
Insurgents Hack U.S. Drones - bbg
http://online.wsj.com/article/SB126102247889095011.html
======
tsally
I have a thought. How about next time the military just flies one of these
things down to Defcon and lets people have a go. The hackers get a cool toy to
play with a for a day and the military gets a free fairly sophisticated
penetration test. I'm sure the flaw would have been found; instructions on how
to intercept satellite data with about $100 worth of hardware have been
floating around for years. I'll edit this post in a minute with details for
anyone that's interested.

EDIT:

* One possible LNB: <http://bit.ly/7AGe7e>

* Possible dishes: <http://bit.ly/4NfMN1>

* One possible receiver (for digital, you'll need a different one for analog): <http://bit.ly/4zHyND>

* Useful forum: <http://www.satelliteguys.us/free-air-fta-discussion/>

That setup is enough to pick up signals from satellites (locations:
[http://www.google.com/#hl=en&q=satellite+index](http://www.google.com/#hl=en&q=satellite+index)).
If you do this as a hobby you might want to spend the money on a motor to
tilt/pan your dish for you. ;-) The article implies that such a setup is
pretty much what the insurgents used to intercept video from the drones. The
drone bounces its video up to a satellite and the satellite bounces back down
to the operator. The insurgents just grab it when it's coming down to the
operator from the satellite. I'm pretty sure (or at least I hope) the receiver
would have to be modified to decompress/decrypt the drone data properly. It'll
do just fine if you're scanning for legit TV signals.

~~~
potatolicious
The question is, what do our defence contractors care more about: making their
weapons _actually_ work? Or merely selling them?

~~~
rdtsc
The later is true. There is a large, high througput, revolving door between
DoD and large contractors. Yesterday's generals are today's board members and
C*Os of large defense contractors.

When something is purchased, or a bid is chosen, it is often because of those
conections not because a product is inherently better.

The result is a lot of overpriced, under-performing equipment. The amount of
waste is just ridiculous, even for a $650 billion market
([http://en.wikipedia.org/wiki/2009_United_States_federal_budg...](http://en.wikipedia.org/wiki/2009_United_States_federal_budget)).

~~~
rarrrrrr
This is also an apt description of the relationship between the FDA and large
pharmaceutical companies. Also, the USDA and large food companies. There are
likely many more examples. It's a systemic problem of our structure of
government.

~~~
roc
The trick is: who better to run a military contractor than former military
men? Who better to run a food company than someone who has worked in the USDA?

These are natural career paths for those individuals that make perfect,
natural sense and --in and of themselves-- aren't a real issue.

The _real issue_ is that our government can too easily reward individual
companies or industry groups with hand-outs.

If a single general couldn't essentially hand a contract to a supplier on his
say-so, that supplier gains nothing by bribing them with a future board
position.

What we really need, is for it to be more difficult for individuals to drive
contract selection and for the standards for passing a bailout, tariff or
corporate welfare program to be much higher.

Perhaps by requiring such legislation to be stand-alone bills, and requiring
an oversight office to evaluate contract selection.

~~~
rdtsc
> Who better to run a food company than someone who has worked in the USDA?

Are you asking as the food company, or as the proverbial "concerned citizen?"

Because I would want the USDA to work for me, since I am paying my taxes. I
want it to do its job and protect me from Kraft selling me salmonela infested
cookie dough. It is hard for USDA to do that when they expect to be hired by
Kraft and be payed large bonuses and salaries in the future.

> The real issue is that our government can too easily reward individual
> companies or industry groups with hand-outs.

The other serious problem is that individual companies can easily 'reward'
(read 'bribe') their friends in high places so they can turn a blind eye and
in turn harm the public.

I have the naive desire to have a government that would take care and protect
its citizens. I don't have the time and the resources to carry a microscope
and a bacterial toolkit to the grocery store when I buy meat or eggs. I expect
to pay my taxes and USDA to do its job.

~~~
roc
As a concerned citizen, naturally I don't want the USDA Director working for
Kraft. But what do I care whether the director goes on to work at Kraft
afterwards? Or even came from Kraft in the first place?

I'd prefer we have qualified people in public office. Proven managers,
subject-matter experts, etc. If we erect a wall between private industry and
public service, we're not going to get that.

If there's a problem with the director of the USDA being able to let his
former-employer slide, that's a separate problem than where (s)he came from or
is going. I'd prefer we deal with _that_ , than try to police people's
careers.

