http://online.wsj.com/article/SB126102247889095011.html?mod=igoogle_wsj_gadgv1& (http://online.wsj.com/article/SB126102247889095011.html?mod=igoogle_wsj_gadgv1&)
QuoteWASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington's growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.
:facepalm:
I've been waiting for this :lulz:
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Quote from: Slanket the Destroyer on December 17, 2009, 06:07:49 PM
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Correct motorcycle. Still funny as hell though! I bet the developers did an assessment and figured it encrypted video would be a greater operational risk than some smart Iraqi peeking at the video feed. way to underestimate your threats :lulz:
Were the drones running on Windows Vista?
RWHN,
-going for the low hanging fruit.
Quote from: Doctor Rat Bastard on December 17, 2009, 06:42:00 PM
Quote from: Slanket the Destroyer on December 17, 2009, 06:07:49 PM
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Correct motorcycle. Still funny as hell though! I bet the developers did an assessment and figured it encrypted video would be a greater operational risk than some smart Iraqi peeking at the video feed. way to underestimate your threats :lulz:
I don't get it.
As it stands, I think there's more to this story than we are being told.
Why would they use an unencrypted feed? Why would the military accept that? My experience in the defense contractor field has shown me that military PMs are SERIOUS anal about classification/encryption/information security.
and the contractors are more than happy to oblige, because then we can hem and haw about how difficult the needed measures are, and how expensive it will be, etc. so they throw more cash at us.
It just seems improbable to me....
Quote from: Rev. What's-His-Name? on December 17, 2009, 07:12:49 PM
Were the drones running on Windows Vista?
RWHN,
-going for the low hanging fruit.
Oh gods no... Not nearly enough new hardware to support Vista!!!
Quote from: Iptuous on December 17, 2009, 07:31:47 PM
Quote from: Doctor Rat Bastard on December 17, 2009, 06:42:00 PM
Quote from: Slanket the Destroyer on December 17, 2009, 06:07:49 PM
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Correct motorcycle. Still funny as hell though! I bet the developers did an assessment and figured it encrypted video would be a greater operational risk than some smart Iraqi peeking at the video feed. way to underestimate your threats :lulz:
I don't get it.
As it stands, I think there's more to this story than we are being told.
Why would they use an unencrypted feed? Why would the military accept that? My experience in the defense contractor field has shown me that military PMs are SERIOUS anal about classification/encryption/information security.
and the contractors are more than happy to oblige, because then we can hem and haw about how difficult the needed measures are, and how expensive it will be, etc. so they throw more cash at us.
It just seems improbable to me....
Yes, but I have seen the millitary pull the 'security by obscurity' card a few times... They may have falsely assumed it would be 'too hard'.
Either that, or there was a bug in the code that left the feed unencrypted. I recently audited a security app for a side job... they had a script that was wiping data on a daily basis. Then they added code to encrypt the data while it was there for the one day.
The person that wrote the 'wipe' program though had written it to look for a specific string of characters... since those characters were encrypted... the wipe program did nothing and they had months of data on the system.
Quote from: Iptuous on December 17, 2009, 07:31:47 PM
Quote from: Doctor Rat Bastard on December 17, 2009, 06:42:00 PM
Quote from: Slanket the Destroyer on December 17, 2009, 06:07:49 PM
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Correct motorcycle. Still funny as hell though! I bet the developers did an assessment and figured it encrypted video would be a greater operational risk than some smart Iraqi peeking at the video feed. way to underestimate your threats :lulz:
I don't get it.
As it stands, I think there's more to this story than we are being told.
Why would they use an unencrypted feed? Why would the military accept that? My experience in the defense contractor field has shown me that military PMs are SERIOUS anal about classification/encryption/information security.
and the contractors are more than happy to oblige, because then we can hem and haw about how difficult the needed measures are, and how expensive it will be, etc. so they throw more cash at us.
It just seems improbable to me....
Well, I would argue that being able to see what the UCAV sees before it strikes is not going to do too much for you. You sure as shit can't outrun their missiles. They could also use satellites to do the initial monitoring, provided there wasn't a lot of cloud cover.
That said, they probably also figured that the odds of them doing this weren't too good to begin with. Considering the fact that it's taken them THIS long to figure out they could do this would lead me to believe that the military wasn't terribly inaccurate in that assessment.
