
Report: Iran Hacked, Hijacked U.S. Drone - thematt
http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer
======
grecy
Lets flip the tables here and imagine Iran is flying surveillance drones over
mainland USA, gathering photos and who knows what else. Would it be
unreasonable to think the USA would try with everything they've got to shoot
them down and/or capture them? Who would be the bad guy in that scenario?

I find it amusing nobody has thought to question what right the US have to fly
a surveillance drone over Iran to spy on the country/people. Furthermore, I
think it's pretty clear if you choose to cross a well established border and
put something in _my_ country without my permission, for the express purpose
of spying on me, you better know I'm going to try hard to capture it as my
own.

Is it even "legal" for the US to be doing this?

Who judges who can spy on who, and who is the "bad" guy when one side captures
gear from the other side?

~~~
brown9-2
I don't see anyone saying that what Iran did is wrong, do you? It seems that
prevention is expected.

The secret of international law is that it doesn't really exist. Or that the
"law' in "international law" does not mean the same meaning as the "domestic
law" within a country's borders. All you have are agreements between countries
but with no true external body that can enforce penalties or punishments
without the threat of war. So what happens is that the most powerful win
arguments.

~~~
grecy
You are correct in that this (and many other related articles) are not
directly saying what Iran did is wrong... however, I feel the general tone and
overall implication is that Iran have "taken" a drone that doesn't belong to
them, and clearly are not about to give it back.

So as you say, "law" doesn't really apply, it's more of a moral decision as to
whether a country should spy on another country. We can clearly see the
outcome of that decision here.

~~~
thesis
What's your point? Do you think Iran doesn't have spies?

~~~
grecy
My point is that Iran is being made out to be the "bad guy" because they've
taken something important and supposedly secret that belongs to the USA and
won't give it back.

I don't think a country is the bad guy when they are simply trying to stop
another country from spying on them.

~~~
coderdude
I'd be interested to know who, other than Iranians, considers Iran the "good
guys."

~~~
rdtsc
Alright, I don't give a fuck one way or the other. You tell me what makes them
the default bad guys and what makes US the default good guy or neutral guy?

~~~
Jacquass12321
I don't think the US is perfect by any stretch of the word. I just have a hard
time imagining a third party deciding that Iran is the example they'd rather
move towards if given the choice.

[http://en.wikipedia.org/wiki/Human_rights_in_the_Islamic_Rep...](http://en.wikipedia.org/wiki/Human_rights_in_the_Islamic_Republic_of_Iran)
vs
[http://en.wikipedia.org/wiki/Human_rights_in_the_United_Stat...](http://en.wikipedia.org/wiki/Human_rights_in_the_United_States)

<http://en.wikipedia.org/wiki/Press_Freedom_Index>

<http://en.wikipedia.org/wiki/Corruption_Perceptions_Index>

------
blhack
(Prelude edit: A few people seem to be missing the point I'm making here. I
know quite a lot about the predator, and a bit about the Global Hawk. I do
_not_ know much about the Sentinel. The jab about building a drone with parts
on my kitchen table is a joke, meant to illustrate that this is either an
_absurd_ level of incompetence on the part of Lockheed Martin [not likely] or
the article is incorrect, the latter being most likely. The Global Hawk, for
instance, uses inertial navigation as well as GPS. Spoofing GPS against that
platform would be annoying to the people controlling it, it would not get you
a free Global Hawk. It is a near-certainty that the Sentinel has a similar
navigation system.).

Some clarification on these drones:

 _Some_ of them require a human being with Line Of Sight to land them.
"Predators" (what a lovely name), for instance. This thing is basically a
gigantic R/C plane, and a pretty nice one at that.

You taxi it to the runway, take it off, and fly it via remote control. There
is a human watching it the entire time (although the human may not be in close
proximity to the plane. The militarized versions, for instance, have pilots
living in Nevada, and planes living in Afghanistan).

Another plane, called a "Global Hawk", is much larger, and requires almost no
human intervention at all. You open the hanger door, press the go button, and
then leave it alone.

It taxis _itself_ to the runway, powers up, takes off, flies its mission,
comes home, lands, taxis back to the hanger, and powers down.

If this article is accurate, it would mean that this drone model requires no
human intervention, which makes sense if it's primarily a passive, camera-
platform.

What becomes _really really_ scary about this is the idea that they're relying
_solely_ on GPS to fly.

How do I get into defense contracting, again? I have the parts for a "drone"
sitting on my kitchen table right now that, from the sound of things, is about
navigationally equivalent to this thing.

(By that I mean a $30 'duino, $50 worth of gyros and accelerometers, and $60
worth of a GPS. Hey government, here's a cost cutting measure: hire me to
build you some drones.)