------
conanite
_the U.S. military found pirated drone video feeds on other militant laptops_

What is the meaning of "pirated" here? Are they going to sue militants for
copyright infringement?

~~~
mjgoins
New definitions of words creep into usage all the time, and this is one I've
been noticing.

Folks are using "pirate" to mean "intercept" or "surreptitiously copy", rather
than the traditional usage (leaving aside the even older meaning, of course)
of simply "distribute copyrighted material".

------
motters
Having an unencrypted video broadcast on a military drone is just a dumb idea
by whoever manufactured it. Encryption would seem to be the most minimal
requirement for such an application.

~~~
minus1
I agree that the transmission should be encrypted, but I think the usefulness
of the video feed to insurgents is overstated. You can _hear_ and _see_ the
drones overhead, so it is pretty clear if your area is under surveillance.

~~~
LostInTheWoods
You can not hear and see the drones. That is what makes them such an effective
weapon.

------
noonespecial
Part of the problem is that the military awards contracts that are sometimes
decades long. What was "good enough" security in 1990 is not looking so hot 20
years on. The US military machine may not perform as well as it has in the
past in the new era of betas, hotfixes and patches.

I will not be at all surprised when insurgent "rc-plane" drones start showing
up with cell phones, arduinos, grenades and duct-tape.

~~~
ThinkWriteMute
It's dreadfully easy to shop build a rocket, especially in America where
places like Radioshack exist.

~~~
blhack
I think your post got caught in some sort of time dilation field from the 80s
or something...

Radioshacks only sell cellphones (mostly) now. :(

------
Shamiq
Instead of hack, it should read "Insurgents intercept U.S. Drone video feeds"

~~~
rms
That's more clear, perhaps, but this is certainly a hack

------
eli
_"The military [is] trying to solve the problems by better encrypting the
drones' feeds."_

Where by "better encrypting" they mean "using any encryption at all"

~~~
stcredzero
_Predator drones are built by General Atomics Aeronautical Systems Inc. of San
Diego. Some of its communications technology is proprietary, so widely used
encryption systems aren't readily compatible, said people familiar with the
matter._

If some Russian software could intercept it, it wasn't _that_ proprietary!

~~~
vidarh
They mean the hardware/software for the drones, not the protocol / format used
for transmission.

~~~
gaius
Predator and Reaper drones run on VxWorks, for which crypto is readily
available.

------
tlrobinson
It's amusing that they consider the lack of encryption a mere "flaw". Seems
like a huge oversight to me.

------
slackerIII
Sounds like a great opportunity to feed some false information to the
insurgents.

------
naveensundar
_The potential drone vulnerability lies in an unencrypted downlink between the
unmanned craft and ground control._

What about the uplink?

~~~
Retric
I assume that's encrypted for obvious reasons. However, encrypting live video
feeds requires a lot more prepossessing power than encrypting telemetry so
they apparently left it out.

Honestly, from a classic military standpoint encrypted video does little for
you. If you can intercept the transmission then you know where the drone is.
The only advantage is knowing what it is looking at, but a traditional army is
large enough knowing something is in the area is enough. It's only gorilla
style fighting when it becomes particularly useful.

~~~
stcredzero
Guerrilla, BTW.

The thing is, these drones' primary use is against insurgents, AFAIK.

~~~
dflock
It is now, but I don't think this was intended to their primary mission
profile when they were designed, over a decade ago. A lot of the intended uses
were more traditional than the ones that reality has presented.

