Insurgents Hack U.S. Drones

[sonicboom]

Dale Meyerrose, former chief information officer for the U.S. intelligence community, compared the problem to street criminals listening to police scanners.

"This was just one of the signals, a broadcast signal, and there was no hacking. It is the interception of a broadcast signal," said Meyerrose, who worked to field the unmanned systems in the 1990s, when he was a senior Air Force officer.

The problem, he said, is that when the drones were first being developed they were using commercial equipment, which as time goes on could become vulnerable to intercepts.

The military has known about the vulnerability for more than a decade, but assumed adversaries would not be able to exploit it.

The hacking is just another example of how formidable and inventive the extremists can be. The U.S. has spent billions of dollars, for instance, fighting homemade bombs in Iraq and Afghanistan, the No. 1 killer of troops and the weapon of choice by militants who have easy access to the materials needed to make them and use modern telecommunications networks to exchange information about how to improve them.

Pentagon spokesman Bryan Whitman said the military continually evaluates the technologies it uses and quickly corrects any vulnerabilities found.

 

[S-2]

Link is unencrypted as the feed is intended for multiple end-users in real-time. Encryption can inhibit "multiple" and "real-time".

UAVs see a lot though and it's hard to judge by a single feed what has our interest and what doesn't. Further, there are a lot of UAVs that are up and looking. I'd surmise that virtually every inch of FATAville has been eye-balled by PREDATOR but that doesn't mean that all of it caught our interest and generated OPORDS.

Remember that a reconnaissance drone doesn't have to hover over a possible target. It can fly a path which indicates nothing specifically and the data can be replayed later without betraying interest.

 

[tore]

Cheap software 'helps Iraqi militants track US drones' - Yahoo! News


Cheap software 'helps Iraqi militants track US drones'


WASHINGTON (AFP) – Iraqi militants have regularly used cheap and widely-available software to intercept the feeds of US-operated drones, the Wall Street Journal reported on Thursday.

Citing senior defense and intelligence officials, the Journal said Iranian-backed Shiite insurgents used software programs such as SkyGrabber -- available online for 25.95 dollars (18 euros) -- to capture drone feeds.

The practice was uncovered in July 2009, when the US military found files of intercepted drone video feeds on the laptop of a captured militant.

They discovered "days and days and hours and hours of proof," a person described as familiar with the situation told the Journal. "It is part of their kits now."

Some of the most detailed examples of drone intercepts have been uncovered in Iraq, but the same technique is known to have been employed in Afghanistan and could easily be used in other areas where US drones operate.

The SkyGrabber program and others take advantage of the unencrypted downlink between the drone and ground control.

The US government has known about the flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it, the Journal said.

US officials said there was no evidence that militants could control the drones or otherwise interfere with their flights, but the vulnerability would allow the unmanned craft to be monitored and tracked.

Defense officials told the Journal efforts were being made to fix the flaw, but noted that adding encryption to a decade-old system is tricky and requires upgrading several components of the system linking drones to ground control.

One of the developers of SkyGrabber, which is made by Russian company SkySoftware, told the Journal he had no idea the program could be used to intercept drone feeds.

"It was developed to intercept music, photos, video, programs and other content that other users download from the Internet -- no military data or other commercial data, only free legal content," Andrew Solonikov told the Journal.

 

[Cheetah786]

Read the boldfaced parts before anyone "happily" jumps to conclusions.



The "unencrypted downlink" part was fed off to collect the video grabs. Anyone with amateur electronics knowledge knows that its a very simple thing to do, just like feeding off a TV cable wire running on your rooftops.

All those who are trying to download that SkyGrabber software, the only thing you can achieve is get hold of some on air videos or if they are in the vicinity of a UAV (with all the paraphernalia like an antenna, laptop etc - which makes one very obvious and standout for the UAV to 'see'), if lucky, might get a glimpse of what the UAV is seeing. YOU CANNOT CONTROL THE UAV! Those flight controls are through a secure link!

And about aircrafts, geez, there are human pilots in there who control the damn thing! The "links" the aircraft uses is for communication, not flight control!!! Is there any present day avionics suite which fires weapons off another aircraft? Dont think so! And my guess is, neither will there be any. Too dangerous.

Another point to note is that they are making a fuss about "Shite" insurgents apparently funded by Iran! Now is that to prepare groundwork for an impending attack?

If Man can make it Man can hack it

 

[ajpirzada]

mu1zwndOiXc[/media] - Insurgents Hack Into U.S. Spy Drone Videos

 

[gambit]

Read the boldfaced parts before anyone "happily" jumps to conclusions.