~~~
nosequel
I won't comment on the UAV in the article, but you'd have to be a pretty
wealthy person and have some really weird stuff on your kitchen table to have
what is on the global hawk. I won't comment on specifics, but there is nothing
simple about its gps and inertial navigation systems. Your categorization of
UAV's was fairly simplistic and there are many more categories than two.

The Global Hawk is a much more expensive aircraft than the RQ-170 and is in a
completely different category of aircraft. What happen to RQ-170 could not be
done to the Global Hawk with they way its navigation works.

I don't want people thinking that autonomous aircraft are some simple thing
that anyone can do. If that was the case, other countries would make them
instead of buying them from the US.

Good luck making a laser ring gyro with a walk of < .002 deg/hr for $50 (or
even $20,000)
[http://www51.honeywell.com/aero/common/documents/myaerospace...](http://www51.honeywell.com/aero/common/documents/myaerospacecatalog-
documents/MilitaryAC/HG9900_IMU.pdf)

~~~
blhack
I think you missed part of what I was saying.

Of _course_ I don't have the requisite materials or fabrication equipment to
build the type of inertial navigation equipment used in missiles.

My point was that, if the article is to be believed, and RQ-170 relies
_completely_ on GPS and gyros, then I have the stuff needed to build its
guidance system.

(The point here being that of course I don't, and of course it's likely more
complicated than a GPS, so the article is probably incorrect)

~~~
nosequel
I plus +1'd your comment, I get what you were trying to say, sorry I came
across wrong. I was trying to supplement it a bit by saying there are many
tiers of UAV's. I was joking about you having crazy crap on your kitchen
counter, but typed a bit too fast to make a point of me getting what you were
saying.

You can see in my other comments that it is pretty nuts if they actually
captured the plane the way they claim. Based my knowledge of navigation
design, it seems to be pretty impossible to convince a properly designed plane
that it is somewhere it isn't without turning off the inertial navigation
equipment (what is done during testing in anechoic chambers).

------
jgrahamc
So, they spoofed GPS and jammed the rest of the communications to make it land
automatically. Given that there are test transmitters for GPS devices used
when consumer devices are being created it's not a surprise that they managed
to do this. Not very long ago there was a GPS jamming exercise in the UK done
on a military range.

I realize that as a Westerner I shouldn't be rooting for the Iranians but if
they did spoof GPS, jam the rest of the communications and get this thing to
land thinking it was at its home base then it's at least a neat hack.

Also, in the article there's a quote from someone dissing the Iranians'
technical ability. This seems like a mistake. Iran is not a 'stone age'
country like Afghanistan.

~~~
johno215
Hmm, the GPS signal the military uses is supposed to be encrypted and un-
spoofable.

I wonder if Iran cracked it. If so, can the US reset the key easily?

[1] <http://en.wikipedia.org/wiki/GPS_signals#Precision_code>

~~~
cameldrv
The P code is on a different frequency, so the Iranians could have just jammed
the P code, and then presumably the drone would rely on the the unencrypted
C/A code which they spoofed.

~~~
johno215
Sigh..

I hope it was not that insecure.

~~~
cameldrv
All of the military GPS receivers also use the civilian signal to initialize
their position to lock on to the military encrypted signal. I would assume
that in the event that they lose the P code, that they would revert to the C/A
code.

~~~
stcredzero
If a human being lost GPS signal, they'd start using landmarks, or based on
their last known position, just use dead reckoning to get over friendly
airspace, then ask for help. Programming that into a drone takes time and so
costs money. Maybe the drone was the victim of cost cutting?

------
sehugg
_One American analyst ridiculed Iran’s capability, telling Defense News that
the loss was “like dropping a Ferrari into an ox-cart technology culture.”_

An ox-cart technology culture that is allied with China and Russia. I hope
this kind of hubris is counterbalanced by more realistic attitudes in the
defense world.