------
jsm386
_The potential drone vulnerability lies in an unencrypted downlink between the
unmanned craft and ground control. The U.S. government has known about the
flaw since the U.S. campaign in Bosnia in the 1990s, current and former
officials said. But the Pentagon assumed local adversaries wouldn't know how
to exploit it, the officials said._

~~~
dotBen
This is actually a deeper problem - we (the US/UK/Western world) assumes the
middle east doesn't have the same level of technical competency as us.

Iran is a pretty well educated country, and while Iraq and Afghanistan doesn't
have the same level of education in the tech/science areas, there are many
sympathizers who are well educated -- including educated in UK, US, etc.

There's actually a lot of comparisons to be drawn here with startup culture vs
big business. Once again the smaller, less resourced are able to bring down
the big players by being more nimble and not feeling the need to build
everything "in house".

To the "in house" point - the US probably spent high $100ks of mine and other
tax payers money building viewing software for these drones vs the insurgents
who use $25 Russian shareware. Now, I'm not saying that the government should
be running SkyCatcher to view streams - but I bet they didn't include
opensource options into their video viewer solution that would have saved $$$
in upfront and ongoing maintenance costs.

------
scotty79
War machine sending data through unprotected channel? In XXI century? After
two world wars and a cold war?

How?

------
marltod
The problem is that the people in charge of deciding what to approve/buy for
the Military are not qualified. They get the position of authority by being
successful in the military not by proving they understand the technology of
the things they are buying.

I can see how this happened. Say the military guy had two choices of what to
buy for video feed products.

Product 1. Fully encrypted video 15 frames per second and a 5 second delay.

Product 2. No encryption video at 30 fps and 1 second delay.

At the demo he says "product 2 is much better lets get that". When product 2
is questioned about security they say something like "we have proprietary
codecs". From the miliary guy's point a view a codec is just as good as
encryption.

------
joe_the_user
Whether this particular mistake was avoidable or not, the event raises bigger
issues.

The military is building more and more lethal, radio-controlled robots.

No networked device can be _guaranteed_ to be secure. Computers have been
hacked since they existed. The hacking of satellites is endemic. A civilian
hacker was supposedly holding a military satellite hostage a while back.

Thus this strategy makes it likely that hackers will get the ability to
command a lethal device sooner or later.

The risks of this might be worth the rewards in terms of avoiding casualties,
projecting power, etc.

But there hasn't been much public discussion of the choices that are involved
here. There should be.

------
andr
That poses an interesting technical question - how do you achieve military-
grade encryption over a communications line with heavy packet loss (assuming
the drone->satellite connection is like that)? Most self-synchronizing ciphers
would have too much of a lag for real time operation.

Perhaps two synchronized pseudo-random number generators, driven by
synchronized clocks, could be used for variable key generation for a symmetric
cipher.

~~~
mbreese
I am assuming that there already exists an encrypted communications channel
between the ground and the UAV (command and control). So, it would be trivial
to include a command to switch encryption keys at specific intervals.

------
ashwinl
As @noonespecial alludes to, some of the comments on the WSJ site and (less
so) here are made incognizant of the complexities of the systems and timelines
of procurement, testing and deployment.

@tsally the DEF CON suggestion is a good point. Because of ITAR, it is
unlikely that the actual "toy" will be provided, but a comparable subsystem
wouldn't be out of the question. E.g. The DoD regularly operates rapid
reaction challenges with a simulated problem from theater - see
<http://www.kirtland.af.mil/news/story.asp?id=123120737> Something similar
could be done with DEF CON.

I think it is important to maintain perspective when stories like this come
out. Contrary to some of the comments, defense contractors and
researchers/engineers at gov't R&D labs do put the priorities of the
warfighter first. Consider that many of the
engineers/contractors/researchers/etc working on technology development are
combat veterans themselves.

The issue is that we face adaptive adversaries.

------
ars
I hope instead of shutting it down, the military feeds them false information.
If done right, it could make a good trap.

~~~
johnyzee
I hope, instead of merely listening in, the insurgents start to jam and crash
the drones.

Sorry, but a different view needs to be represented. To a lot of people the
foreign occupation of Iraq is a grave injustice, not just some big game.

~~~
astine
While I want the US to pull out of Iraq as much as anybody, I think that you
have to dead in the skull to root for the insurgents. Most of the problems in
Iraq right now are primarily due to religious extremists terrorizing the
locals and fighting with Americans to push their agendas. No matter how bad
Iraq is now, it will be _worse_ off if these people take over.

~~~
cousin_it
_No matter how bad Iraq is now, it will be worse off if these people take
over._

So? The concept of American responsibility for the well-being of foreign
citizens is the root of this whole war problem. Let my people go!

------
lallysingh
Note that "skygrabber" is the #5 search phrase on google right now.
[http://www.google.com/trends/hottrends?sa=X&oi=prbx_hot_...](http://www.google.com/trends/hottrends?sa=X&oi=prbx_hot_trends&ct=title&q=skygrabber)

------
Kliment
"said people familiar with the matter"

WSJ is really going down in journalistic quality, it seems. But seriously,
problem known for a decade, "they're dumber than us so they can't use it"
attitudes, in a device at that price point, you'd expect they'd think about
these things. Reminds me of the Boeing report on Columbia. (
[http://www.edwardtufte.com/bboard/q-and-a-fetch-
msg?msg_id=0...](http://www.edwardtufte.com/bboard/q-and-a-fetch-
msg?msg_id=0001yB&topic_id=1) )

~~~
profgubler
This is a grave oversight, but often it isn't the military that needs
convincing of the intelligence of the enemy it is the politicians. These
politicians and often news pundits have often said things such as why are we
spending so much money on this war when we are fighting people who use sticks
and stones.

