December 17th, 2009, 09:58 PM #1
Insurgents Used $26 Software to Hack U.S. Drones
Insurgents Hack U.S. Drones - WSJ.com
Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems.Conservatives: "If the facts disagree with our opinion, ignore the facts -- or at least misrepresent them."
December 17th, 2009, 10:05 PM #2Good job, friend-of-friends!
December 17th, 2009, 10:25 PM #3Originally Posted by @Gomer
Last edited by Gomer; December 18th, 2009 at 12:24 AM.
December 17th, 2009, 10:25 PM #4
I think there is more to this than what is being reported. These signals are encrypted. Hell, my unclassified network circuits are encrypted and multiplexed.
Also the article stated the hackers were only able to view the video, not control the drone. Intercepting unencrypted satellite signals has be done since the 60s, which is why we had satellite down link facilities in the interior of Australia to prevent intercepts from the Soviets."Men sleep peacefully in their beds at night because rough men stand ready to do violence on their behalf."
December 17th, 2009, 10:40 PM #5
December 17th, 2009, 11:00 PM #6
Oh darn, those pesky Iranian black-robes fighting that proxy war again. At least they get a front-row video feed of impact. Let's call it "Mil-Tube".
Last edited by Toadman; December 17th, 2009 at 11:04 PM.
December 17th, 2009, 11:31 PM #7
Last edited by MTAtech; December 17th, 2009 at 11:33 PM.Conservatives: "If the facts disagree with our opinion, ignore the facts -- or at least misrepresent them."
December 17th, 2009, 11:39 PM #8"Men sleep peacefully in their beds at night because rough men stand ready to do violence on their behalf."
December 17th, 2009, 11:47 PM #9
MTA, credit goes to Vern.
Radar: it may be encrypted, but it's obviously some sort of basic encryption like you get on tv satellite signals.Good job, friend-of-friends!
December 17th, 2009, 11:52 PM #10
December 18th, 2009, 12:22 AM #11
One report that I read (and I am too lazy to go look it up again) stated that they were originally encrypted, but with the number of people linking to it to watch (people who were supposed to have access), the encryption caused the data stream to bog down and cause unwanted lag. The encryption was later dropped from the specs as it was usually disabled at the requests of those using them.I don't like signatures.
December 18th, 2009, 12:54 AM #12
Hoping that the Insurgents watching will see the drone dropping a bomb on the location from where they are watching. That would be poetic justice , indeed.http://www.youtube.com/watch?v=JOtab0BKOGY
The Nation which forgets it's defenders will itself be forgotten
You cannot make peace with dictators. You have to destroy them–wipe them out!
December 18th, 2009, 12:58 AM #13
I could see us "spoofing" them a phony video feed...
But, yeah. That's pretty lame."The world burns while Obama Tweets."
December 18th, 2009, 02:32 AM #14
It seemed a minor gaffe, now there is proof that it can intercept video feeds from almost all of our Military PLANES.
Not Just Drones: Militants Can Snoop on Most U.S. Warplanes (Updated) | Danger Room | Wired.com
Not Just Drones: Militants Can Snoop on Most U.S. Warplanes (Updated)
* By Noah Shachtman Email Author
* December 17, 2009 |
* 6:10 pm |
Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought.
The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq.They say technology slows down for no one. I know it outruns my wallet. I figure its because my wallet isn't light enough yet.
TechIMO Folding@home Team #111 - Crunching for the cure!
dulce bellum inexpertis
December 23rd, 2009, 07:54 PM #15
Insurgents Intercepting Predator Video? No Problem
Insurgents Intercepting Predator Video? No Problem
Commentary by Bruce Schneier 1 hour ago
Sometimes mediocre encryption is better than strong encryption, and sometimes no encryption is better still.
The Wall Street Journal reported this week that Iraqi, and possibly also Afghan, militants are using commercial software to eavesdrop on U.S. Predators, other unmanned aerial vehicles, or UAVs, and even piloted planes. The systems weren't "hacked" -- the insurgents can’t control them -- but because the downlink is unencrypted, they can watch the same video stream as the coalition troops on the ground.
The naive reaction is to ridicule the military. Encryption is so easy that HDTVs do it -- just a software routine and you're done -- and the Pentagon has known about this flaw since Bosnia in the 1990s. But encrypting the data is the easiest part; key management is the hard part. Each UAV needs to share a key with the ground station. These keys have to be produced, guarded, transported, used and then destroyed. And the equipment, both the Predators and the ground terminals, needs to be classified and controlled, and all the users need security clearance.
The command and control channel is, and always has been, encrypted -- because that's both more important and easier to manage. UAVs are flown by airmen sitting at comfortable desks on U.S. military bases, where key management is simpler. But the video feed is different. It needs to be available to all sorts of people, of varying nationalities and security clearances, on a variety of field terminals, in a variety of geographical areas, in all sorts of conditions -- with everything constantly changing. Key management in this environment would be a nightmare.
