I have a thought. How about next time the military just flies one of these things down to Defcon and lets people have a go. The hackers get a cool toy to play with a for a day and the military gets a free fairly sophisticated penetration test. I'm sure the flaw would have been found; instructions on how to intercept satellite data with about $100 worth of hardware have been floating around for years. I'll edit this post in a minute with details for anyone that's interested.
That setup is enough to pick up signals from satellites (locations: http://www.google.com/#hl=en&q=satellite+index). If you do this as a hobby you might want to spend the money on a motor to tilt/pan your dish for you. ;-) The article implies that such a setup is pretty much what the insurgents used to intercept video from the drones. The drone bounces its video up to a satellite and the satellite bounces back down to the operator. The insurgents just grab it when it's coming down to the operator from the satellite. I'm pretty sure (or at least I hope) the receiver would have to be modified to decompress/decrypt the drone data properly. It'll do just fine if you're scanning for legit TV signals.
The later is true. There is a large, high througput, revolving door between DoD and large contractors. Yesterday's generals are today's board members and C*Os of large defense contractors.
When something is purchased, or a bid is chosen, it is often because of those conections not because a product is inherently better.
This is also an apt description of the relationship between the FDA and large pharmaceutical companies. Also, the USDA and large food companies. There are likely many more examples. It's a systemic problem of our structure of government.
The trick is: who better to run a military contractor than former military men? Who better to run a food company than someone who has worked in the USDA?
These are natural career paths for those individuals that make perfect, natural sense and --in and of themselves-- aren't a real issue.
The real issue is that our government can too easily reward individual companies or industry groups with hand-outs.
If a single general couldn't essentially hand a contract to a supplier on his say-so, that supplier gains nothing by bribing them with a future board position.
What we really need, is for it to be more difficult for individuals to drive contract selection and for the standards for passing a bailout, tariff or corporate welfare program to be much higher.
Perhaps by requiring such legislation to be stand-alone bills, and requiring an oversight office to evaluate contract selection.
> Who better to run a food company than someone who has worked in the USDA?
Are you asking as the food company, or as the proverbial "concerned citizen?"
Because I would want the USDA to work for me, since I am paying my taxes. I want it to do its job and protect me from Kraft selling me salmonela infested cookie dough. It is hard for USDA to do that when they expect to be hired by Kraft and be payed large bonuses and salaries in the future.
> The real issue is that our government can too easily reward individual companies or industry groups with hand-outs.
The other serious problem is that individual companies can easily 'reward' (read 'bribe') their friends in high places so they can turn a blind eye and in turn harm the public.
I have the naive desire to have a government that would take care and protect its citizens. I don't have the time and the resources to carry a microscope and a bacterial toolkit to the grocery store when I buy meat or eggs. I expect to pay my taxes and USDA to do its job.
As a concerned citizen, naturally I don't want the USDA Director working for Kraft. But what do I care whether the director goes on to work at Kraft afterwards? Or even came from Kraft in the first place?
I'd prefer we have qualified people in public office. Proven managers, subject-matter experts, etc. If we erect a wall between private industry and public service, we're not going to get that.
If there's a problem with the director of the USDA being able to let his former-employer slide, that's a separate problem than where (s)he came from or is going. I'd prefer we deal with that, than try to police people's careers.
It's a systemic problem of our structure of government.
True but misleading. Regulatory capture is a feature of regulated industries full stop. It just happens faster when the players whether buyers or sellers are concentrated.
it's not necessarily our structure of government. regulation (using the law to prevent certain economic activity rather than economic incentives) is always prone to falling under the influence of those it is trying to regulate. I believe it was taleb who compared financial regulation to a chess game between regulators and the regulated.
Improper use of encryption has been a military problem forever. (I seem to recall problems even in Classical warfare.) It just gets bigger with more communication technology.
AK is the Perl of the weapons. I had to use AK-47 for year (serving in the Bulgarian army). It was easy to clean, assemble, disassemble, but every weapon was a bit-off due to the production (or heavy usage, don't know). So to get good results you have to learn where your weapon strays.
How much does that affect a user? I mean, if you take the time to learn how much it strays, are you at that point just as accurate as someone with a more accurate weapon?
All rifles do this a bit; snipers/designated marksmen get very accustomed to their personal weapons, and need to take time to re-acclimatize with any other rifle. For a regular line infantryman in a modern army who is mainly using his rifle for suppressive fire it doesn't significantly reduce his effectiveness.