The only technical reason I could think of why they might do this would be to keep the delay in the feed to a minimum, but I don't really know a lot about encrypted video feeds so this may or may not be a problem.
That said, I wouldn't be surprised if they did end up encrypting the feed or using the feed to trick their targets. That's what I would do anyways, make a false feed and lead them to believe that they're going to be attacked, encouraging them to make a run for it or otherwise tip their hand.
Quote from: Slanket the Destroyer on December 17, 2009, 07:38:03 PM
That said, I wouldn't be surprised if they did end up encrypting the feed or using the feed to trick their targets. That's what I would do anyways, make a false feed and lead them to believe that they're going to be attacked, encouraging them to make a run for it or otherwise tip their hand.
This was my immediate thought as well. I wondered if they, in fact, were not planting this story to cause the enemy to do just that...
Or someone is pushing the story in the hope that it'll cause a flurry of encryption and security related purchases.
Quote from: Cain on December 17, 2009, 08:26:46 PM
Or someone is pushing the story in the hope that it'll cause a flurry of encryption and security related purchases.
I love the way you think.
Hehe, this ^
Also,
Quote from: Iptuous on December 17, 2009, 08:08:00 PM
Quote from: Slanket the Destroyer on December 17, 2009, 07:38:03 PM
That said, I wouldn't be surprised if they did end up encrypting the feed or using the feed to trick their targets. That's what I would do anyways, make a false feed and lead them to believe that they're going to be attacked, encouraging them to make a run for it or otherwise tip their hand.
This was my immediate thought as well. I wondered if they, in fact, were not planting this story to cause the enemy to do just that...
I'd like to think that they are this clever. If not, I'd be happy to offer my services in this sort of thing in exchange for a commission.
Heh, Lieutenant Slanket. It does have a ring to it...
Quote from: Slanket the Destroyer on December 17, 2009, 06:07:49 PM
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Um, how's that not a hack?
As I explained in the other thread, it's like stage magic tricks, as soon as you know how it's done, it's no longer special?
If you'd frame it as "gathering information from an unexpected side channel", would it be hacking?
IMO, picking up communications from a military drone plane using a piece of cheap electronica is a hack.
"Van Eck phreaking" is also picking up an unencrypted signal using cheap electronica. Is that not a hack?
====
BTW my best guess about the reason why they didn't opt for encryption would be that they have certain legacy communication hardware that would not be able to process it. Just a guess, but it sounds like one of those very typical scenarios. "we're not going to replace all our field scanners."
My bet is that they either just didn't turn it on, or they cut it from the final product because cuts to the computing capability meant it couldn't handle the encryption.
Treating a final product like its the superior (and more expensive) prototype seems to be a theme with the military.
Quote from: Doctor Rat Bastard on December 17, 2009, 08:45:39 PM
Quote from: Cain on December 17, 2009, 08:26:46 PM
Or someone is pushing the story in the hope that it'll cause a flurry of encryption and security related purchases.
I love the way you think.
Well, it is the WSJ. Its readers are mostly businessmen and think-tanks hawks (who are heavily invested in military-related corporations, but sssssssh! its a
secret) and anything that identifies a potential weakness which they can then sell solutions to will go down well. Expect a flurry of articles from AEI and the Heritage Foundation on information security soon.
On the other hand, John Robb (http://feedproxy.google.com/~r/typepad/rzYD/~3/Bsz2H76JoIQ/super-empowerment-hack-a-predator-drone.html) thinks it is real. I suppose there probably are specific difficulties concerning encryption for each unit (they were rolled out in 2001....using pre-2000 tech), not to mention the military's constant ability to both overestimate and underestimate their enemies at the same time ("terrorists are gonna blow up THE WORLD!!!?!!/ we can easily defeat a bunch of ragheads"), so it seems possible.
Also, this software was originally designed in Russia to steal media files from peoples satellite internet downloads. How cool is that?
Quote from: Cain on December 18, 2009, 10:10:10 AM
Quote from: Doctor Rat Bastard on December 17, 2009, 08:45:39 PM
Quote from: Cain on December 17, 2009, 08:26:46 PM
Or someone is pushing the story in the hope that it'll cause a flurry of encryption and security related purchases.
I love the way you think.
Well, it is the WSJ. Its readers are mostly businessmen and think-tanks hawks (who are heavily invested in military-related corporations, but sssssssh! its a secret) and anything that identifies a potential weakness which they can then sell solutions to will go down well. Expect a flurry of articles from AEI and the Heritage Foundation on information security soon.