How else can these people going to get any exercise?

 

[Metallic]

US fixed drones hacked by Iraqi insurgents: Pentagon
18 DECEMBER 2009

WASHINGTON — The US military has fixed a problem that allowed Iraqi militants to use cheap software to intercept the video feeds of US-operated drones, a defense official said on Thursday.

"This is an old issue that's been addressed," the official, who spoke on condition of anonymity, told reporters.

The problem has been "taken care of," he said.

The official spoke after the Wall Street Journal reported that Iranian-backed Shiite insurgents had used software programs such as SkyGrabber -- available online for 25.95 dollars (18 euros) -- to capture live video footage from drones.

The official confirmed the report was accurate but would not discuss details of efforts to encrypt the link between drones and operators on the ground.

The case raised questions about the security of the country's highly valued drones that are central to US military operations in Iraq and Afghanistan as well as CIA manhunts against Al-Qaeda figures in Pakistan.

Gates has put a priority on devoting more drones to Afghanistan and on expanding and improving the drone fleet, which include Predator and Reaper aircraft armed with precision-guided bombs and Hellfire missiles.

James Clapper, the undersecretary of defense for intelligence, reviewed the problem on orders from Defense Secretary Robert Gates and concluded the hacking by Iraqi insurgents revealed a flaw in the security of the drone fleet.

The practice was uncovered in July 2009, when the US military found files of intercepted drone video feeds on the laptop of a captured militant, intelligence and defense officials told the Journal.

They discovered "days and days and hours and hours of proof," an unnamed source told the Journal. "It is part of their kits now."

Some of the most detailed examples of drone intercepts have been uncovered in Iraq, but the same technique is known to have been employed in Afghanistan and could easily be used in other areas where US drones operate.

The US government has known about the flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it, the Journal said.

There was no evidence that militants could control the drones or otherwise interfere with their flights, but the vulnerability would allow the unmanned craft to be monitored and tracked.

Adding encryption to a decade-old system requires upgrading several components of the system linking drones to ground control.

One of the developers of SkyGrabber, which is made by Russian company SkySoftware, told the Journal he had no idea the program could be used to intercept drone feeds.

"It was developed to intercept music, photos, video, programs and other content that other users download from the Internet -- no military data or other commercial data, only free legal content," Andrew Solonikov told the Journal.


Source: AFP

 

[FreekiN]

I didnt think terrorist groups like al qaeda had hackers.... :O

guess I was wrong ...

 

[greatsequence]

Well a couple of years back a british retired professor was able to hack into the video feeds of nato satellite. The videos were then broadcasted over BBC and the response from Nato was very similar to this incident that ,,, OH WE HAVE KEPT THEM UNSECURED INTENTIONALLY.
I dont know how much of a threat this is but none the less job well done.

 

[EjazR]

If the links were unencrypted, then it was pretty shocking security for a military device. There are DES, 3DES , AES hardware encryption chips availble that would speed up the encryption without impacting performance, so performance is no excuse.

 

[Luftwaffe]

s2 For all your ranting about FATAVILLE you're uav's are busted no need to describe and explain for all you can write 20 pages of explanation on this forum its open secret now.

As for the hacking us says it was not hacking so what do you call a video share without consent and agreement illegally share of live video cast stupidity of us at the height.

 

[gambit]

Hi,

It is a breath taking news---all the time we talk about data linked aircraft---oh guess what---someday someone will break into the link and then the planes do cartweels and the missiles sommersaults---.

Once hacked in---the hacker can ultimately take over the control of the aircraft and the weapons system at some stage and then make the plane do 'magic'.

The nightmare has come true for the u s millitary.

Hi,

It is what we know---is what we are told---u s defence industry is spending millions to make a break through in this field. Once broken through, the hacker can shut off the engine---change the lock on the missile---but that would have to be done through an awac and with a super powerful computer.

And indeed this is big b news as our colleague indianrabbit stated.

problem is that not every drone is having a data link (Link 11 or Link 16) kind of a thing, which are more secure and encrypted. Most of the drones use data link which are simple ones and can be susceptible to such interception.

Should be an eye opener for PAF and other drone operating countries too.

This report doesn't says all drone communication was intercepted, some in case. Their makes and models are not specified, so we don't know for sure which kind of data link are susceptible to interception.

AWACS can actually guide AMRAAM"s through Link-16.

That is a secure link, which in no way controls the FCS of an aircraft.
Secondly, the missile has to be fired by the human pilot! The control of the missile is then handed over to the AWACS team, that too in a scenario where its risky for the fighter pilot to switch his radars on. Operators in an AWACS cannot fire missiles from another aircraft. Correct me if I am wrong.

