Iraqi resistance hacks into US drones

[SS-18 ICBM]

The only armament drones have are a few Hellfire missiles. Those aren't a complete substitute for a ground attack.

 

[civ_king]

some points of Clarification
1) it was Predator Drones, not exactly disposable
2) the US uses "Hardware Encryption"
3) you can buy the |-|4><0R software on the internet for $29.99
4) The Afghanis did this

 

[uppi]

Cost of drone: $4.5 million
Cost of an AES chip: a few dollars
Sharing all your reconnaissance info with your enemies: priceless

 

[ParkCungHee]

So this is kind of like stealing my Predator drone care package in Call of Duty, complete with the terrorist on the little laptop and everything. That is SO annoying.

Clearly the solution is obvious: We must train our troops to be masters of Jarate.

 

[Formaldehyde]

some points of Clarification
1) it was Predator Drones, not exactly disposable

It even stated so in the OP article.

They are obviously talking about hand held tactical or locally launched drone type used by tactical units, not Global Hawk and the like. These are like little remote controlled planes built to be cheap, disposable, and easily usable by the lowest common denominator. I would like confirmation of this however.

Hmm.

It is actually hilarious to watch some of the same people here who talk about the US having a bloated military with too many and too expensive toys jump on every instance of the US not having the most advanced and expensive equipment in use for every little thing be some sort of blunder. Its sureal actually.

I think what is actually surreal are the military apologists who spring into action no matter the story to try to do damage control.

 

[Serutan]

If, as has been asserted, the drone was a more or less throwaway recon tool, this would indeed be much ado about not too much.

BUT - going by the Wiki description of the Predator, it is a system that more than likely has both classified hardware and classified performance parameters. This means that the military would consider information about from that system falling into enemy hands to be a very bad thing. The fact that the insurgents were able to capture unencrypted video from the Predator means that its surveillance capabilities have been totally compromised. Therefore using unencrypted / non frequency hopped transmissions is in fact stupidity on the part of the military, especially as this has been known for 13 years now.

 

[innonimatu]

This may or may not be unrelated, but it's interesting to note that those drones have apparently been losing communications and falling a lot...

 

[Ecofarm]

And even though 13 of the 70 Predator crashes have occurred over the last 18 months, officials said the accident rate has fallen as flying hours have shot up.

All told, 55 have been lost because of equipment failure, operator errors or weather.

http://www.nytimes.com/2009/03/17/business/17uav.html?_r=1&em=&pagewanted=all


I hear encryption is already present in most drones, and the rest will have it soon. The "hacking" required line-of-sight, so terrorists only saw their own death coming when it was too late.

http://video.foxnews.com/12604793/hack-attack

 

[Formaldehyde]

EDIT: Never mind.

 

[Ecofarm]

Well, perhaps you should read additional sources.

Officials stepped up efforts to prevent insurgents from intercepting video feeds after the July incident...

A senior defense official said that James Clapper, the Pentagon's intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network.

"There did appear to be a vulnerability," the defense official said. "There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so."

Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.

http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hpp_MIDDLETopStories

According to the expert in the video linked above, most if not all are encrypted now and no harm was done by the (LINE-OF-SIGHT) "hacking".


Mistake? Yes.
Compromised missions? No.
Fixed? Yes.

 

[Formaldehyde]

It was just a matter of coming up with the properly vetted excuse to be delivered by a retired general on Fox News, as usual.

A glaring design error like this is far from being a "mistake".

An you have absolutely no idea whether or not it "compromised a mission".

 

[Ecofarm]

I provided links to WSJ and NYT too.

Except according to all sources, this problem was well known, the security implications were judged to be minimal because of the very specific circumstances necessary for insurgents to make use of it, and doing without encryption both saved costs and more importantly time to get the system deployed, which has undeniably saved many lives.

It's a case of a calculated risk where the downsides have now come to pass, not of stupid military officers suddenly realizing it was unencrypted.

Correct. I still think it was a mistake to have any unencrypted, but this is hardly a major problem.