On the other hand, John Robb (http://feedproxy.google.com/~r/typepad/rzYD/~3/Bsz2H76JoIQ/super-empowerment-hack-a-predator-drone.html) thinks it is real. I suppose there probably are specific difficulties concerning encryption for each unit (they were rolled out in 2001....using pre-2000 tech), not to mention the military's constant ability to both overestimate and underestimate their enemies at the same time ("terrorists are gonna blow up THE WORLD!!!?!!/ we can easily defeat a bunch of ragheads"), so it seems possible.
Also, this software was originally designed in Russia to steal media files from peoples satellite internet downloads. How cool is that?
That is probably overoptimistic. I'd be surprised if they were using better than pre 90s tech (joking, slightly).
No, you're probably right. The actual tech behind it isn't too hard, as I understand it the problem was bandwidth (which is not such an issue now).
Anyway, it seems possible. Just because the US military is competent in some areas of information security doesn't necessarily mean it is competent in all areas. It's a bloated mess run by the whims of senators recieving kickbacks from defense contractors, its not exactly run according to what it needs, and more like what allows for the most money to be shunted into private hands.
I'd actually guess early to mid nineties tech, the military seems to like that stuff. Which makes sense really, its cheap, well understood, doesn't suffer from supply chain nightmares* and lowish in power.
Just not suitable for encrypting high bandwidth communications.
*At least, not as bad as the supply chain for modern kit.
Incidentally, the Skygrabber website is currently down.
Quote from: Triple Zero on December 17, 2009, 11:03:20 PM
Quote from: Slanket the Destroyer on December 17, 2009, 06:07:49 PM
I wouldn't really call this hacking. More like looking at an unencrypted feed.
Um, how's that not a hack?
As I explained in the other thread, it's like stage magic tricks, as soon as you know how it's done, it's no longer special?
If you'd frame it as "gathering information from an unexpected side channel", would it be hacking?
IMO, picking up communications from a military drone plane using a piece of cheap electronica is a hack.
"Van Eck phreaking" is also picking up an unencrypted signal using cheap electronica. Is that not a hack?
====
BTW my best guess about the reason why they didn't opt for encryption would be that they have certain legacy communication hardware that would not be able to process it. Just a guess, but it sounds like one of those very typical scenarios. "we're not going to replace all our field scanners."
I don't know, I believe the term "hack" is being overused and misapplied a LOT these days. They're using commercial software pretty much for its intended purpose (they just happen to not be the intended users or the intended target). This was just a happy coincidence for the terrorists that occurred thanks to lax security on the military's part. If you want to call this hacking then every retarded script kiddie and every person who jailbreaks their iPhone or roots their Pre through automated software is a hacker.
I disagree with how the term is "hack" is being used by the media these days.
==
The legacy hardware explanation does make sense, they use a lot of outdated equipment because of its reliability. NASA does the same thing.
also, i've heard it said that they are 'hacking the drones' which is right out...
Yeah, but they should. Make the next decade of warfare more hilarious, at least.
http://www.networkworld.com/news/2009/121809-drone-video-traffic-intentionally-unencrypted.html
"The reason the U.S. military didn't encrypt video streams from drone aircraft flying over war zones is that soldiers without security clearances needed access to the video, and if it were encrypted, anyone using it would require security clearance, a military security expert says."
"Kahn says that the video information loses its value so rapidly that the military may have decided it wasn't worth the effort to encrypt it. 'Even if it were a feed off a drone with attack capabilities, and even if the bad guys saw that the drone was flying over where they were at that moment, they wouldn't have the chance to respond before the missile was fired,' he says"
"Classified data would have to be encrypted using hardware encryption, which would require upgrades of a significant amount of equipment, and the military might have determined it just wasn't worth the effort. The military likes to minimize hardware encryption especially in devices used in the field in case the gear falls into the hands of the enemy, Kahn says. 'The answer to the question of why people know about the hole and allowed it to persist is that it was so difficult to plug the hole,' he says. 'There was a legitimate need for people without clearance to see the data, so a decision was made to let it continue. Now they know it was exploited, they need to close it.'"
Looks like we were all pretty close on why they didn't encrypt it.
I heard from some people I know that the OSD under Rumsfeld's malign guidance was to blame, that they instituted a culture of contempt for those who urged caution and security, no matter what the topic. Sounds halfway plausible, from my own reading on how the Pentagon was run.