In real close-to-mid-range combat, this matters even less (unless you're a marksman). It's rare that you'd have time to properly line up the sights and take one really good shot. What really matters in that situation is knock-down power, reliability, and the shooter's training.
They are also stupid easy to manufacture. The design has been copied numerous times as well. Basically, they are the Honda Civics of military weapons. Cheap, easy to use, reliable, easy and cheap to fix when they do break, and lasts forever.
I've seen AKs in 3rd world countries that were probably less than 20% original parts.
No, you don't have to modify the receiver, card captures IP traffic just out of the box with right software. There was another free alternative to SkyGrabber that runs on Linux, but I can't recall the name now.
I remember hearing about people intercepting well feeds that the networks would send (east coast to west coast etc.). They would use the big old dishes for it.
This is probably made up, but I heard that sometimes the well feeds contained worse-case scenario what-if's that news stations would prepare content for in advance. Like meteors hitting, plagues, etc.
Maybe. I've seen some unencrypted emails (html page from web-based emails) hit my box. But it was usually junk when I run it for half an hour last time.
Well I was assuming the user was using a TV, but yeah, obviously you need a PCI receiver card if you want to interface with a computer. But thank you for the much needed technical details. I haven't played with it in a year or two and was basically just going off of memory.
Oldest mistake in the book: since the adversaries dress differently, speak a different language, and are a different race, assume they must be idiots.
The WSJ reporter fell into the same trap: Iraqis and Afghans couldn't have figured out how to tap a video feed on their own; they must have had Iranian help.
"At times, they acted like amateurs," Dani said, listing some ways the Serbs managed to breach NATO communications security, including eavesdropping on pilots' conversations with AWACS surveillance planes.
OK, so they shot a smaller, faster moving target. The original point still stands.
It was an F-117. Yes, most "F" aircraft are air-to-air fighter aircraft. However F-117 is mostly used to attack ground targets, so it's "F" should be more like an "A" (If you want to nitpick that is ;-) )
Though no-one knows for sure, it's also been rumored that the fighter designation was done as a security measure to hide the true purpose of the aircraft, or that the F-117 designation existed in early planning documents and was simply never changed once the aircraft became a reality.
It's also not the first attack aircraft to carry a fighter designation; the F-111 long-range attack aircraft also carried that designation (though in that case it was because the aircraft was originally meant, in part, to fill an Naval air-defense fighter role).
Actually, they are both subsonic aircraft and have a very similar top speed. The F117, however, has a larger radar cross signature, which makes it appear as a larger aircraft than the B2 in a radar return.
It's been a decade since I read much about it, but this site states that the F-117 has a radar cross section of 30 square centimeters while the B-2 has an RCS of 14 square centimeters.
I rather think it was the classic pointy-haired boss mistake. "I can't understand this video feed stuff, so those towel-heads shouldn't be able to either!"
Awesome quote: "Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator’s price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies."
"Seriously man, you're going to want to encrypt this. I know it's an extra 10k, but you've already spent 50 million. And I really think we should stick with Blue on the wings."
"Nah, ditch the encryption. We're already over budget. But please do change the wings to green... wait red... now let's see your blue again?"
New definitions of words creep into usage all the time, and this is one I've been noticing.
Folks are using "pirate" to mean "intercept" or "surreptitiously copy", rather than the traditional usage (leaving aside the even older meaning, of course) of simply "distribute copyrighted material".
Isn't "pirate radio" a radio station that broadcasts illegally? If I am listening to my local pirate radio station, I myself am not a pirate. I think the use of pirate here is just to sensationalize the situation.
Having an unencrypted video broadcast on a military drone is just a dumb idea by whoever manufactured it. Encryption would seem to be the most minimal requirement for such an application.
I agree that the transmission should be encrypted, but I think the usefulness of the video feed to insurgents is overstated. You can hear and see the drones overhead, so it is pretty clear if your area is under surveillance.
I agree. My first thought when reading the article was "WTF? No encryption?". Would be interested in learning more about the company that makes these, and how something so obvious was not done.
If they were first deployed in the 1990's, the technology was developed in the 1980's. Easily deployable software to grab the signals out of the air was probably outside the realm of what seemed possible then.
Consumer satellite TV was around from the early 80's, and the struggle to scramble the signal in ways that people wouldn't get around to get free TV started promptly... They really had no excuse - while they might not expect some random guy with a little dish and a laptop, they should have been expecting hostile governments from easily having the capability.
Reminds me of Brian Singer's documentary "Spin," which is no longer available on YouTube. It was made of raw Satellite feed going down to local news stations.
Well, to be more accurate, I believe what you're saying, but I don't believe that it is a valid excuse.