~~~
marshray
Wasn't OXCART the code word for the 60's spy plane program that operated the
U-2 and SR-71?

Hmmm... <http://www.paperlessarchives.com/a12.html>

~~~
anigbrowl
Excellent catch, and linkage. Thanks.

------
DrCatbox
It is suprising that many americans, for the lack of a better term, seem to be
"butthurt" over this event.

Look at this news on reddit for example, first it was ridiculed, and
speculation was high that it might have been a crash or accident, that the
Iranians had luck, and that it in fact never happened, just propaganda. Then
the Iranians showed it, and many comments said "its old tech any way". Why the
butthurtness?

And now, "the takeover wasnt so high tech anyway".

~~~
gk1
Some people on Reddit != All of Reddit.

Reddit != America.

~~~
dekz
The OP was clearly describing the hive-mind of reddit, which does in fact
follow American ideologies due to the overwhelming number of Americans who do
use it.

~~~
rdtsc
However at the same time a lot of them claim to be critical of US govt's
policies on war, drones, extra-judicial killings and so on. All that taken
into account is surprising that they as a group would rush to discredit
Iranians' capability and ridicule this situation.

It is interesting that they are essentially playing along to the US govt.
propaganda. The govt. knew what had happened but lied, telling the media a
malfunction occurred, and the drone 'drifted' randomly into Iranian territory.
I expected them to lie and make shit up. That's fine. But is is interesting
that groups liberals are also doing that, without being coerced or forced to
do so. It illustrates an interesting process that happens were supposedly
fairly liberal individuals still end up White House lapdogs without even
realizing it.

It is also funny how after more evidence comes out, neither the media, nor
say, Redditors, go back and admit their previous mistake, instead the strategy
moves to "ridicule".

~~~
trotsky
_It is interesting that they are essentially playing along to the US govt.
propaganda. [...] It is also funny how after more evidence comes out, neither
the media, nor say, Redditors, go back and admit their previous mistake,
instead the strategy moves to "ridicule"._

You shouldn't under-estimate how much propaganda being done by a variety of
states is being done online through the use of sock puppets. While I'm not
trying to claim it's happening on reddit specifically I wouldn't be shocked to
find out it was. This is one of the (afaik) stated main purposes for the
"persona management stations" that various US military & intelligence services
have been procuring and using. I've only heard it framed as foreign language
propaganda targeted at conflict areas, but it isn't hard to see the temptation
to target US based sites of International appeal.

~~~
ColdAsIce
Does that mean that our internet has been taken over by sock puppets?

When we no longer can trust that the other guy is indeed a guy/girl just like
us, but now is an algorithm, carefully crafted for a specific purpose.

Communication suffers, the internet may no longer be a meeting ground.

------
presidentender
In the early to mid 2000s, the US rendered military aid to Georgia, in both
training and equipment. This included unmanned aircraft.

In 2008, Russia invaded Georgia, and presumably captured some of those
aircraft.

No security system should rely on the secrecy of its function, but in
practice, many do. If any agency in the world can break the security of US
UAVs, it'd be Russia.

Remind me again how the Russians and Iranians get along?

~~~
whatgoodisaroad
Correction, in 2008, Russia invaded PART of Georgia. If my memory serves, they
only invaded as far as one military base, and that only temporary.

~~~
davnola
No, the Russians occupied several Georgian cities, including Poti, Gori,
Senakie, and Zugdidi.

------
rbanffy
Relying on GPS or any external source of navigational data is risky. I cannot
believe the vehicle didn't have working inertial navigation that would clearly
indicate the GPS was off by quite a lot.

Simple rule - if you have no contact with home and your GPS says you are a
couple hundred miles away from where your inertial navigation, your compass
and all visual cues (if cruise missiles have it, so should this bird) tell you
should be, something is definitely fishy and you should self destruct.