You are correct. The platform, airborne or ground, has absolute control of the launch. Once the missile is in flight, its own flight control system (FLCS) remains in authority.

Link-16 is a two-way secured real time data transfer protocol that is also frequency agile to resist ECM attempts. The data transfer are for:

1) Weapon control handoff.
2) Target abort and/or redirect.
3) Pre-impact information.

People are confusing guidance with control. Any or all of the three are applicable even to manned weapons platforms. Pre-impact information could be translated as when the aircraft finally landed on the runway, not necessary only from a bomb's perspective. For items 1 and 2, the weapon's own FLCS accept external guidance and execute its own internally generated control commands, no different than if it is obeying programmed information. If an AIM-9 lost its IR guidance, it will continue to fly until fuel is exhausted or it will self destruct. Guidance is NOT control.

There is no 'hacking' here. Heck...This does not even qualify as an 'intercept' because to intercept mean I have control of the original information and will disseminate it at my convenience. At best, this is receiving a copy of the original, which is exactly what radio and television transmissions does. We have no information about this other than the insurgents receive the unencrypted video feeds. Nothing about the quality of the reception and when. This is nothing but a propaganda piece using loaded words like 'hack', implying that the entire system is somehow vulnerable.

 

[jeypore]

Hi,

It is a breath taking news---all the time we talk about data linked aircraft---oh guess what---someday someone will break into the link and then the planes do cartweels and the missiles sommersaults---.

Once hacked in---the hacker can ultimately take over the control of the aircraft and the weapons system at some stage and then make the plane do 'magic'.

The nightmare has come true for the u s millitary.

Oh really!!!!!

I would take it as a learning curve, wouldn't you!!!! Since almost 40% investment is dedicated towards unmaned aircraft... It will only get better!!!!!!!

 

[gambit]

If the links were unencrypted, then it was pretty shocking security for a military device. There are DES, 3DES , AES hardware encryption chips availble that would speed up the encryption without impacting performance, so performance is no excuse.

The links are secured with:

1) Reed-Solomon.

Reed?Solomon error correction - Wikipedia, the free encyclopedia

2) Cyclic code-shift keyed (CCSK) for 32-ary baseband symbol modulation.

Communication Systems/M-ary Modulation Schemes - Wikibooks, collection of open-content textbooks

Communication Systems/M-ary Modulation Schemes

3) Minimum shift-keyed.

Minimum-shift keying - Wikipedia, the free encyclopedia

http://handle.dtic.mil/100.2/ADA033820

JTIDS chip durations are nominally 0.2 Us, which corresponds to a chip bandwidth cf 10 MHz. During each 7.8 ms transmission period information is conveyed by 6.4 us message b1oaks, which are encoded via pseudo-random noise techniques with successive message blocks separated by 6.6 11s; the modulation scheme is Continuous Phase Shift Modulation (CPSM). To assure additional security in the transmission process frequency hopping is also employed. Fifty-one frequencies are employed in the TACAN band with a 3 MHz separation between frequencies except for 20 Miz guard bands around tha ATCRBS frequencies 1030 MHz and 1090 MHz (Figure 1-1). With respect to ASTRO-DABS, all JTIDS frequencies occur with equal probability at all times.

4) Chip sequence randomization of the above process.

5) Symbol interleaving.

(WO/2004/015948) SYMBOL INTERLEAVING

http://www.sisostds.org/index.php?t...SISO+Reference+Products&file=TADIL+TALES1.doc

Link 16 Simulation Standard

Tactical Digital Information Link-Technical Advice and Lexicon for Enabling Simulation (TADIL-TALES)

SISO-REF-009-2003

The signal processing required to transform base-band data to the JTIDS signal waveforms for transmission includes base-band data encryption, forward error correction encoding, error detection encoding, cyclic code shift keying (CCSK) encoding, data symbol interleaving, and the selection of a variable start time.

Link-16 'hacked'? Try winning the Powerball Lottery.

 

[EjazR]

@gambit

I don't agree with the words 'hacked'. Its not correct, it seems here that it was more a case of eavsdropping.

Some of those mechanisms you mentioned are error correction and modulation codes. The frequency shift keying may make it secure in the sense that the people who want to understand the info will have to determine the sequence and the seed key.

However AES, 3DES e.t.c. are proven encryption algorithms that have a better track record and are mathematically proven to be more secure. The NIST also recommends these algorithms and are part of FIPS standards. I woudl have thought that the military would use this as well.