Yeah, from what I understand Rumsfeld was a real piece of shit when it came to safety and security... and pretty much everything else...
I am going for either ignorance or legacy problems, still. The whole "security clearance" and "hardware encryption might fall into enemy hands" reasons are horseshit.
Or bureaucracy. Which is basically a combination of ignorance and legacy problems.
(http://punditkitchen.files.wordpress.com/2009/10/political-pictures-china-olympic-bureaucracy-fireworks.jpg)
Why is it so hard to encrypt a video signal properly then? Because it's analog? Because digital encryption is easy as fuck, XXTEA is a secure symmetric cipher* that requires like 5 lines of bit shuffling code or can be computed with a simple, cheap and fast hardware chip.
then it becomes a problem of distributing the key of course, which is the security-clearance issue mentioned.
(*unsure if it's "military grade"--whatever that means--but it has no known vulnerabilities, and even if you'd be up against an insurgency of cipherpunks, the timeframe required would most likely render the information near-useless)
Hm yeah if it's mpeg it's digital. And you'd think the military has some kind of protocol in place for dealing with keys that are valid for just one week or something, with a lower security clearance.
Now its not diffficult to encrypt a video stream... in 2001 the hardware was still a bit off and it may be that these drones have a low carrying capacity I dunno.
However, there are plenty of ways to do secure keys... DUKPUT is one option (these would all be symetric keys which could be used with an XXTEA implementation.
DUKPUT (Derived Unique Key Per Transaction) is a key management protocol used in PIN PAD devices here in the US. Basically, you start with the Base Derivation Key (BDK). The BDK is located in two places Point of Encryption and Point of Decryption. Both locations are Tamper Resistant to protect the BDK. At the beginning of the life of the device an IPEK (Initial PIN Encryption Key) is injected. These two keys then create a finite set of 10,000 or so "Future Keys". The cryptogram that is created has a KSN (Key Serial Number) which the back end recognizes and can pull the correct key from the Future Keys to decrypt. Each key is then invalidated after use (like a One Time Pad).
So after all the 'Future Keys' have been used, a new IPEK has to be injected to create another batch of keys. If a device is compromised it compromises ONLY that device and the Future Keys for that device. Hopefully its in a Tamper Resistant case and fries everything when someone tries to open it.
The Private/Corporal etc monitoring the system would not need access to any keys at all... in fact, if the developer was smart I bet they could implement a two-layer approach... DUKPUT for the initial connection and then use something like WPA/TKIP to generate unique session keys every 5 seconds or 100 packets or even for every packet.
DirectTV etc is easy to unscramble because a lot of people have the codes. With a drone the only people who need the code are the spyplane and the computer that receives the video.
I just don't get why there's paperwork involved, encryption is advanced enough that you can encrypt *everything* on a network and let the computers handle it (my last job did this). *not* using encryption is what required the paperwork.
For something as sensitive as the military I would have thought they would take the same attitude.
This is exactly why the military should adopt my idea for an entire new division of military. Take a mixed bag of specialists in IR, espionage, and technology, a weak ass budget, and tell them to find out ways to beat us. It would cost about as much as a Pentagon bathroom, and it might actually work.
They already do that. It's called "Red Teaming".
They then go on to ignore whatever results are gained from such explorations, and punish (in various ways, whether through bad postings, decreased budgets etc) those on the Red Teams responsible for making the Pentagon look bad. The War Nerd explains (http://www.exile.ru/articles/detail.php?ARTICLE_ID=6779&IBLOCK_ID=35&PRINT=1) at least one time this has happened.
It's not exactly hard to outthink or outfight the US military, anyway. Play to the expectations of whatever latest military theory fad is going around, then subvert those expectations quickly and horribly, be prepared to die for your cause and don't fight by the international law version of the rules of warfare and you'll come out with at least a draw. Against the most heavily funded military organization in the world. This is because, in part, the US military is wedded to a strange version of "reason" which cares far more for the process by which things are done than whether or not they work, partly because the General Staff are trained to think like businessmen and not strategists and partly because the whole thing is funded by pigs gorging themselves on the blood and treasure of the nation, who don't give a fuck whether America wins or loses a war because America is an "indispensible nation" at the heart of world economic and political power and so probably wont ever feel the effects of failure like other, "lesser" nations do.
