Insurgents Hack U.S. Drones

Source: Wall Street Journal

Insurgents Hack U.S. Drones
$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected

By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

- - -

U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.

Read more: http://online.wsj.com/article/SB126102247889095011.html?mod=igoogle_wsj_gadgv1&

Twenty-six bucks and regional integrity over whatever astronomical sum the drone technology is costing us...

Scrawny kid with a slingshot fells a giant, etc.

LOL--- Nice Job boys

... get to us.....One country without an army, and another country without a fucking country have the US bogged down. Probably 20,000 Taliban and 100 Al Qaeda in Afghanistan..... and we need to send more troops?

Not much value for the money.

You need a bit more than a piece of software to intercept radio transmissions, and even if you had all the needed gear, it's pitifully simple to slap basic encryption on a data stream. It might not be super strong, but it doesn't need to be when you're talking about live video.

Sure it's easy to slap encryption on the stream but... The video streams are serialized for transmission, encryption increases the length of the stream. The stronger the encryption the longer the stream. That means more cpu cycles to encrypt and decrypt which introduces a greater latency (delay) in the delivery of the stream.

Even a weak encryption with low requirements will cause so much delay for your enemy trying to break it that the live video images would no longer be worth anything by the time you broke them. And this is the military, they don't exactly have to scrimp and save for new, faster hardware. This story simply sounds like bullshit to me.

It's not like they have any airborne reconnaissance to employ. There is much to gain even it takes a day to crack the stream. Seems to me they would be better off multiplexing across a complex pattern of transmission frequency shifts rather then encrypting the serial stream over a single frequency.

latency (delay) to the signal. As mentioned on this thread by others the chips required to do this sell for around $20. This is really about both the ignorance and arrogance of our military planners. To believe that Iraqis aren't capable of finding a way to view the signal broadcast from the drone to the ground is just plan stupid. What they should really be worried about now is that these same Iraqis and Afghans will soon be able to break the codes used to command and control the drones and turn them on our own troops.

Those Iranians are dangerous...we should go to war with them!

With reception like this we've got nothing to fear! :D

They would want to overthrow him because why?

that was designed initially for spying, and NOT encrypt everything it sends over radio links.

How many millions do these things cost? And they lack a decent $20 encryption chip (wild estimate, probably a lot less).

PB

they make a conscious decision to not encrypt so that they can have more drones flying at the same time. Encryption takes up more bandwidth. Now that the cat is out of the bag they will use encryption

We err by thinking our adversaries are less intelligent or less human that we are.

And learn to crash them.

That would be an oops moment.

Here we go again!

A people motivated and cohesive, will surely defeat an enemy superior in weaponry. In essence, the principal weapons are human's and their enduring will. Iraq longs to be independent.

I'm currently working on an article about this and will probably have it finished by the weekend. In the meantime, here's one that goes along similar lines...

A Better Strategy for Afghanistan

Jeffrey Sachs Economist and Director of the Earth Institute, Columbia University
Posted: December 14, 2009 08:44 AM

President Barack Obama's strategy in Afghanistan does not pass the tests for war that he offered in his Nobel Lecture. Afghanistan is being preyed upon by a limited insurgency that feeds on Afghanistan's poverty and desperation. Most Afghans do not support the Taliban or Al-Qaeda, but are vulnerable to their pressures. Young unemployed men often join militant factions out of the need to earn a meager income to eat and feed their families. In these circumstances, the fight against poverty should be dominant in the fight against terror and instability. Yet Obama's policy in Afghanistan almost completely neglects the strategy of economic development, and relies almost entirely on the military.

Fighting poverty would obviate the need for extra US troops, and would pave the way for a drawdown of troops. The US military already vastly outnumbers Al-Qaeda and the Taliban insurgents. The problem is that extreme poverty overwhelms the fragile social fabric of the countryside. Afghanistan will remain unstable and vulnerable until this poverty is addressed. Obama acknowledged such realities in the Nobel Lecture by declaring that "a just peace . . . must encompass economic security and opportunity. For true peace is not just freedom from fear, but freedom from want." Yet the war policy fails to act on this insight.

Obama has hardly mentioned Afghanistan's poverty in his recent speeches and deliberations. He has not announced or unveiled a development strategy. He has no experts on development among his war counselors, despite the fact that Afghanistan is one of the very poorest countries in the world (ranking 181th out of 182 in the UN's Human Development Index). Child mortality, at 235 deaths per 1,000 births according to the UN, is staggering, easily one of the highest rates in the world. Has anybody in the Administration focused on these basic realities and their implications for instability?