Spoofing GPS signals is an interesting idea, but falling for them continues to
be unacceptable for a UAV full of very sensitive information.

~~~
lallysingh
Oh good. I can make drones self destruct with a gps spoofer.

~~~
dmoney
Careful, you might trigger its berserker mode.

~~~
lallysingh
really? I wonder how hard it is to get one near the launch site!!

------
robk
This all seems really fishy. You'd think if this was really top-secret level
equipment, there would be several failsafes and an inevitable self-destruct
mechanism in the event it was out of contact enough to reasonably assume
capture. The fact it's wholly intact makes me wonder if it's some sort of
honeypot.

~~~
trotsky
No program is going to take their long dwell time drones that need every ounce
for batteries and pack them full of explosives.

~~~
jpadkins
can't you make the batteries explosive?

would be a nice hack.

------
smackfu
I don't quite understand how CS Monitor can vet any source inside the Iranian
government as being non propaganda.

~~~
marshray
It may be propaganda, but it also has some plain technical claims that may be
independently verifiable.

------
feralchimp
Tis the season for peace on Earth, or at least some good sportsmanship.

If they hacked it as described, the engineers who pulled it off deserve our
congratulations on a hack well played.

If it's all some elaborate ruse for the sake of internal PR, well, good to
know those exist outside the U.S. also. :)

------
grandalf
There is a campaign underway to raise funding for the next round of drone
development. These stories are hitting the press to help drum up support for
spending on drone R&D and production.

There are also stories that are intended to pave the way for drones being used
on American soil.

------
JL2010
Christian Science Monitor: is this a reputable source known for good
journalism?

~~~
lawnchair_larry
I too have been skeptical of this publication. Others have told me that
despite the name, it is quite good.

The title is more meant to be "The Monitor" but it is owned by the Christian
Science church. That is why the domain is csmonitor.

Their FAQ page also says:

 _"Is the Monitor a religious publication?

No, it’s a real news organization owned by a church – The First Church of
Christ, Scientist, in Boston, Mass., USA. Everything in the Monitor is
international and US news and features, except for one religious article in
the weekly magazine and Daily News Briefing – a version of which has appeared
each day since 1908, at the request of the Monitor’s founder, Mary Baker Eddy.
In an age of corporate conglomerates dominating the news media, the Monitor’s
combination of church ownership, public-service mission, and commitment to
covering the world (not to mention the fact that it was founded by a woman
shortly after the turn of the 20th century, when US women didn’t yet have the
vote!) gives the Monitor a uniquely independent voice in journalism."_

------
SriniK
This page 2 comment is making me not believe what I am reading. Data stream is
not encrypted? Can anyone confirm?

 _The US military has reportedly been aware of vulnerabilities with pirating
unencrypted drone data streams since the Bosnia campaign in the mid-1990s.

Top US officials said in 2009 that they were working to encrypt all drone data
streams in Iraq, Pakistan, and Afghanistan – after finding militant laptops
loaded with days' worth of data in Iraq – and acknowledged that they were
"subject to listening and exploitation."_

edit: fixed the format

~~~
kristofferR
[http://arstechnica.com/tech-policy/news/2009/12/predator-
dro...](http://arstechnica.com/tech-policy/news/2009/12/predator-drones-use-
less-encryption-than-your-tv.ars)

~~~
SriniK
Thanks for the link. Wow, I am surprised they didn't fix it so far.

------
daenz
Just throwing this out there, maybe the drone was intended to be caught as
part of another kind of intelligence gathering operation. It's easy to blame
this on incompetence, but the other angle is that the drone being caught was
made to look like an accident in order to collect intelligence (gps, audio,
etc) from wherever the Iranians took it, and this data could be offloaded to
someone that could gain access to the drone. Just a possibility.

