Thursday, December 17, 2009

Praxis: WSJ -- "Insurgents Hack U.S. Drones"

Wall Street Journal

DECEMBER 17, 2009


Insurgents Hack U.S. Drones

$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected


By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington's growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.

The Obama administration has come to rely heavily on the unmanned drones because they allow the U.S. to safely monitor and stalk insurgent targets in areas where sending American troops would be either politically untenable or too risky.

The stolen video feeds also indicate that U.S. adversaries continue to find simple ways of counteracting sophisticated American military technologies.

U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.

In the summer 2009 incident, the military found "days and days and hours and hours of proof" that the feeds were being intercepted and shared with multiple extremist groups, the person said. "It is part of their kit now."

A senior defense official said that James Clapper, the Pentagon's intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network.

"There did appear to be a vulnerability," the defense official said. "There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so."

Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.

Some of the most detailed evidence of intercepted feeds has been discovered in Iraq, but adversaries have also intercepted drone video feeds in Afghanistan, according to people briefed on the matter. These intercept techniques could be employed in other locations where the U.S. is using pilotless planes, such as Pakistan, Yemen and Somalia, they said.

The Pentagon is deploying record numbers of drones to Afghanistan as part of the Obama administration's troop surge there. Lt. Gen. David Deptula, who oversees the Air Force's unmanned aviation program, said some of the drones would employ a sophisticated new camera system called "Gorgon Stare," which allows a single aerial vehicle to transmit back at least 10 separate video feeds simultaneously.

Gen. Deptula, speaking to reporters Wednesday, said there were inherent risks to using drones since they are remotely controlled and need to send and receive video and other data over great distances. "Those kinds of things are subject to listening and exploitation," he said, adding the military was trying to solve the problems by better encrypting the drones' feeds.

The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.

Last December, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. "There was evidence this was not a one-time deal," this person said. The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.

The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software's developers, said he was unaware that his software could be used to intercept drone feeds. "It was developed to intercept music, photos, video, programs and other content that other users download from the Internet -- no military data or other commercial data, only free legal content," he said by email from Russia.

Officials stepped up efforts to prevent insurgents from intercepting video feeds after the July incident. The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes. Additional concerns remain about the vulnerability of the communications signals to electronic jamming, though there's no evidence that has occurred, said people familiar with reports on the matter.

Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren't readily compatible, said people familiar with the matter.

In an email, a spokeswoman said that for security reasons, the company couldn't comment on "specific data link capabilities and limitations."

Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator's price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies.

"There's a balance between pragmatics and sophistication," said Mike Wynne, Air Force Secretary from 2005 to 2008.

The Air Force has staked its future on unmanned aerial vehicles. Drones account for 36% of the planes in the service's proposed 2010 budget.

Today, the Air Force is buying hundreds of Reaper drones, a newer model, whose video feeds could be intercepted in much the same way as with the Predators, according to people familiar with the matter. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator. General Atomics expects the Air Force to buy as many as 375 Reapers.

19 comments:

Chuck Martel said...

Well hell . . . .

Charlie said...

Let this be a lesson to all -- be sure to encrypt your mission-critical comm!

Frank said...

Only the .gov could develop the most advanced unmanned surveillance drones in the world, and make a mistake as simple as not encrypting the downlink... The mind boggles at what ELSE they've screwed up.

Happy D said...

So they like to watch Jihaddist gets missile enema too? One of the best shows the Air Force makes.

Anonymous said...

The mind set is interesting - and appalling. There is not bit of hesitation to take out one t with a hellfire missile - yet simple encryption could have stopped this.

The same mindset that cannot fathom the straightforward task of unifying technology between branches of service would rather leave it open to the enemy.

The same mindset that is so determined that the technology is dumbed down to the extent that these idiots are able to hack it - so the deeds can be shared with our "allies." Many of whom are saturated with muslim terrorists.

Our lunch is getting eaten by cavemen - and we are led by supposed intellectual giants.

Carl Bussjaeger said...

Well, Frank, it gets better. The uplinks are encrypted either, which means once they do a little analysis to work out control codes, the opponent could theoretically take over a drone, not just listen in.

Also, it turns out that the video broadcasts from darned near every air asset in the sky is unencrypted. This gives the opponent plenty of realtime aerial surveillance capability for the price of a laptop.

When I first heard that all this _new_ gear was fielded without encryption, my mind boggled. What happened? More than 20 years ago I was a base Land Mobile Radio (walki-talkies, automotive mobiles, base stations) systems manager in the Air Force. We were encrypting the handhelds used by everybody from gate guards to radar techs, to gas truck drivers, for routine base support ops; not even combat. Who the hell thought it was a good idea, decades later to abandon encryption even for mission essential combat gear?

looking4aline said...

why was this leaked? And why now? What are they trying to hide?

