Chaos Program

According to the Wall Street Journal, up until recently the United States Air Force was too stupid to encrypt the video feed from attack drones such as the predators used in Afghanistan and Iraq.

I know that sounds harsh. Maybe it’s even too harsh. Let’s look at the story (original report here) and see how it develops. The short version is that sometime “late last year” (apparently December 2008) the computer of a captured Shiite fighter in Iraq was found to contain video from U.S. aerial drones. In July, more of these intercepted videos were found. The WSJ report claims that the interception was done with (or with something like – the writing is unclear) Skygrabber, software advertised as intercepting satellite transmissions of various file types. The price on the website is $45.95 (apparently was $26.95 a few days ago. Did they raise the price to capitalize on increased demand due to the publicity?).

According to the WSJ report, the Air Force has understood that these feeds were vulnerable to interception since the 1990s but did not do anything to encrypt them because a) It costs a lot of money and b) This kind of interception is too hard for the primitives we fight against anyway. (Okay, I’m paraphrasing, but the gist seems accurate.)

In their defense, Skygrabber probably did not exist in the 1990s. The Internet was less developed in those days too. According to Defense Tech the Global Information Grid used by the U.S. military to transfer data is 25 years old. One consequence of this is that security measures that are considered basic today are completely lacking. Defense Tech estimates that upgrades needed could run to $65 billion over the next three years.

Hackers work faster than that.

There are some points about this story that should be considered.

• Headlines (including the WSJ one) claiming that drones had been hacked are incorrect. There is no evidence in the report that the drones themselves were in any way compromised. The video feed was transmitted by wireless communication (i.e. radio) and were intercepted out of the open air. This is one of the inherent weaknesses of broadcast media. It will not be resolved by encrypting the video. More on that in a bit.

• No software can intercept radio signals on its own. There has to be specialized hardware to grab the signals. The software then filters and interprets them. This means the $26.95 pricetag mentioned is misleading. An interception system, including an antenna and satellite modem (external or, more likely, an internal card), had to be purposely built in order for the software to do its job. I have little knowledge of this particular equipment but a very brief Google search on satellite cards found $129 to be a common price, though (of course) they can cost much more. Likewise, a quick search on satellite dishes found prices ranging from $54.95 to $1,000. (note: I am not qualified to judge whether any of the items found in these searches is truly suitable for the purpose. Does someone have a Drone Feed Hacking for Morons book I can borrow?). None of this is hideously expensive but it raises the price considerably above what was reported int he WSJ.

• The WSJ reports the Air Force is working on upgrading hardware to encrypt the drone transmissions. This is good but insufficient for two reasons:

1. Any encryption can be broken. The only question is how long it will take. If it takes 20 years to break the encryption on a video feed, it is probably secure enough for battlefield conditions. However, there is no guarantee that some new development (such as cloud computing or even quantum computing) won’t make it possible for a determined and well financed enemy to cut the timeline down a great deal. Also, the more a particular encryption key is used, the easier it becomes for attackers to find patterns that can allow them to break it. The encryption used for the drone feeds must be strong, have strong, frequently changed, keys, and must be amenable to upgrades, or it is guaranteed to be worthless in the long term.
2. Even if you can’t decrypt a feed, if you can catch it, then you know that there is a source nearby. It is quite possible that enemies could use several stations working together to triangulate the location of a drone and destroy it. In this case, there would be no further need to decrypt the transmission, would there? For this reason, the signal should also be masked with frequency hopping or some other method that makes it difficult to intercept.

It is entirely possible that the pentagon is pursuing all of these solutions. The WSJ report does not say so but even unnamed sources may feel the need to protect some secrets in the name of national security. If these considerations are not being dealt with, then someone is not doing their job.

Someone didn’t do their jobs in the first place. Expecting enemies to stand still rather than do their best to respond to the technologies arrayed against them is idiotic. Any web system administrator can attest that hackers are constantly developing new ways around existing defenses. Would people whose lives are on the line do less?

This is why I am so harsh in my judgment of the people who allowed drone feeds to go unprotected for at least 10 years. Unfortunately, this level of negligence is normal throughout information technology. The attitude of too many managers is, “Well we haven’t been hacked yet, so our security must be strong enough. Anyway, why would anyone even bother?” The trouble with that attitude, as the military has discovered, is that the time lag between when you are hacked and when you find out about it may be years. The days when hackers were satisfied with defacing a web page with pictures of marijuana and insulting messages are long gone. Some still do that (as in the recent Twitter hack) but when they grow up there are for more satisfying and often profitable ways to use those skills.

One last point that I hesitated to include because it is so speculative:

• SkyGrabber appears to be Russian software. Does this mean that the other side in Iraq and Afghanistan is getting technical assistance from the Russians? Answer: No, of course it doesn’t mean that. Anyone can buy this software. They take Paypal. On the other hand, if I worked for the DIA, I would be very curious about the development of the technical expertise to use this software among enemies who do not have a deep R&D establishment, the way the U.S. and other countries do. Much of the opposition in Afghanistan and Iraq has been backed by Iran. And the Iranians do have considerable technical/computer/Internet expertise (see Google search here) and they do have some ties to the Russians. There is no evidence here of some deep dark conspiracy but those people whose job it is to be paranoid about such things should still look into it.

It’s time to be serious about cyber defense. And it’s time for the military to remember rule 1 of warfare: Never underestimate the enemy.

Tags: cyberwar, defense

This entry was posted on Saturday, December 19th, 2009 at 12:31 pm and is filed under security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.