Satellite Internet Crime Traces: Forensics Challenges and Innovations

Author: Mr. Srimanta Mondal

 

W

e all of are just waking up in the morning feeling crazy and lazy then suddenly remember where is my phone or laptop etc., and we’re going to find it. Now start our mission, everybody knows that what I am talking about, that yes just scrolling Instagram, Facebook, Twitter and many more social media platforms. And obviously checking WhatsApp massages for our daily and priority bases. Then you clearly think yes, we are live in 21^st century. The era of The Digital World[1].

Figure 1: Earth Before the Machine and after the Crime

Whenever we are thought about this digital world, we can see the revolutionary change of the world. Till the start our unstoppable journey from primordial soup to pre-digital civilization[2]. Behind the story there is not only the journey of revolutionary change of the digital world, advance technology development. But there is something different way I have to tell all of you, my endless journey in this field of study with all of experience. The Story of Earth Before the Machine and after the Crime, Crime on Satellite Technology: Challenges and Innovations in Forensics. Whenever I see the earth, it’s a long time, almost Five billon years ago, a silent sphere of molten rock spun in the emptiness of space, destroyed by meteorites and stirred by the volcanic fury, in that time earth was no place for life[2]. But time, continuously evolving itself with had patience, nature’s is a greatest engineer who create the life and change itself which we are see the living things on earth. For millions of years, the journey from it’s started with cloud vapors on the surface, to today’s life sparked. It’s defined the greatest mind of science. In the warm shallowed of Earth’s ancient, a small and simple molecule turned into a big and complexing living beings, a grate transformation of the architecture[3]. Over passing years of years, evolved many creatures and time over time humans are transformed into the brilliant creature on the world. They are making weapons for collecting their food, to they are making homes for live. Over time passes, humans are building some grate civilization, one of them like Indus valley civilization, Egyptian civilizations and others[3]. Curve their existence into stone tablets and clay bricks[1].

These societies invented some greatest monumental ideas, these are main reasons of our today’s evolution and make the world digital, these monumental achievements like law, astronomy, mathematics and philosophy[1]. In that time, humans are slowly becoming monster’s for achieving the rule of world, that time had not any internet or computer, but many extraordinary thinkers are creating several inventions for the war, or the king who want to live thee life as luxurious way, or someone’s create inventions for good welfare[2], [3].

Rise of Orbital Cybercrime and the Collapse of Traditional Boundaries:

Figure 2: The Evolution technology, also step on the crime.

Past years of long journey, humans creating several inventions to achieving their goal or fulfill their passion with using human intelligence and excellency. But somehow this is the reason we are going to that path, what we are not expecting “Crime”. Whenever we think, humans are just evolving and trying to build a better future for the brightest world, as soon world faces some crucial incident for break or destroy their dream. In the past few years journey, the first technology invented by humans that is considered to be “Stone tools” maybe it’s far from 4 million year ago to then humans invented a revolutionary technology that called “computer”[4]. Around 1930s the first electronics computer was invented and the first business computer in 1950s in the world. After that the internet conceived in the late 1960s with the development of ARPANET, which was initially invented for limited used, as military or governmental use[5]. Then human thought why not we are connected all over world interconnected way for fast communication process, then we are slowly achieving our today’s fast and secure internet medium technology, where we are connected our family, friends, office, stranger peoples, in country and out of the country communication. But who thought, that is the beginning of the end of human world, where humans themselves have become the causes of one another's enemy, carrying out such works with the help of advanced technology and internet. And that is the beginning of crime. Today I am going to tell you about one such advanced crime which is done with the help of satellite. My topic of discussion is going to be how satellite crimes happen, how is the investigation of cyber forensics done, which steps are implemented in it, and which challenges come in it and how does our cyber forensic expert team handle it[4].

