Wednesday, December 16, 2009

Iraqi Insurgents Hack U.S. Drones

Siobhan Gorman, Yochi J. Dreazen, and August Cole write in The Wall Street Journal:

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington's growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.

More here.


At Thu Dec 17, 02:09:00 AM PST, Anonymous Anonymous said...

"Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren't readily compatible, said people familiar with the matter."

Are you kidding me? That statement is an utter lie. Crypto APIs are widely available for any programming environment.

"In an email, a spokeswoman said that for security reasons, the company couldn't comment on "specific data link capabilities and limitations."

More like couldn't comment because a logical justification is impossible. Physical and network overhead associated with encryption is fairly negligible, especially considering the cost of each of those drones.

"Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator's price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies."

What a bunch of douchebags. How about you avoid delays by including security requirements in the associated bid? And encryption slowing down data-sharing? Are you f***ing kidding me?!? If the encryption is only implemented between the drone and the controlling station(s), how does that affect sharing of the recorded data with anyone else? It would no longer be encrypted after being received (or it wouldn't have to be).



Post a Comment

<< Home