It did not compromise a single mission and it is already fixed... so how upset am I supposed to be? Am I supposed to be outraged because a problem that carried no consequences has been fixed?

 

[Formaldehyde]

EDIT: Never mind.

 

[Ecofarm]

No, after reading the WSJ article, the BBC article, the NYT article and seeing the video of the military expert's assessment.

Every source says the same thing.

Why are you confused?

Maybe you are confused because you have only read the piece of an article not linked in the OP. Personally, I find un-linked portions of articles in an OP inferior to complete article, multi-source detailed information. But hey, maybe you should just go with the OP and pretend no other information exists.

Anyway, I wonder what the OP's source was, because the OP quotes this:

Pentagon spokesman Bryan Whitman said the US military continually evaluated the technologies it used and quickly corrected any potential problems it discovered.

"There's potential vulnerabilities in all of our systems," he said.

The BBC article:

Responding to the reports, a Pentagon spokesman said: "The Department of Defense constantly evaluates and seeks to improve the performance and security of our various systems and platforms.

"As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security. As a matter of policy, we don't comment on specific vulnerabilities or intelligence issues."

http://news.bbc.co.uk/2/hi/middle_east/8419147.stm


It seems almost like the OP was trying to imply that the drone problem extended to other systems. Without a link for that quote... I'm forced to assume the OP invented it for that purpose, as the BBC article clearly makes no such quote.

 

[FriendlyFire]

Did you guys know the military compound I work in doesn't have armed patrols securing the perimeter? No guard dogs either. No electric fences. No fences at all actually. In fact not a single member of the military is even armed! On top of that there are no fire arms here period!

It is actually hilarious to watch some of the same people here who talk about the US having a bloated military with too many and too expensive toys jump on every instance of the US not having the most advanced and expensive equipment in use for every little thing be some sort of blunder. Its sureal actually.

Did you know that I, a member of the US military, is forced to use ball point pens instead of gel!

Those terrorist dont have a chance.
Couldnt you at least smuggle some box cutters in or something ?

Dammm government cant do anything right.

 

[MobBoss]

It was just a matter of coming up with the properly vetted excuse to be delivered by a retired general on Fox News, as usual.

A glaring design error like this is far from being a "mistake".

An you have absolutely no idea whether or not it "compromised a mission".

How do you know its a design error?

like Pat says, it requires line-of-sight, however, Predators can fly so high and are small enough as to be practically invisible. Not sure if you knew that or not.

 

[Ecofarm]

An you have absolutely no idea whether or not it "compromised a mission".

You really need to read something other than the unverifable quotes in the OP.

"There did appear to be a vulnerability," the defense official said. "There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so."

http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hpp_MIDDLETopStories


That article was cited and quoted, ummm... right above your post (note time stamps).

 

[Karalysia]

Iraqi's hacking our drones, Iranians hacking our Twitter. Something evil is afoot.

 

[Ecofarm]

So, anyone care to speculate how the US military could have been so stupid as to leave this link unprotected?

I wonder what else is left unprotected by the US military...
This is a blunder.

Sometimes the military makes stupid errors, and this is a stupid error.

The U.S. official, who asked not to be identified because he was not authorized to discuss the information, said no U.S. troops or combat missions had been compromised because of the intrusion...

A senior defense official who was not authorized to speak about the security breach said, "This was an old issue for us and it has been taken care of," but he would not elaborate on what specifically had been taken care of.

The official said that many of the UAV feeds need to be sent out live to numerous people at one time, and encryption was found to slow the real-time link. The encryption therefore was removed from many feeds...

One U.S. official said special operations troops identified the threat "years ago" in Iraq and over the past two years have been "vastly improving" encryption on their various communications systems, including full-motion video.

some points of Clarification...
4) The Afghanis did this

The breach by Iranian-backed Shiite militants was discovered late last year, according to U.S. military and defense officials...

Iran has been pushing the SkyGrabber-like technology to Shiite militants in Iraq essentially to see what the United States is looking at because Iranians believe they will be invaded next.

http://www.cnn.com/2009/US/12/17/drone.video.hacked/index.html

 

[Dark Ascendant]

Huh, it's not limited to drones.

http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can-snoop-on-most-us-warplanes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+WiredDangerRoom+(Blog+-+Danger+Room)

Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought.