We will spend around $100 billion in 2010 on the military approach compared with just $2 billion or so on economic development in Afghanistan, a 50-to-1 ratio. If we raised the development budget to even $10 billion, and deployed it thoughtfully and consistently, the benefits for the Afghan people would be so strong that we could avoid the surge altogether, save $40 billion, and could quickly reduce the current level of military spending, saving even more money and lives, Afghan and American. Our existing troops would be more than sufficient to protect the development activities because the communities themselves would also strongly defend themselves and their economic gains. Indeed, with stronger and reinvigorated local communities, we could quickly and safely turn security efforts over to the Afghan people themselves.

Full article: http://www.huffingtonpost.com/jeffrey-sachs/obamas-nobel-lecture-and_b_390820.html

who are these militants? Are they the Taliban, al Qeada or some new group? Also, if they can get them over the Internets at $29.95, why do they need Iran to supply them?

very deep pockets.

It doesn't even have wifi-level encryption? Ones freaking cell phone has better security.

Why the hell would you send that shit over the air unencrypted?

as well, up to 64Mbits/sec (no matter how good the video is, I doubt it's over 64Mbits/sec).

Blowfish, IPSec, 3DES SHA1 ESP, RSA, DSA, and DH. Pretty much any crypto algorithm you like.

On chips. Probably under $20, but hell, maybe even $100 chips. Who cares, it's a $3.2 MILLION dollar piece of military hardware. An extra $100 bucks (or $1000 for military hardened versions) isn't going to make / break the deal.

Jeebus Christ.

and not know this really basic stuff? O_o

If it's being manually flown then you want those images to get to the control room as quick as possible.
100 milliseconds is enough to crash against a mountain or a building.

:banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead: :banghead:


It's like... in "Spaceballs", when they have the ship's self-destruct button behind a plate of glass and guarded by two idiots.

It's like... having the password to the Pentagon's computer system as "password".

Oh, they likely pirated the Skygrabber software too.

... I don't even have the words.

along with every President after him who has done nothing about this:

"The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said."




AND GATE IS STILL OUR SECRETARY OF DEFENSE???

RESIGN, YOU HUBRIS-FILLED IDIOT!!

Is that where "American exceptionalism" leads us? To assuming nationals of all other nations are mentally challenged and we alone can buy and use $27 software? Now who are the idiots? Hmmmm?

I can't believe we pay thousands of people a frickin' fortune to keep us safe, not to mention all we pay for security, weapons, etc. and this is the best they do for us.




"A senior defense official said that James Clapper, the Pentagon's intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network."



Gee, ya think????????




"'There did appear to be a vulnerability,' the defense official said. 'There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so.'"



So, ability on the part of those we consider our enemies to evade our drones easily does not compromise any of our missions?

Say hi to Gepetto for us.

And grab a fire extinguisher for your pants before your bottom catches fire, too, k?


We deserve SO much better than this from our government, folks, especially with all the money we pay for security and "defense."

1. Compromise the detection systems.
2. Plant it when you know detection is looking away.

The sad side effect of this breaking is that now *everybody* who can find the story knows how to avoid detection.

The good side effect is that some folks will finally lock the signal up.

An even *better* side effect (hm... waitasecond....) would be that folks would try to get the "real feed", when the feed they are seeing (and trusting) is deliberately false.

That is not secured in the first place ? That's like saying someone hacked an amateur radio.

Intercepting an unencrypted downlink is not hacking.

But you do need a radio receiver and modem to receive the data stream. That's probably what the DoD thought would be too tough for the insurgents to do. But there is a lot of test gear on the market that might do that.

billions spent and the idiots run live video out to all who are interested where the drone is heading - if they can do that with 25 dollar software, I'm guessing they'll be able to scramble their signals for a 60 dollar grey-market cell phone scrambler from China

Sorry, couldn't resist.

Source: WSJ

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.

Read more: http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hp_mostpop_read

Seems like encrypted video and data would have been a no-brainer.

...and was slapped in the face by a $26 software?? You mean to tell me that they did not encrypt any of the signals?? Who's running the the damn WC? *'s cousin??