Most of the functionality of these drones could be duplicated with nearly off-the-shelf hardware. (at least off-the-shelf for Boeing/Lockheed/General Dynamics/Raytheon/etc).
Part of the problem is that the military awards contracts that are sometimes decades long. What was "good enough" security in 1990 is not looking so hot 20 years on. The US military machine may not perform as well as it has in the past in the new era of betas, hotfixes and patches.
I will not be at all surprised when insurgent "rc-plane" drones start showing up with cell phones, arduinos, grenades and duct-tape.
The gas jet propelled ones have max speed of 200mph, while predators have 135mph. Can't wait for some sort of anti-predator with EMP gun or something making the 5M investment look stupid :)
[With some kick ass AI doing the find-kill, soldiers shouting "f* NPCs"]
Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren't readily compatible, said people familiar with the matter.
If some Russian software could intercept it, it wasn't that proprietary!
I assume that's encrypted for obvious reasons. However, encrypting live video feeds requires a lot more prepossessing power than encrypting telemetry so they apparently left it out.
Honestly, from a classic military standpoint encrypted video does little for you. If you can intercept the transmission then you know where the drone is. The only advantage is knowing what it is looking at, but a traditional army is large enough knowing something is in the area is enough. It's only gorilla style fighting when it becomes particularly useful.
It is now, but I don't think this was intended to their primary mission profile when they were designed, over a decade ago. A lot of the intended uses were more traditional than the ones that reality has presented.
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.
This is actually a deeper problem - we (the US/UK/Western world) assumes the middle east doesn't have the same level of technical competency as us.
Iran is a pretty well educated country, and while Iraq and Afghanistan doesn't have the same level of education in the tech/science areas, there are many sympathizers who are well educated -- including educated in UK, US, etc.
There's actually a lot of comparisons to be drawn here with startup culture vs big business. Once again the smaller, less resourced are able to bring down the big players by being more nimble and not feeling the need to build everything "in house".
To the "in house" point - the US probably spent high $100ks of mine and other tax payers money building viewing software for these drones vs the insurgents who use $25 Russian shareware. Now, I'm not saying that the government should be running SkyCatcher to view streams - but I bet they didn't include opensource options into their video viewer solution that would have saved $$$ in upfront and ongoing maintenance costs.
Wow, It's amazing they couldn't fix this over the last decade. Even a simple obfuscation, anything is better than raw data that is so easily viewable and worse verifiable. I would assume there is plenty of people with experience encrypting and decrypting radio / satellite signals for the military in the US. Maybe the problem lies in it not being a software problem, but rather some horrid design that relegates it to hardware.
Either way now that this is public knowledge it needs to be fixed appropriately.
The problem is that the people in charge of deciding what to approve/buy for the Military are not qualified. They get the position of authority by being successful in the military not by proving they understand the technology of the things they are buying.
I can see how this happened. Say the military guy had two choices of what to buy for video feed products.
Product 1. Fully encrypted video 15 frames per second and a 5 second delay.
Product 2. No encryption video at 30 fps and 1 second delay.
At the demo he says "product 2 is much better lets get that". When product 2 is questioned about security they say something like "we have proprietary codecs". From the miliary guy's point a view a codec is just as good as encryption.
Whether this particular mistake was avoidable or not, the event raises bigger issues.
The military is building more and more lethal, radio-controlled robots.
No networked device can be guaranteed to be secure. Computers have been hacked since they existed. The hacking of satellites is endemic. A civilian hacker was supposedly holding a military satellite hostage a while back.
Thus this strategy makes it likely that hackers will get the ability to command a lethal device sooner or later.
The risks of this might be worth the rewards in terms of avoiding casualties, projecting power, etc.
But there hasn't been much public discussion of the choices that are involved here. There should be.
That poses an interesting technical question - how do you achieve military-grade encryption over a communications line with heavy packet loss (assuming the drone->satellite connection is like that)? Most self-synchronizing ciphers would have too much of a lag for real time operation.
Perhaps two synchronized pseudo-random number generators, driven by synchronized clocks, could be used for variable key generation for a symmetric cipher.
I am assuming that there already exists an encrypted communications channel between the ground and the UAV (command and control). So, it would be trivial to include a command to switch encryption keys at specific intervals.
As @noonespecial alludes to, some of the comments on the WSJ site and (less so) here are made incognizant of the complexities of the systems and timelines of procurement, testing and deployment.
