Monitoring Chinese Satellite Systems

Earlier in the month I covered information on China’s new GPS system, called BeiDou, with its primary purpose to modernize China’s guided weapon systems. Using satellite navigation is hardly anything new or revolutionary, but the system itself exists to negate the PLA’s reliance on foreign systems not under their control- namely, the US’ GPS and the Russian Federation GLONASS.

Further, there is substantial evidence China intends on using the system to destabilize Indian-Pakistani relations. Pakistan, who previously had been largely reliant on US export weapons, is now purchasing exclusively from China, picking up their latest guided missile systems and JX fighters. India remains largely reliant on GPS. Further, the published People’s Liberation Army doctrine is to first target the US’ GPS satellites in an effort to blind any sophisticated weaponry. We’ve already seen substantial examples of this without taking out the actual systems, and if such an attack would occur, many of the weapon systems which would give a decisive advantage would be useless.

So, how did they pull that last part off? Sure, a nation-state has the resources to make it happen…but what about you?

Enter the bargain-basement guerrilla.

Contrary to popular belief, pretty much anything can be done with common-off-the-shelf components and tracking satellite guidance systems is no different. They’re radios, after all, that are just far enough outside the gravitational pull of the Earth to be geostationary, meaning they move very little compared to Low Earth Orbit satellites that have to be physically tracked. The reason for this is to have the ability to triangulate positioning of the receiver on the ground based on the signals from the satellites in orbit.

Tracking them is not particularly hard- all you have to know is what frequencies they’re transmitting on and a receiver to monitor them. This can be done pretty cheap. You’ll need an SDR dongle, which can be had ranging from ridiculously cheap to around a $150 for better quality units like the SDR Play. Get the software up and running, which sometimes can be a pain, and now let’s start looking at antennas.

One of the best satellite monitoring and receiving antenna designs out there is known as the Egg Beater for obvious reasons. These are most used by hams looking to make quick contacts on low earth orbit satellites, but they’re great for monitoring satellite reception in all bands without having to move them around for optimal reception. While they’re expensive to buy, with a little bit of know-how you can build your own.

The Chinese BeiDou satellite frequencies are:

• B1C / B1I / B1A : 1575.42 mHz
• B2A / B2B:           1191.795 mHz
• B3I / B3Q / B3A: 1268.52 mHz
• Bs Test Freq:        2492.028 mHz

So let’s talk about how these systems have been exploited over the last decade or so. Satellites themselves transmit a low power signal, with GLONASS transmitting anywhere from 20-280 watts. You can measure it using this handy guide on measuring the Russian system’s signal strength. It takes a substantial amount of work to target the individual satellites by their signals- sure, it can be done, but its a lot of labor for relatively little exploitative value. If you’ve taken my Signals Intelligence Course you’ve heard me say this a lot.

But what nation states such as Russia, China and Iran, and various insurgent groups sponsored by them have done to negate the capabilities of satellite navigation is to simply spoof the signal through transmitting a stronger signal on the same frequencies. Its what Iran did in the drone landing incident, China allegedly did in the USS John S. McCain and USS Fitzgerald incidents, and Russia did in it leading to the sinking of a Norwegian patrol vessel using the same guidance system as our Aegis Destroyers in the previous incidents.

Taking some pages from those lessons learned, exploiting the Chinese BeiDou system, while not easy, may not be as difficult as it first appears.

Spoofing, on the other hand, is more challenging. “It requires simulating the GPS accurately and capturing the user’s receiver away from the true signal to steer it off course,” Fischer says. “Doing this requires some very complex signal-generation equipment to track the vehicle first to exactly match its trajectory before you can start spoofing.

What such a system would require is the ability to spoof not one but all of the signals on the frequencies at once, confusing the receiving guidance system and sending out erroneous data.

If the Chinese are indeed planning on capitalizing on the chaos they’ve caused with their Virus, and many signs would suggest so, then the ability to exploit their supporting weapons’ guidance systems is worth looking into. Keep in mind, its perfectly legal to monitor, but sending out erroneous signals is quite another.