Hegemony is just another word for "being so big your own stupidity doesn't quite kill you".
I love the war nerds rants on aircraft carriers :D
for those interested,
Bruche Schneier's take on the story, be sure to check out the many insightful comments, some of the replies seem to really know what they talk about [though they could also be just bullshitting]
http://www.schneier.com/blog/archives/2009/12/intercepting_pr.html
and another link from those comments:
http://mobile.darkreading.com/9319/show/8efa5242f193f42fd65217e426b90198&t=a1e8b07e0d2ca5fe814294aa6c46e994
All of the metadata on the Predators was unencrypted too, I just recently read. Meaning it was in fact useful to insurgents.
You know what aid agencies should do? They should hand out laptops with all the kit needed to hack predators in remote regions of Pakistan. Maybe that way the blasted drones wouldn't have a 95%+ civilian casualty rate. Because they do. And that sucks. Even the English cricket team has a better batting average than that.
Quote from: Cain on December 25, 2009, 09:13:04 PM
They already do that. It's called "Red Teaming".
They then go on to ignore whatever results are gained from such explorations, and punish (in various ways, whether through bad postings, decreased budgets etc) those on the Red Teams responsible for making the Pentagon look bad. The War Nerd explains (http://www.exile.ru/articles/detail.php?ARTICLE_ID=6779&IBLOCK_ID=35&PRINT=1) at least one time this has happened.
It's not exactly hard to outthink or outfight the US military, anyway. Play to the expectations of whatever latest military theory fad is going around, then subvert those expectations quickly and horribly, be prepared to die for your cause and don't fight by the international law version of the rules of warfare and you'll come out with at least a draw. Against the most heavily funded military organization in the world. This is because, in part, the US military is wedded to a strange version of "reason" which cares far more for the process by which things are done than whether or not they work, partly because the General Staff are trained to think like businessmen and not strategists and partly because the whole thing is funded by pigs gorging themselves on the blood and treasure of the nation, who don't give a fuck whether America wins or loses a war because America is an "indispensible nation" at the heart of world economic and political power and so probably wont ever feel the effects of failure like other, "lesser" nations do.
Hegemony is just another word for "being so big your own stupidity doesn't quite kill you".
The portion in bold is why I spend half of my time at work banging my head against my desk and cry at least once a week.
Managerialism in general and McNamara in particular have a lot to answer for. Of course the man who nearly caused a nuclear crisis in Europe and got the Third World addicted to cheap loans probably should have never been a model for military planning and organization, which only makes me think perhaps things were even worse before he showed up. :x
Jesus wept. How do I fix this horrible mess?
Fighting them plays into their hands.
Ignoring them plays into their hands.
Talking about it doesn't seem to work.
Discrete acts of sabotage on a massive scale would work. This is exactly what humans are bad at.
Where is my damned army of political subversion androids?
Ah right, that's what I was building. Thx for reminding me.
Quote from: Felix on December 31, 2009, 07:30:36 AM
Where is my damned army of political subversion androids?
I believe they're running the Pentagon currently.
UPDATE:
I talked with an Air Force Institute of Technology guy who was around recruiting at our school, and he said the reason the video channels weren't encrypted was just deadlines and stuff. The possibility of intercepting the drones' video was determined to be too low-risk to be worth delaying the deployment of the drones; and besides, that sort of vulnerability could always be fixed later. And then, in the typical security paradigm, vulnerabilities are never high enough priority to fix until after they've already been taken advantage of.
Quote from: Horrendous Foreign Love Stoat on December 24, 2009, 07:09:39 AM
If I was the military, II'd broadcast loads of faked up footage
actually not a bad idea, create such a hugh static that to search the channels for the real feed,
except that would tip them off a missile was inbound. but for long term engagements
and would be easier then putting a part of a ciper on the missle
not COST MORE, but "becuz of deadlines and stuff". it's worse, it's not even cost-effective, just generally incompetent.
I'm sure deadlines was part of it.
Along with the impression that Al-Qaeda and the Iraqi insurgents were a bunch of Arab morons who barely had the technical skill to pull a trigger on an AK-47, instead of being fairly sophisticated and strategic thinkers who were used to exploiting the weaknesses of technologically more sophisticated rivals.
Latent racism and/or disdain for ones enemies tends to cause people to be sloppy about such things. And there was plenty of both circulating post 9/11.