Additionally, how valuable is this video downlink is to the enemy? The primary fear seems to be that the militants watch the video, notice their compound being surveilled and flee before the missiles hit. Or notice a bunch of Marines walking through a recognizable area and attack them. This might make a great movie scene, but it's not very realistic. Without context, and just by peeking at random video streams, the risk caused by eavesdropping is low.
Contrast this with the additional risks if you encrypt: A soldier in the field doesn't have access to the real-time video because of a key management failure; a UAV can't be quickly deployed to a new area because the keys aren't in place; we can't share the video information with our allies because we can't give them the keys; most soldiers can't use this technology because they don't have the right clearances. Given this risk analysis, not encrypting the video is almost certainly the right decision.
There is another option, though. During the Cold War, the NSA's primary adversary was Soviet intelligence, and it developed its crypto solutions accordingly. Even though that level of security makes no sense in Bosnia, and certainly not in Iraq and Afghanistan, it is what the NSA had to offer. If you encrypt, they said, you have to do it "right."
The problem is, the world has changed. Today's insurgent adversaries don't have KGB-level intelligence gathering or cryptanalytic capabilities. At the same time, computer and network data gathering has become much cheaper and easier, so they have technical capabilities the Soviets could only dream of. Defending against these sorts of adversaries doesn't require military-grade encryption only where it counts; it requires commercial-grade encryption everywhere possible.
This sort of solution would require the NSA to develop a whole new level of lightweight commercial-grade security systems for military applications — not just office-data "Sensitive but Unclassified" or "For Official Use Only" classifications. It would require the NSA to allow keys to be handed to uncleared UAV operators, and perhaps read over insecure phone lines and stored in people's back pockets. It would require the sort of ad hoc key management systems you find in internet protocols, or in DRM systems. It wouldn't be anywhere near perfect, but it would be more commensurate with the actual threats.
And it would help defend against a completely different threat facing the Pentagon: The PR threat. Regardless of whether the people responsible made the right security decision when they rushed the Predator into production, or when they convinced themselves that local adversaries wouldn't know how to exploit it, or when they forgot to update their Bosnia-era threat analysis to account for advances in technology, the story is now being played out in the press. The Pentagon is getting beaten up because it's not protecting against the threat — because it's easy to make a sound bite where the threat sounds really dire. And now it has to defend against the perceived threat to the troops, regardless of whether the defense actually protects the troops or not. Reminds me of the TSA, actually.
So the military is now committed to encrypting the video ... eventually. The next generation Predators, called Reapers -- Who names this stuff? Second-grade boys? -- will have the same weakness. Maybe we’ll have encrypted video by 2010, or 2014, but I don't think that's even remotely possible unless the NSA relaxes its key management and classification requirements and embraces a lightweight, less secure encryption solution for these sorts of situations. The real failure here is the failure of the Cold War security model to deal with today's threats.
Bruce Schneier is chief security technology officer of BT. His new book is Schneier on Security."The world burns while Obama Tweets."
December 24th, 2009, 02:22 AM #16But encrypting the data is the easiest part; key management is the hard part.
Overall, it seems worthless to encrypt at this point. Chances are a script kiddie will come up with a keygen program and the whole exercise will be worthless.Good job, friend-of-friends!
December 24th, 2009, 05:23 AM #17
so the military isn't even able to use prime number encryptions? i don't see how they can crack encryptions where logic dictates it's impossible to encrypt in a lifetime?
December 24th, 2009, 09:29 AM #18But encrypting the data is the easiest part; key management is the hard part. Each UAV needs to share a key with the ground station. These keys have to be produced, guarded, transported, used and then destroyed. And the equipment, both the Predators and the ground terminals, needs to be classified and controlled...
I don't think key management hassles are a reason to let enemies see Predator vids. An earlier post said that encryption caused lags that the military didn't like. If that's the case, the lags need to be addressed not throw the baby out with the bathwater.
Last edited by MTAtech; December 24th, 2009 at 10:02 AM.Conservatives: "If the facts disagree with our opinion, ignore the facts -- or at least misrepresent them."
December 24th, 2009, 10:07 AM #19
Key management is not a problem nor is the number of users getting the video feeds. My suspicion is there were problems getting the video working consistently with the encryption on. The contractor most likely suggested to the command the risk of turning it off was minimal and the reward of getting more flights was worth it. The problem is the commander who made that decision could have been from several years ago and the current command didn't have any idea they had been running unencrypted all this time."Men sleep peacefully in their beds at night because rough men stand ready to do violence on their behalf."
December 24th, 2009, 10:11 AM #20
Thanks Radar, that explanation sounds the most plausible.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By drakath in forum General Tech DiscussionReplies: 7Last Post: July 31st, 2005, 02:45 AM
By MegalosSkylaki in forum IMO CommunityReplies: 1Last Post: April 12th, 2004, 11:19 PM
By KJ0055 in forum General Tech DiscussionReplies: 10Last Post: August 16th, 2003, 10:35 PM
By Theophylact in forum IMO CommunityReplies: 2Last Post: June 25th, 2003, 04:21 PM
By AzKidd69 in forum Tech News DiscussionReplies: 0Last Post: December 22nd, 2001, 04:32 AM