Kevin Wilmeth said...

Heads up, folks. This smells to me like a convenient and useful excuse to push for new state intrusions in cyberspace.

In the interest of--wait for it--national security, we'll just have to crack down on hardware and devices, local software, network activity and asset-sharing, the whole enchilada. And of course keep tabs on anyone interested in any of that. The opportunities this opens up are almost limitless.

Also in the news at this moment is this simple revelation that allows people to avoid email snooping by not actually sending the mail. ("The Russians, when faced with the same problem, used a pencil" indeed!)

This does not seem coincidental. Why, we need a new czar! A cyberfuhrer! A Pirate-Finder General!

Laugh if you want, but I'd bet minor-caliber body parts on this.

Anonymous said...

All this is BS. First off, the satellite feed is there for anyone to grab. It may be a radio wave in GHz, but it is digitally encoded and has a carrier ID (CID). All you have to do is use a dish for the right frequency to pick up enough signal and use that $30 software to decode the signal. The big news is that it is not encrypted. That is pretty unbelievably stupid. Especially when DirectTV is encrypted, although only one way communication.

The better picture on this is that the fighters now know what frequency the com links are on and what satellites handle the coms. Now they could find a way to inject garbage in the signal or jam it. They could also overload a transponder on the satellite. Signals also could be cloned.

Charlie said...

"That is pretty unbelievably stupid."

Never underestimate the capacity for incompetence amongst federal employees and defense contractors.

"This smells to me like a convenient and useful excuse to push for new state intrusions in cyberspace."

Unlikely. The "hacking" (a more appropriate term would be "intercepting" or "eavesdropping") did not take place in "cyberspace" for one. Also, don't forget about Hanlon's Razor (see above).

"Why, we need a new czar! A cyberfuhrer!"

The administration is trying to fill the position of "Cybersecurity Czar," but nobody wants the job: http://pajamasmedia.com/instapundit/90030/

"... once they do a little analysis to work out control codes, the opponent could theoretically take over a drone, not just listen in."

If possible, it probably would have happened already.

"This gives the opponent plenty of realtime aerial surveillance capability for the price of a laptop."

Not exactly. While the software & laptop may be relatively inexpensive, the additional satellite & radio equipment carries a non-trivial price tag. The better-financed (read: Iranian-backed) insurgents wouldn't have too much trouble sourcing these, however.

"Who the hell thought it was a good idea, decades later to abandon encryption even for mission essential combat gear?"

A couple of possible reasons come to mind. First, the individuals responsible for making technology purchasing decisions often have far less technical expertise than the operators. This is akin to buying aircraft without consulting aircrew & maintenance personnel. Secondly, while there's plenty of time to do things "the right way" in garrison, proper TTP often fly out the window in the AOR. Yes, even in boneheaded ways like this.

"The same mindset that cannot fathom the straightforward task of unifying technology between branches of service..."

Such measures threaten the fiefdoms of small men in powerful positions.

III

TJP said...

I'd think the requirements of streaming video from a remote device, with a limited electricity budget and real-time control, severely restricts the choices of encryption. It should be no surprise that the favored system is weak or optimized for efficiency. These things are packed with electronics.

The latency is probably high enough between the control center to the unit.

http://en.wikipedia.org/wiki/MQ-1_Predator#Command_and_sensor_systems

(A couple of seconds, according to that entry.)

Charlie said...

TJP -

I doubt electrical/power demands are an issue. The additional strain imposed by encryption certainly wouldn't overtax a powerplant capable of sustaining flight over 14+ hour missions.

I would also be surprised if encryption added anything more than a negligible increase to the transmission lag. The bottleneck is the downlink, not the onboard processing.

In any event, the article indicates the U.S. is working to encrypt all drone video feeds, which suggests the technical issues are not insurmountable.

My suspicion is that the original designers underestimated the technological sophistication of potential OPFORs.

III

TJP said...

Charlie,

I'm sorry, but I have to respectfully disagree. The drone doesn't enjoy the advantages of operating in a vacuum, constant positioning, or adequate surface area for its antenna, like the specialized communication satellite. A significant portion of its power budget must be dedicated to flight and weapon controls, and the second largest drain is likely the output stages of its transmitters and the servos for its adjustable, directional antennas.

These drones are running on three different bands in the UHF and microwave regions over long distances, and the amount of data that video generates requires lots of bandwidth with serial communication.

I do not have build specs for the drones, but I wouldn't be surprised if the authors put the emphasis on reliability and physical security over signal security.