So it is a catch 22 when you have to cater to the politicians you are often
enabling your enemy. Not that I think we shouldn't have government or
politicians and internal opposition, it is just that I wish politicians would
do less grand standing and more actual thinking.

------
rapind
Do you think obsfucation and spam could solve this problem? Could they setup
cheap broadcasters all over the place that constantly send out fake videos and
develeop a sophisticated filter they can use themselves that the insurgents
wouldn't have access to? Then they wouldn't have to rework the drones
themselves, and they could constantly rework the spam and the filter to stay
ahead of them.

~~~
rbanffy
Good thinking.

There are a lot of simple, inexpensive measures that could be used to
neutralize their advantages.

OTOH, if you know where are the satellites drones use and the frequencies they
employ, it would be trivial to just set up a very directional antenna coupled
to a high-power noise generator to render the drone's controllers more or less
blind and the drones useless.

At least until they evolve into autonomous drones.

------
johnwatson11218
Is anyone talking about the potential to not just grab video but to send
control signals? What if the enemy could actually take control of one of these
drones? Is that channel encrypted? How about sending back false video to not
allow the true operators to know what is really going on or to generate false
positives.

~~~
gaius
If an enemy could take control of a Reaper he wouldn't... Until it was
returning to base at the end of its mission, at which point he'd fire its
Hellfire missiles right into the control building. Then the dominoes would
fall like a house of cards. Checkmate!

------
TallGuyShort
They say there's "no evidence" that they were able to take control of the
plane's in flight. Since nobody bothered to encrypt the video feed, and
they're saying there's "no evidence", it sounds to me like they also didn't
bother to encrypt the control signals. Nice...

------
jac_no_k
Anybody remember the movie Body of Lies? Would be interesting to feed the
insurgents a different video feed from what is actually be used.

~~~
waterlesscloud
It's possible, though unlikely, that the entire report is deliberate
misinformation.

------
richardw
Is there any chance the problem is technical? Encryption increasing latency
(at least for the pilot's view), anything like that?

------
ruslan
Wonder how soon they find a way to spoof drone video streams with some open
sourced software, probably VLC ;-)

------
Devilboy
'Fixing the security gap would have caused delays'

'... it would have added to the Predator's price'

If you're paying $20 million each you'd think another million to ensure your
targets don't see you coming would be a no-brainer?

~~~
jpwagner
While I obviously think they need to close the security gaps, I just want to
make a comment on your comment: it's that kind of thinking that keeps our
taxes increasing and our economy in shambles.

I'm with @tsally on the solution to this kind of problem...

~~~
pyre
@tsally is advocating having 'real' hackers hack on the thing to find
vulnerabilities. In this case though, the vulnerability was _known_ but it
would have cost more money to actually fix it. Having people attack the thing
for vulnerabilities still wouldn't change the fact that you would need to pay
however much money to do the fixing.

~~~
jpwagner
pff, you didn't address what I said...

"it's only another $1MM"

~~~
pyre
I was addressing the last thing that you said.

~~~
jpwagner
quit these goading, troll tactics please

there is no contradiction: yes "real" hackers, yes spend money, no don't say
"just another million"

sheesh

~~~
pyre
Where did I say 'just another million?' From where I stand, you seem to be
opposed to spending more money on something to make it work, and I'm arguing
that by agreeing with having hackers hack on the device doesn't fix it on it's
own. It still costs money. Whether it's "just another million" or "just
another $100,000" is irrelevant. The thing won't fix itself for free and at
$20 million a pop it's a waste of money if the thing is broken.

Note: I'm not goading, trolling or whatever it is you think I'm doing. This
thread is a conversation, and I'm responding to what you said.

~~~
jpwagner
_...and I'm responding to what you said_

No, you're not, you're actually ignoring my words. Please stop.

Note: You have made one lifetime submission and it was flagged and marked
'dead.' I will not call you a troll, but please stop.