In the early days of the internet, and its connectivity are comparatively short range, so it will be advantage of crime investigation in short range geographic location areas[6]. In that time there was highly possibility if any attack originating from within inside a country, that could easily trace via internet service providers, local IPs, physical logs or using server metadata. That will help on finding clue on investigation to catch criminals. But today, the world evaluates their technology[5]. The futuristic solution came over the global ecosystem has begun to ascend into the stratosphere quite literally. Where we are created isolated communities and connecting astronauts, and that is the main aspect it became a central feature of the modern digital world. But while it brings huge benefits for human on daily work, remote education, communication, telemedicine and disaster recovery, but it has also opened a new door for cybercriminals activity that create more challenges for traditional digital forensic investigation frameworks[4], [5].

Figure 3: Digital Forensic Investigation, Orbit Exploration.

At the era of revolutions there are many commercial satellites provide internet such as SpaceX’s Starlink, OneWeb, and Amazon Project Kuiper, which is offer their users high speed and low latency internet access from anywhere on the Earth through a constellation of low earth orbit (LEO) satellite[7]. These internet providers are enhanced their infrastructure for managed entirely over terrestrials’ network. This means its cover their connection most of rural villages, or it can be middle of the ocean, or on the battlefield[8]. That’s the loop hole, some malicious actors try to bypass their security local surveillance and perform attack, they can confuse investigator, and create blind spot across the border to exploit jurisdictional matter[6]. Just remembering a hypothetical scenario of case where a ransomware group operating their mission of a conflict zone in northern Africa[7]. As we know, Starlink just launching their satellite in 2019 and significantly expanded their services globally, particularly provided their services in where internet infrastructure is limited, by 2022-2024[8]. During these time period some cases are reported on misuse of Starlink network through sophisticated C2 and evasion tactics they are perform criminal activities to gaining unauthorized access, using a gray-market Starlink terminal to launch attack against high-value European industrial targets[9]. The attackers group mask their true location and hide their all local detection mechanisms, via the satellite network by routing command and control instruction. When forensic research team respond to the attack location and trace the IPs, they find out an endpoint which are linked to a ground station in Germany, that are completely disconnected from the original source origin of the crime[4], [8]. What follow is a month of long international legal efforts and investigation to obtain partial logs, which are anonymized themselves and inconclusive. In this case of scenario, there is no traditional forensic trails exist, no local router logs, no telecom records, no physical infrastructure[10], [11]. Here are questions come, how do forensic researcher team investigate on that case in any of other future cases?

Figure 4: New challenge for Digital Forensic. Orbital Cybercrime, by satellite technology

This no longer hypothetical. Over the past two years, documented that incident have demonstrated the utility of satellite crime operations, that ranging from remote cryptocurrency mining in the arctic circle to illicit drone operations, to digital case of extortion campaigns launched from offshore location[10]. The appeal to criminal is clear: that the probability of ground terminals, there clearly visible the difficulty of this type of case scenario, and the technological novelty so that even many professional forensic researcher or experts are unprepared to address on this type technological crime. The major or it can say core problem for investigators facing critical situation in the shift terrestrial traceability to complex traceability orbital anonymity[10], [11]. In the traditional forensic investigation, most important part is established a timeline paramount. So, Investigator work through timestamps, geolocation records, log data, and physical hardware analysis to reconstruct the sequence of actions involved in a breach or digital crime[10]. But here is a main problem occur where satellite internet fundamentally disrupts this model. Because many of the satellite internet system use dynamic IP pools shared among multiple users, logs point not to a single device or user, but to a network of hundreds. Because of the ground system terminal are operated by highly mobile environment that including car, boat, or even moving aircraft, that the physically link to ground geographical location become tenuous. Moreover, the satellite communication chain typically routes data through a series of relays, communicate multiple continents, before existing into the terrestrial internet, that’s making packet untraceable and create nightmare of international jurisdictions and incomplete transparency[12].

 

Here is the most complex complication is the lack of forensic hooks. There is most of the satellite internet providers do not provide built-in packet monitoring, end point attribution, or real-time logging accessible to law enforcement. Sometime even when logs do exist, they are often retained for minimal periods of time, and inconsistently timestamped, also inaccessible without extensive legal cooperation[13]. In some country in the world, there is simply not any law mandating such forensic cooperation from private space-based ISPs. As a result, investigator find themselves facing digital blackhole, crime that exist in digital form, but they are do not doing anything because these crimes which are not any trace remains. This is the place, where the forensic community must rise to facing new challenges. Here we are the witness to birth of a new breed of cybercrime[10]. It’s called “Orbital Cybercrime, by satellite technology”. And the tools, legal frameworks, and investigative mindsets that sufficed for land based digital forensic already falling short[12]. In the future of forensic investigation must look upward to the skies, to the satellites, and to the space between them[12], [13].