The inverse square law applies, and we're talking about a very directional signal in the 8-12 GHz range, coming from an antenna pointed upwards. The requirements of proximity to the transmitter seems to make the utility of the video feed very low. I would think that handing over sensitive technology due to loss of control would be the greater security breach.

Carl Bussjaeger said...

"Not exactly. While the software & laptop may be relatively inexpensive, the additional satellite & radio equipment carries a non-trivial price tag. The better-financed (read: Iranian-backed) insurgents wouldn't have too much trouble sourcing these, however."

Tried pricing satellite gear for amateur radio? Relatively affordable; especially if you only want eavesdropping capability. Heck, I've done it (uncrypted radio news feeds). But even transmit capability is affordable by a private citizen. Or, remember "Captain Midnight" (I think he called himself), who hijacked the HBO transponder?

But you don't even need to get the transponder. Once you know the frequencies being used, you can locally jam the drone. These systems should have been designed as encrypted spread-spectrum from the start. It isn't like this is new technology. And now retro-fitting everything already in the field is going to be far more expensive.

TJP said...

I'm sorry, as is my habit, I got hung up on technical minutia and neglected to actually conclude my argument.

I don't think this is an example of government blundering because: the choices of reliable stream ciphers considering the requirements are bound to be slim; the available ones are weak enough that their vulnerabilities are known and exploitable through available software; the devices are expendable so using a more powerful cipher would give the enemy an opportunity to capture it; and the video feed is of limited utility considering the angle of radiation from the antenna.

I realize that device is capable of long flights, but it has a generator with a fixed capacity.

Thanks for reading.

Charlie said...

TJP -

"the choices of reliable stream ciphers considering the requirements are bound to be slim;"

While it's true that streaming encryption is more difficult than fixed-state encryption (e.g. email), and there are relatively few (publicly-known) cryptosystems that can handle streaming data, knowing the encryption algorithm (or cipher) won't help you much if you don't have the encryption key as well. And the number of unique encryption keys for each cryptosystem is (virtually) limitless.

"the devices are expendable so using a more powerful cipher would give the enemy an opportunity to capture it;"

Each drone would have its own unique key. So, even if insurgents were able to recover the encryption key from the wreckage of a downed drone, it wouldn't help them decipher the stream transmitted by others.

"...it has a generator with a fixed capacity."

Of course, but the encryption would be implemented mostly in software (possibly with the addition of a "dongle" or some other small piece of hardware), and a few extra cycles on one of the many CPUs on board surely wouldn't push the load over the limit.

"A significant portion of its power budget must be dedicated to flight and weapon controls, and the second largest drain is likely the output stages of its transmitters and the servos for its adjustable, directional antennas."

Absolutely, and I wasn't disputing that at all. My point was that these drains dwarf the (CPU-based) signal processing system, and that I doubt adding encryption to the signal processing would significantly increase the power requirements.

III

Charlie said...

Carl -

"Tried pricing satellite gear for amateur radio? Relatively affordable; especially if you only want eavesdropping capability."

Conceded. I guess all I was trying to say was that this capability required more than just $29 Russian software, unlike the WSJ article suggested.

"These systems should have been designed as encrypted spread-spectrum from the start."

Definitely!

III

Frank said...

The rotax 914 that powers the predator/warrior/reaper family uses an 18A integral alternator, similar to a motorcycle. That, obviously is likely only used to power the ignition, and charge the battery. Now, there are, in my opinion, two ways to provide the several hundred watts that the rest of the systems require.

First, An AC generator, powered through a constant-speed drive. Unlikely, as this would be completely at odds with the off-the-shelf design philosophy of the drone family. CSDs and AC generators for such a small engine simply do not exist in any other platform that I am aware of. If the drone were turbine powered, this would be it's electrical system design, as most turbines already run this form of electrical generation, in one way or another.

More likely is a dual-alternator, dual-bus electrical system, supplying either DC, or AC through a rectifier. The majority of this system already exists, as it is common in the newest single-engine FADEC equipped general aviation aircraft.

With dual alternators, you're likely looking at 100A at 18vDC, when both alternators are functioning, and the ability to limp home, running only the flight critical systems, in the event of electrical failure.

If encryption was thrown out of the design for any reason, it is more likely that the designers of the mission systems had to do so for weight concerns, than any other reason. Even a few pounds for a hardware-based encryption system would likely have been hard to find. This is no excuse to have not done the encryption in software, however.

Charlie said...

Looks like Predator isn't the only platform that has (or had) this problem...

http://www.boston.com/business/technology/articles/2009/12/19/battlefield_robot_had_security_hole/