~~~
thematt
I've heard that suggested before, but it's probably in a warehouse on some
military base being examined. It's unlikely we'd gain any valuable
intelligence from the environment they bring it to. It's not like they're
going to park it in their nuclear facility to do the dissection.

~~~
daenz
Yeah I guess you're right. Just with everything I'm reading about "how it was
done", I'm finding it really hard to believe that these subsystems weren't
audited for flaws before they deployed.

------
andrewcooke
this sounds odd. other reports said that the final landing for these drones is
done with a local, direct link (which was a possible candidate for how it was
hacked), but this article implies (if i am reading it right) that by faking
GPS it was misled into thinking it was landing in its normal place.

also, in the linked article it says that the underbelly was damaged because
the altitudes differed by a few metres, but gps doesn't offer that kind of
vertical resolution (as far as i know, particularly not from something that
cannot sit in one place and integrate over time. _this is (partly) why GPS is
not used for landing - it's simply not precise enough_ ).

perhaps the gps was spoofed, but it was only part of something more complex?
like enabling the radio control for landing because the drone thought it was
near the airfield?

[edit] this seems to be the original source that mentions direct landing
control, although i've never seen that site before (am pretty sure i read it
on the bbc or guardian): [http://www.moonofalabama.org/2011/12/how-iran-
probably-acqui...](http://www.moonofalabama.org/2011/12/how-iran-probably-
acquired-a-stealth-drone.html)

~~~
marshray
Some of the speculation I've heard is that these drones have an auto-return-
and-land mode that could be triggered by successfully jamming the
communications links. It may be that the auto-land was designed with the hope
that the legitimate operator would take over with a direct control when then
drone got close enough to home base. It may be that the thing wasn't really
able to make a completely graceful landing on its own.

Sounds plausible to me.

Russian-made GPS jammers have been reportedly on the market for over a decade
now.

Alternatively, it might also be enough to simply fly your own plane and GPS
receiver some relative distance away from the drone and rebroadcast the
signals received from there with a higher strength. Of course, this type of
forwarding attack could end up with the Iranians landing a plane of their own
at the US base. That would be bonus points for style. :-)

------
danielschonfeld
I don't get it. With a budget of millions for these UAVs was it so hard to fit
the thing with an IRS unit, or even an older INS unit to augment the GPS? Then
one could add a single if statement checking if the GPS location has diverged
greatly from where it was in the last NMEA statement?

What am I missing here???

~~~
littlebird
It no doubt has an EGI - a combined GPS INS. It will depend entirely on the
software interpreting that data.

------
mikescar
> “We have a project on hand that is one step ahead of jamming, meaning
> ‘deception’ of the aggressive systems,” said Gholizadeh, such that “we can
> define our own desired information for it so the path of the missile would
> change to our desired destination.”

The thought of this leads to some conspiratorial thoughts: from various
sources, we might know where a missile originated from, but who knows what
might happen to it during flight?

------
Aloisius
I for one welcome the next generation GPS satellites that the military will no
doubt now put up.

Edit: It appears the first GPS III satellite will be launched in 2014.

------
slug
It almost seems that someone read my comment here on HN a few days ago:

<http://news.ycombinator.com/item?id=3330669>

------
JabavuAdams
Why is it unpainted?

------
rajpaul
I've seen a lot of these drone stories and discussion threads. The most
interesting thing about them is the assumption that America has the right to
violate other countries territory.

------
guscost
If this is indeed a problem, just put a secure QR code on every runway. Easy
enough.

HEY ECHELON

------
harichinnan
This is the joke of the century. LOL

------
MichaelApproved
This is what the US congress should be investigating instead of passing bills
that have no chance of becoming law or reaffirming "in god we trust".

------
ck2
Why not just EMP it to crash it and collect it?

[http://en.wikipedia.org/wiki/Explosively_pumped_flux_compres...](http://en.wikipedia.org/wiki/Explosively_pumped_flux_compression_generator)

~~~
rosser
Because you want it intact, and don't want its circuitry cooked?

------
nvk
Meh, seems very simple to me (after some research).

Allow me to speculate.

\- American Drone was destroyed with a hack tentative

\- Iran built a replica for internal advertising of nationalism and for
international press

\- America won't comment and say it was a replica because it needs all the
uneducated "Right" to believe Iran has some "power" so there is a reason to
invade.

Come on haven't you guys seeing this movie before??

(updated for format)