The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq.

But those early units were “fielded so fast that it was done with an unencrypted signal. It could be both intercepted (e.g. hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program. In a presentation last month before a conference of the Army Aviation Association of America, a military official noted that the current ROVER terminal “receives only unencrypted L, C, S, Ku [satellite] bands.”

So the same security breach that allowed insurgent to use satellite dishes and $26 software to intercept drone feeds can be used the tap into the video transmissions of any plane.

The military is working to plug the hole — introducing new ROVER models that communicate without spilling its secrets. “Recognizing the potential for future exploitation the Air Force has been working aggressively to encrypt these ROVER downlink signals. It is my understanding that we have already developed the technical encryption solutions and are fielding them,” the Air Force officer notes.

But it won’t be easy. An unnamed Pentagon official tells reporters that “this is an old issue that’s been addressed.” Air Force officers contacted by Danger Room disagree, strongly.

“This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).”

Which presents all sorts of problems. Let’s say a drone or an A-10 is sent to cover soldiers under fire. If the aircraft has an encrypted transmitter and the troops have an unencrypted ROVER receiver, that surveillance footage can’t be passed down to the soldiers who need it most.

“Can these feeds be encrypted with 99.5 percent chance of no compromise? Absolutely! Can you guarantee that all the encryption keys make it down to the lowest levels in the Army or USMC [United States Marine Corps]? No way,” adds a second Air Force officer, familiar with the ROVER issue. “Do they trust their soldiers/Marines with these encryption keys? Don’t know that.”

Since the top commander in Afghanistan, General Stanley McChrystal, issued strict new guidelines on the use of airstrikes, the United States has turned nearly every plane in its inventory into an eye in the sky. Sending video down to those ROVER terminals has become job No. 1 for most American air crews flying today.

And U.S. troops fighting in Iraq and Afghanistan have come to depend on the feeds. “For sure,” Lt. Col. Greg Harbin told the Los Angeles Times, “I would be dead without this technology.”

Still, some Air Force officers downplayed the significance of the ROVER’s security hole. “If you’re an insurgent, you need to know when and where [aircraft] are flying and then be within the line-of-sight footprint of the feed for any chance of successfully using the information real-time,” one officer writes. “This is much to do about nothing. You have bigger fish to fry.”

“The ranges on these signals is not very great, they are low-power and intended for line-of sight communications. A risk has been identified, [but] it poses limited immediate operational or tactical risk, and certainly does not outweigh the value of thee capabilities,” a second notes.

I have immense respect for both of these officers. But I’m not sure I buy their arguments. If real-time video feeds are valuable to U.S. troops, then it stands to reason that the footage is valuable to insurgent forces, as well. Either this is important data — and worth protecting — or it isn’t.

UPDATE: Some military drones are “particularly susceptible” to having their video tapped, a senior military officer tells Danger Room. That’s because these smaller unmanned aircraft — like the Shadow, Hunter, and Raven — broadcast their surveillance footage constantly and in every direction. All you have to do, basically, is stand within “line of sight” of the drone, and you can tap in. “It’s like criminals using radio scanners to pick up police communications,” the senior officer says.

Larger aircraft — both manned and unmanned — are a little less vulnerable. They can shut off their video feeds if no friendly forces are watching at the time. And they can “neck down” those omnidirectional signals a bit. So it’s more difficult to intercept the transmission. The officer contends that there have “not been any significant — not any impact — on operations as a result of this.”

Still, systems like the ROVER (and the Predator, for that matter) were “built to be cheap. They used commercial off-the-shelf hardware. We wanted to get stuff out there. So it’s not gonna be perfect,” the officer adds. “So yeah, if we’re broadcasting in the electromagnetic spectrum and you’re underneath the footprint, you can receive it. Duh-uhhhh.”

"Duh" indeed. That's why you encrypt it.[/quote]