The traffic going to and from these drones isn't encrypted?
It is, but if you control the endpoints then there is no traffic to be had if you block it.
How did they know what device to block if they don't know what's being sent/recieved?
If you provision a range of IP addresses to use specifically for the Ukrainian government, you can just cut access to all of them at once. Claiming an "outage" of 15-30 minutes would be pretty easy to do.
I have no doubt that starlink can geolocate a client device by triangulation or trilateration.
The article states they essentially geo-fenced the area. So when client devices entered that area, their traffic was dropped.
I could believe that too
by looking where it is
Did you read the article? It wasn't about the traffic being encrypted. It's about starlink turning off service in a certain area so the drones didn't have Internet access to communicate:
Elon Musk secretly ordered his engineers to turn off his company’s Starlink satellite communications network near the Crimean coast last year to disrupt a Ukrainian sneak attack on the Russian naval fleet, according to an excerpt adapted from Walter Isaacson’s new biography of the eccentric billionaire titled “Elon Musk.”
As Ukrainian submarine drones strapped with explosives approached the Russian fleet, they “lost connectivity and washed ashore harmlessly,” Isaacson writes.
It's more complex than that, especially when all you're looking for is denial of service. As an example: I don't have to decrypt anything if I can use traffic analysis to determine which packets are sent to or coming from a drone and just drop them. Standard Internet security, TLS, encrypts the content of a packet but not the source or the destination. You could use a VPN wrapper but then it's as simple as dropping traffic to and from the VPN.
But surely you'd then need to have prior knowledge of the intent of the endpoint
Not really. You just have to know that the comms are going to or coming from a drone, which should be easy enough given that the AP needs to know how to route the comms so that information must be visible to it (and it can therefore decide to drop comms at that step in transport). Even with the content, origination and destination being perfectly secret you can do this like track which APs a given client connects to over a certain amount of time and infer airspeed and rough direction. Something flying at $droneTopSpeed +/- 10%, headed roughly toward some juicy target? Drop comms.
Remember that starlink is already in their communication chain and start thinking in terms of what you'd do if you wanted to intercept letters between two people and you're already the mailman for one of them.
The traffic going to and from these drones isn't encrypted?
It is, but if you control the endpoints then there is no traffic to be had if you block it.
How did they know what device to block if they don't know what's being sent/recieved?
If you provision a range of IP addresses to use specifically for the Ukrainian government, you can just cut access to all of them at once. Claiming an "outage" of 15-30 minutes would be pretty easy to do.
I have no doubt that starlink can geolocate a client device by triangulation or trilateration.
The article states they essentially geo-fenced the area. So when client devices entered that area, their traffic was dropped.
I could believe that too
by looking where it is
Did you read the article? It wasn't about the traffic being encrypted. It's about starlink turning off service in a certain area so the drones didn't have Internet access to communicate:
It's more complex than that, especially when all you're looking for is denial of service. As an example: I don't have to decrypt anything if I can use traffic analysis to determine which packets are sent to or coming from a drone and just drop them. Standard Internet security, TLS, encrypts the content of a packet but not the source or the destination. You could use a VPN wrapper but then it's as simple as dropping traffic to and from the VPN.
But surely you'd then need to have prior knowledge of the intent of the endpoint
Not really. You just have to know that the comms are going to or coming from a drone, which should be easy enough given that the AP needs to know how to route the comms so that information must be visible to it (and it can therefore decide to drop comms at that step in transport). Even with the content, origination and destination being perfectly secret you can do this like track which APs a given client connects to over a certain amount of time and infer airspeed and rough direction. Something flying at $droneTopSpeed +/- 10%, headed roughly toward some juicy target? Drop comms.
Remember that starlink is already in their communication chain and start thinking in terms of what you'd do if you wanted to intercept letters between two people and you're already the mailman for one of them.