It's too ridiculous to believe.

to hack the USAF drones. They started this project on the cheap using standard off the shelf electronics and now are surprised Joe Blow is able to crack it. Check out this page from Iraq which has been translated by google.
http://translate.google.com/translate?hl=en&sl=ar&u=http://www.sat2010.com/vb/showthread.php%3Fp%3D165973&ei=S48qS-X5LIiWtgf2l5D-CA&sa=X&oi=translate&ct=result&resnum=3&ved=0CBMQ7gEwAg&prev=/search%3Fq%3Dskygrbber%2B2.8.6.5%26hl%3Den%26rlz%3D1T4WZPA_enUS330US330
The Skygrabber software running on a PC that has an IRD card (Integrated Receiver Decoder) can decode digital video feeds down linked on a home satellite dish. Hackers routinely use this to intercept Direct Satellite and EchoStar feeds to avoid paying the monthly fees. The IRD card will receive and decode feeds that are in the clear (non-encrypted) and the Skygrabber is used to cycle through all the possible combinations of codes that are used to encrypt the video until it hits on the correct one.
I used to work for DOD contractor during the late 70’s at a top secret satellite station in the Indian Ocean. The NSA and the NRO were two of our customers and end users. They were afraid that using these remote earth stations was risky and they needed a more secure way to command low-orbiting satellites used for reconnaissance. The first TDRS satellites were launched in 1979 so that they could send and receive data directly from earth stations in the US to the TDRSS (Tracking Data Relay Satellite System) to low orbiting satellites without having to use these expensive and vulnerable remote earth stations. The signals travel between several TDRS birds then directly to a low orbiter. The TDRS birds have been used for years for NASA projects to relay data to/from the Space Shuttles and the Space Station. That’s the public face of the TDRSS project. I would bet my next paycheck that the US military uses the TDRSS system to relay commands and to receive the video back from these drones in Iraq and Afghanistan. It’s public knowledge that they use Nellis AFB in Nevada as the control point for these drones and that’s the only conceivable way they could control these drones.
The returned video from the drones I would think would have better encryption techniques applied to it that would make it extremely difficult to de-crypt than they obviously do. If hackers can de-crypt the video with “Skygrabber” software the US military should be ashamed of itself. It would be too easy to use the IRD card attached to a backyard antenna and given that the location of the TDRS satellites is also public knowledge simply scan each satellite for a video signal and let the software find the codes to break the code and get the video.
I’ve looked up the IRD cards online and found that there are scores of them that cost under $100 each. There is also free software on the internet available that will give you the pointing coordinates for all satellites in the arc visible from your location. So it looks like any hacker with minimal skills could find the feeds from the drones and break the codes given enough time and effort.

What will happen now is that the US Air Force will spend billions of our tax dollars to fix what they could have done right the first time. They will have to install better encryption devices on their satellite feeds from the drones to prevent this and I wouldn’t be surprised if they have a vulnerable command system as well. They’re probably shitting all over them selves right now hoping that the drone command system hasn’t been compromised as well.

edited to remove racist term: sorry
edited to remove sensitive data that could draw unwanted attention to me.

Sub-thread removed by moderator. Click here to review the message board rules.

hackers.

The war has no cost (other than lost dollars) to almost every American. The drones allow the actual fighters to avoid all risk as well.

At least in ages long gone, the leader who pushed a country into war was a part of the military and put his life on the line. If we had a similar situation now, wars would be far less popular.

of the federal government's ineptitude when it comes to software issues. The IRS bungled several software upgrades. The FBI is unable to search on more than a single criteria. Numerous entities fail to follow basic security procedures resulting in the release of data that should be private. I suspect the situation would improve (in govt as well as the private sector) if they started hiring qualified Americans instead of outsourcing to the lowest bidder or bringing in novices on work visas.

This situation also underscores an issue that is generally ignored. Software is a matter of National Security. Every plane, ship, and tank we have runs on software. Do we really want that software to be produced in China or India? In the same way we foster a domestic steel industry so as not to be completely dependent on foreign sources, we should make sure America produces her own software.

.
.
.

I do not believe there is ANY system that cannot be hacked sooner or later.

Pretty hard to redirect a plane with a pilot in it tho . . .

:freak:

> Pretty hard to redirect a plane with a pilot in it tho . . .

There was a certain amount of success in that scenario earlier this decade ...
:P

;-)

Seriously, military-industrial-complex-stupidity: very expensive weapons systems that can be undermined on the cheap.

with not one fact to back it up. Like there isn't an Iraqi clever enough to figure this out themselves.

We are the dumbest people on earth. No wonder this country is going down the shithole.

on the cool technology but won't take the extra initial time at the beginning of the endeavor to ensure operations security (OPSEC). As a former signals intelligence puke, allow me to add, Sadly, I'm not at all surprised." :(

We seem to consistently underestimate everybody else's intelligence while overestimating our own. But pride is still a form of stupidity IMHO.

... there are a lot of people who ought to be losing their jobs for making the system vulnerable to hacking.

Let the bad guys get away to fight another day...and make more money war profiteering.

I guess ordinary Iraqi insurgents are not smart enough to do this.

Sort of a WTF thing here, aye?