A New Forensic Battlefield — Challenges That Orbit the Law:

Figure 5: Earth’s satellite internet infrastructure in low Earth orbit (LEO).

The rapid development of satellite internet infrastructure has not only opened the beneficial sources to every user but it can also to threat actors who exploit its distinct architecture to commit and perform cybercrime. Here twist is the benefits of low latency, global internet is undeniable, the satellite medium fundamentally disrupts the foundational principles of the digital forensic investigation. In this part of case study, we explored how traditional forensic strategies are failing in orbit and why it failing?

Here is the most critical issue is that of jurisdictional ambiguity. On terrestrial network, legal authorities can force service providers to share their data, logs, and connection records. However, in the satellite context, there is the situation becomes far more complicated. If we saw an example like, a single data packets sent from a Starlink terminal in Nigeria might be routed via a satellite other area, downlink to a gateway in Italy, that process through a server cluster in Germany and then exit into the public internet from Netherlands[12], [14]. In that such a case, there is five different legal jurisdictions may have theoretical oversight over one simple transaction, there for investigators this means that is issuing impact a lawful request becomes a matter of transactional cooperation, that going to be more difficult by diplomatic red tape, differing privacy laws, and the lack of any sensitive unified forensic framework for orbital communications[7], [8]. Moreover, few of private corporations are managed these satellite constellations, but that are not always bound to cooperate, especially when operating in countries where data access is not that much mandatory under local law[4].

Figure 6: Illustration representing the complexity of global satellite internet routing and the resulting jurisdictional challenges for forensic investigations.

As we all are move forward, and it is highly increasingly clear that satellite internet technology has created a new kind of digital terrain. Where criminals can hide behind the movement of celestial bodies and perform cyber-attack through via satellite technology, where forensic must evolve or risk becoming obsolete[4], [13]. Where forensic investigators not only just looking under keyboards or may inside routers, also they are going to scanning the orbital space, decoding the RF signals for tracing frequencies, and chasing the digital criminals across over the world. In this emerging world of technological paradigm, where traditional approaches must give way to orbital strategies, and forensic investigation not only use software’s but also include spectrum analyzers, satellite logs and cryptographic verification model. The sky always has been extremely big, the reason why this situation in more critical now and complicated too[4], [5].

Innovations on the Horizon — Building a Forensic Future Beyond Earth

Despite the huge challenges overcome in the digital forensic on satellite internet technology, but hope is still existing. Across the global academia, law enforcement, and private industry, researchers and engineers are continuously trying to building the next generation of tools, protocols and frameworks to investigate crime in borderless, orbital environment[15]. One of the most important areas of innovation is RF signals, a technique that analyzes the subtle imperfections in satellite terminals, radio emissions to uniquely identified a specific device. Much like a human fingerprint, they can’t match each other due to manufacturing variances and usages pattern. By cataloging and tracking these outflow, forensic analyst and research team hardly trying to gain the ability to satellite linked activities to a specific physical device, even also the absence of logs and IP identifier[13], [14].

Figure 7: RF fingerprinting used to trace satellite-linked devices in forensic investigations.

As satellite internet uses are billon of users, when its going from smart farms to autonomous ships, then need for traceability, accountability and evidentiary integrity will become non-negotiable. Here we need to upgrade our methodology, our techniques and strategies, not just evolve tools and technology, but also need to update imagination[16], [17].

In the world where the internet falls from the sky, truth must rise with it.

 

About the Author:

Mr. Srimanta Mondal

Research.srimanta@gmail.com

Gujarat University, Department of Bio-Chemistry and Forensic, Cybersecurity and Digital Forensic Science

Website: www.srimantamondal.in

LinkedIn:www.linkedin.com/in/srimanta-mondal-37b291184/

References: 

[1]      “The Evolution of Humans | World Civilization.” Accessed: Jun. 29, 2025. [Online]. Available: https://courses.lumenlearning.com/suny-hccc-worldcivilization/chapter/the-evolution-of-humans/

[2]      “History of Earth - Wikipedia.” Accessed: Jun. 29, 2025. [Online]. Available: https://en.wikipedia.org/wiki/History_of_Earth

[3]      “Indus Valley Civilisation - Wikipedia.” Accessed: Jun. 29, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Indus_Valley_Civilisation

[4]      “Digital Forensics and Cyber Crime Investigation | Recent Advances and.” Accessed: Jun. 29, 2025. [Online]. Available: https://www.taylorfrancis.com/books/edit/10.1201/9781003207573/digital-forensics-cyber-crime-investigation-ahmed-abd-el-latif-lo-ai-tawalbeh-manoranjan-mohanty-brij-gupta-konstantinos-psannis

[5]      “(PDF) Emerging Trends in Digital Forensics : Investigating Cybercrime.” Accessed: Jun. 29, 2025. [Online]. Available: https://www.researchgate.net/publication/389631795_Emerging_Trends_in_Digital_Forensics_Investigating_Cybercrime

[6]      “SATELLITE FORENSICS - eForensics.” Accessed: Jun. 29, 2025. [Online]. Available: https://eforensicsmag.com/product/satellite-forensics/

[7]      “Starlink - Wikipedia.” Accessed: Jun. 29, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Starlink

[8]      “Elon Musk attacks South African government, claims ‘Starlink is not allowed to operate in South Africa because…’ - The Times of India.” Accessed: Jun. 29, 2025. [Online]. Available: https://timesofindia.indiatimes.com/technology/social/elon-musk-attacks-south-african-government-claims-starlink-is-not-allowed-to-operate-in-south-africa-because/articleshow/118791502.cms

[9]      “Starlink in the Russian-Ukrainian War - Wikipedia.” Accessed: Jun. 29, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Starlink_in_the_Russian-Ukrainian_War

[10]    “Cybersecurity and Cyber Forensics for Smart Cities: A Comprehensive Literature Review and Survey.” Accessed: Jun. 29, 2025. [Online]. Available: https://www.mdpi.com/1424-8220/23/7/3681

[11]    K. Kim, I. M. Alshenaifi, S. Ramachandran, J. Kim, T. Zia, and A. Almorjan, “Cybersecurity and Cyber Forensics for Smart Cities: A Comprehensive Literature Review and Survey,” Sensors 2023, Vol. 23, Page 3681, vol. 23, no. 7, p. 3681, Apr. 2023, doi: 10.3390/S23073681.

[12]    “International Journal of Electronic Security and Digital Forensics (IJESDF) Inderscience Publishers - linking academia, business and industry through research.” Accessed: Jun. 29, 2025. [Online]. Available: https://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijesdf

[13]    “Researching Cyber Security of Small Satellites | CybExer Technologies.” Accessed: Jun. 29, 2025. [Online]. Available: https://cybexer.com/case-studies/researching-cyber-security-of-small-satellites-using-digital-twin-and-cyber-range-technology

[14]    “Cybercrime Module 6 Key Issues: References.” Accessed: Jun. 29, 2025. [Online]. Available: https://www.unodc.org/e4j/zh/cybercrime/module-6/key-issues/references.html

[15]    “Satellite Cybersecurity, 10-R6221 | Southwest Research Institute.” Accessed: Jun. 29, 2025. [Online]. Available: https://www.swri.org/what-we-do/internal-research-development/2022/earth-space/satellite-cybersecurity-10-r6221

[16]    “Cybercrime - Wikipedia.” Accessed: Jun. 29, 2025. [Online]. Available: https://en.wikipedia.org/wiki/Cybercrime

[17]    D. of Justice, O. of Justice Programs, and N. Institute of Justice, “Special REPORT Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition,” 2001. [Online]. Available: www.ojp.usdoj.gov/nij