Monday, December 21, 2009

Iraqis and Afghans Hacked Spy Drones
















By KI MAE HEUSSNER and LUIS MARTINEZ
On the heels of reports that Iraqi and Afghani insurgents intercepted live video feeds from pilotless U.S. spy planes, Pentagon officials downplayed the security threat and said the "old issue" had been fixed.

But military technology analysts and others say officials cannot assume that the hacking of drones did not cause any damage. And, they add, as the Department of Defense prepares to boost its fleet of aerial surveillance aircraft in Afghanistan, it needs to recognize the new set of security threats that will accompany this new era of remote-controlled warfare.

Pentagon officials Thursday confirmed a Wall Street Journal report that insurgents in Iraq used consumer-grade software to hack into the live video feeds from U.S. Predator drones.

The unmanned surveillance aircraft help the military collect crucial intelligence information in Iraq, Afghanistan and other conflict zones. Predators are also armed with Hellfire missiles that can take out enemy targets.
But using only off-the-shelf software programs such as SkyGrabber, which is available for $26 on the Internet, Shiite fighters were able to tap into the video feeds by exploiting an unprotected communications link.

Defense Official: It's Fixed
Questioned by reporters, a senior defense official said, "it's an old issue that's been addressed and fixed."

When pressed to elaborate and confirm that all video feeds had been encrypted, military spokesmen declined to comment.Another defense official told ABC News that the Pentagon has been familiar with the vulnerability for awhile, but did not express considerable concern. "What do you do with it [the information]?" he asked.

Given the challenge trained military officers already face in deciphering images from video feeds, he questioned how well an untrained eye would be able to interpret the raw data.

He also said the visual imagery is only a portion of the information gleaned by a Predator drone. Other data, such as heat signatures, help put the images in context and the hackers presumably did not have access to that.

The official said he'd be more concerned if hackers stepped up their attacks and attempted to take control of the aircraft, but said that hasn't happened.

Traveling in Iraq today, Chairman of the Joint Chiefs of Staff Adm. Mike Mullen said that he is very concerned about hacking threats and cybersecurity, but affirmed that the recent attack caused no significant damage.

Analyst: Military Can't Assume Hacking of Drones Didn't Do Harm
Still, despite the military's assurances that the hacking of drones neither put troops in harm's way nor compromised operations, military technology analysts question the Pentagon's decision to neglect the flaw for so long.

"It's been reported from the various spokesmen that we didn't suffer attacks or corrupted information, but you don't know what could have happened if the enemy wasn't able to see what we see," said Dakota Wood, a senior fellow at the Center for Strategic and Budgetary Assessments, a Washington, D.C.-based think-tank. "You can't make the assumption that no damage was done right now. There's no way you could say that."

Wood emphasized that it's difficult to prove a negative. It's possible that some operations were indeed thwarted because of information provided by the video feeds, he said.

He also said that U.S. adversaries may have simply chosen to play their cards close to their chest, choosing to not use the information so that they can build their capability and use it at a crucial future date.

Are Other Military Systems Also Vulnerable to Hackers?
In a statement, the Department of Defense said it "constantly evaluates and seeks to improve the performance and security of our various ISR [intelligence, surveillance and reconnaissance] systems and platforms.

"As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security. As a matter of policy, we don't comment on specific vulnerabilities or intelligence issues," it continued.
But others say it's not just the Predator drone's video feeds that are vulnerable to hacking.

In a report Thursday, Wired magazine said the military's main system for linking overhead surveillance with soldiers and Marines on the ground suffers from a similar flaw.

http://blogs.abcnews.com/worldview/2008/11/zardari-to-cent.html

Citing multiple military sources, the publication said the Remotely Operated Video Enhanced Receiver (ROVER), which lets on-the-ground troops access video footage from many airplanes in the country's fleet, relies on an unencrypted signal.

The system, which was developed in 2002, involves a laptop that receives video captured by drones flying overhead. But because the laptops were distributed so quickly, they used an unprotected link. That means the video feeds could be exploited with the same software used by the Iraqi insurgents.

Defense Secretary Robert Gates asked the Pentagon's intelligence chief, James R. Clapper, Jr., to look into the problem and coordinate the work to address it. Officials said that when the intercepts were discovered, it raised concerns, but technical adjustments were not difficult and were put in motion quickly.

The hacking is just another example of how formidable and inventive the extremists can be. The U.S. has spent billions of dollars, for instance, fighting homemade bombs in Iraq and Afghanistan, the No. 1 killer of troops and the weapon of choice by militants who have easy access to the materials needed to make them and use modern telecommunications networks to exchange information about how to improve them.

Pentagon spokesman Bryan Whitman said the military continually evaluates the technologies it uses and quickly corrects any vulnerabilities found.


No comments: