had also banned ransomware-related posts, according to images circulating on Twitter.

REvil, meanwhile, said it was banning the use of its software against health care, educational, and governmental organizations, The Record reported.

Ransomware at a crossroads

The moves by XSS and REvil pose a major short-term disruption of the ransomware ecosystem since they remove a key recruiting tool and source of revenue. Long-term effects are less clear.

“In the long run, it’s hard to believe the ransomware ecosystem will completely fade out, given that operators are financially motivated and the schemes employed have been effective,” Intel471 analysts said in an email. They said it was more likely that ransomware groups will “go private,” meaning they will no longer publicly recruit affiliates on public forums, or will unwind their current operations and rebrand under a new name.

Ransomware groups could also alter their current practice of encrypting data so it’s unusable by the victim while also downloading the data and threatening to make it public. This double-extortion method aims to increase the pressure on victims to pay. The Babuk ransomware group recently started phasing out its use of malware that encrypts data while maintaining its blog that names and shames victims and publishes their data.

“This approach allows the ransomware operators to reap the benefits of a blackmail extortion event without having to deal with the public fallout of disrupting the business continuity of a hospital or critical infrastructure,” the Intel471 analysts wrote in the email.

For now, the only evidence that Darkside’s infrastructure and cryptocurrency have been seized is the words of admitted criminals, hardly enough to consider confirmation.

“I could be wrong, but I suspect this is simply an exit scam,” Brett Callow, a threat analyst with security firm Emsisoft told Ars. “Darkside get to sail off into the sunset—or, more likely rebrand—without needing to share the ill-gotten gains with their partners in crime.”

Continue Reading

Trending