@tsally the DEF CON suggestion is a good point. Because of ITAR, it is unlikely that the actual "toy" will be provided, but a comparable subsystem wouldn't be out of the question. E.g. The DoD regularly operates rapid reaction challenges with a simulated problem from theater - see http://www.kirtland.af.mil/news/story.asp?id=123120737 Something similar could be done with DEF CON.
I think it is important to maintain perspective when stories like this come out. Contrary to some of the comments, defense contractors and researchers/engineers at gov't R&D labs do put the priorities of the warfighter first. Consider that many of the engineers/contractors/researchers/etc working on technology development are combat veterans themselves.
While I want the US to pull out of Iraq as much as anybody, I think that you have to dead in the skull to root for the insurgents. Most of the problems in Iraq right now are primarily due to religious extremists terrorizing the locals and fighting with Americans to push their agendas. No matter how bad Iraq is now, it will be worse off if these people take over.
WSJ is really going down in journalistic quality, it seems. But seriously, problem known for a decade, "they're dumber than us so they can't use it" attitudes, in a device at that price point, you'd expect they'd think about these things. Reminds me of the Boeing report on Columbia. ( http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0... )
This is a grave oversight, but often it isn't the military that needs convincing of the intelligence of the enemy it is the politicians. These politicians and often news pundits have often said things such as why are we spending so much money on this war when we are fighting people who use sticks and stones.
So it is a catch 22 when you have to cater to the politicians you are often enabling your enemy. Not that I think we shouldn't have government or politicians and internal opposition, it is just that I wish politicians would do less grand standing and more actual thinking.
Do you think obsfucation and spam could solve this problem? Could they setup cheap broadcasters all over the place that constantly send out fake videos and develeop a sophisticated filter they can use themselves that the insurgents wouldn't have access to? Then they wouldn't have to rework the drones themselves, and they could constantly rework the spam and the filter to stay ahead of them.
There are a lot of simple, inexpensive measures that could be used to neutralize their advantages.
OTOH, if you know where are the satellites drones use and the frequencies they employ, it would be trivial to just set up a very directional antenna coupled to a high-power noise generator to render the drone's controllers more or less blind and the drones useless.
At least until they evolve into autonomous drones.
Is anyone talking about the potential to not just grab video but to send control signals? What if the enemy could actually take control of one of these drones? Is that channel encrypted?
How about sending back false video to not allow the true operators to know what is really going on or to generate false positives.
If an enemy could take control of a Reaper he wouldn't... Until it was returning to base at the end of its mission, at which point he'd fire its Hellfire missiles right into the control building. Then the dominoes would fall like a house of cards. Checkmate!
They say there's "no evidence" that they were able to take control of the plane's in flight. Since nobody bothered to encrypt the video feed, and they're saying there's "no evidence", it sounds to me like they also didn't bother to encrypt the control signals. Nice...
While I obviously think they need to close the security gaps, I just want to make a comment on your comment: it's that kind of thinking that keeps our taxes increasing and our economy in shambles.
I'm with @tsally on the solution to this kind of problem...
@tsally is advocating having 'real' hackers hack on the thing to find vulnerabilities. In this case though, the vulnerability was known but it would have cost more money to actually fix it. Having people attack the thing for vulnerabilities still wouldn't change the fact that you would need to pay however much money to do the fixing.
Where did I say 'just another million?' From where I stand, you seem to be opposed to spending more money on something to make it work, and I'm arguing that by agreeing with having hackers hack on the device doesn't fix it on it's own. It still costs money. Whether it's "just another million" or "just another $100,000" is irrelevant. The thing won't fix itself for free and at $20 million a pop it's a waste of money if the thing is broken.
Note: I'm not goading, trolling or whatever it is you think I'm doing. This thread is a conversation, and I'm responding to what you said.
EDIT:
* One possible LNB: http://bit.ly/7AGe7e
* Possible dishes: http://bit.ly/4NfMN1
* One possible receiver (for digital, you'll need a different one for analog): http://bit.ly/4zHyND
* Useful forum: http://www.satelliteguys.us/free-air-fta-discussion/
That setup is enough to pick up signals from satellites (locations: http://www.google.com/#hl=en&q=satellite+index). If you do this as a hobby you might want to spend the money on a motor to tilt/pan your dish for you. ;-) The article implies that such a setup is pretty much what the insurgents used to intercept video from the drones. The drone bounces its video up to a satellite and the satellite bounces back down to the operator. The insurgents just grab it when it's coming down to the operator from the satellite. I'm pretty sure (or at least I hope) the receiver would have to be modified to decompress/decrypt the drone data properly. It'll do just fine if you're scanning for legit TV signals.