“Hacking” predator drones

This just makes me sad.  Two articles, one in the WSJ, the other on CNN, describing how insurgents in Iraq are hacking predator drones and receiving the video feeds that the drones are sending back to U.S. ground stations.   First things first, let’s fix the headlines.  Both are running something like “Iraqi insurgents hacked Predator drone feeds.”  That should more clearly read:  “Iraqi insurgents watching the videos that the Predator drone sends out unencrypted.”  Or maybe “Iraqi insurgents watch Predator drone feeds on TV.”

If you look into the article, you find that insurgents are apparently using a $26 piece of software that let takes satellite data and saves parts of it that might not be intended for your computer.  Essentially, it monitors the data that is sent and when it sees a file transferred will save it to your hard drive, regardless of whether or not your computer was the intended destination.

Now, I’ve been doing computer security work for over a decade.  I was the first person at my university to implement anti-virus in email, I was the first to require a department to use all-encrypted communication for transmitting passwords.  I discovered one of the earliest IRC-based botnets.  I’ve found vulnerabilities in financial systems.  I’ve seen … [a]ttack ships on fire off the shoulder of Orion. I’ve watched C-beams glitter in the dark near the Tannhauser Gate.  Er, wait, some of that last bit may have been someone else, but you get the idea.

This stuff isn’t that hard.  SSL is over 15 years old, we know how to do encryption.  Hell, back in the 90s when we were developing the Predator, the U.S. was treating encryption as a munition – you had to get the government’s blessing to use decent encryption.  Is it too much to ask that an actual weapon include the munition that was encryption?  And this from the WSJ article strikes me as BS:

Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren’t readily compatible, said people familiar with the matter.

In an email, a spokeswoman said that for security reasons, the company couldn’t comment on “specific data link capabilities and limitations.”

Or more  to the point, entirely irrelevant.  First, the communication system can’t be *that* proprietary, since the commercial (if somewhat sketchy) SkyGrabber software can read the transmissions.  Second, you developed a proprietary communication system in the mid to late 90s and didn’t include encryption?  That’s the sort of thing that makes the baby Bruce Schneier cry.

On the other hand, this from CNN seems far more likely:

A senior defense official who was not authorized to speak about the security breach said, “This was an old issue for us and it has been taken care of,” but he would not elaborate on what specifically had been taken care of.

The official said that many of the UAV feeds need to be sent out live to numerous people at one time, and encryption was found to slow the real-time link. The encryption therefore was removed from many feeds.

Removing the encryption, however, allowed outsiders with the correct tools to gain unauthorized access to these feeds.

I’ll buy that.   There are certainly a few encryption schemes that will send encrypted data to multiple parties, hell at the very least, you could use symmetric encryption with shared keys.  But that kinda sucks.  Most commercial communication encryption technology assumes point to point transfers.  If you wanted to send the same data to many people… you send it multiple times.

Regardless, this is just embarrassing.  These days I’m doing security modelling work and if this is the sort of thing that we’ll have to consider, I’m going to sink into a very deep depression.


The best thing that AT and DirecTV have going for them going into the regulatory review of this merger by the Department of Justice and the Federal Communications Commission is that together the companies could act as a stronger competitor to big cable. And by big cable, we’re talking about the soon to be even bigger Comcast, which is looking to buy Time Warner Cable for $45 billion.Throughout its regrettable run, Family Guy has violated every possible obscenity and indecency statute which the (FCC) is charged by the United cheap jerseys wholesale States Congress to uphold. Fox and the debased despicable debauched degenerate Seth MacFarlane (who very well may be the single greatest threat to the overall welfare and ethical future of the nation, far more than any politician or terrorist), cheap oakleys sunglasses have repeatedly thumbed their noses at the government agency which administers the public airwaves that belong to the American people.Tom Brady: Cheap NFL Authentic Jerseys “It always gets kind of chippy with the Bengals”: The Bengals wanted to play a physical game yesterday, and the Patriots stooped to NFL Wholesale Jerseys their level at times, but when it came time to focus and execute, New England broke past them. Tom Brady spoke about several moments from the game, including a controversial hit by Vontaze Burfict on Martellus Bennett. “If they can line you up, they’re going to take your head off,” Brady said. Brady was also asked about Donald Trump. (Twitter)On the other hand, there are many different kinds of inexpensive jerseys. There are certainly some reasons why such jerseys do not cost you expensively. Maybe they are produced with low manufacturing cost; maybe the material does not have a good quality; maybe they are not authentic ones; or, maybe you buy them in bulk. Therefore, when you ask yourself “where can I buy cheap jerseys?” you know exactly that the answer is not a single one, and you should consider the following things:Will Washington’s beloved RGIII suffer the same fate? Cole and other researchers are now working on standards to measure things like movement and landing skills. The goal is to know more objectively when a knee is ready to return to play, rather than depending on a player’s passion for the game, or a coach’s eagerness to put his star back on the field.And no, we’re not fucking saying that depression is good because it makes you smarter. Things aren’t going to get better if you’re staring blankly at your bedroom ceiling for 16 hours out of the day, contemplating the tragedies of modern life. We’re saying treatment doesn’t start and stop with a magical pill that’s going to somehow make you OK with the fact that your best friend has a brain tumor and your landlord is threatening eviction. Those counseling sessions are intended to help you figure out how to cope with and actually solve Cheap Football Jerseys your problems. Treatment advice includes things such as getting out of the house and making friends real world things you actually have to do. If anything, the wholesale football jerseys drugs are there to give you enough energy to get up and do that stuff. But, finding a blend of treatments that actually work for you can take months or years or the rest of your life. It’s still largely a mystery.”‘Warning: May Cause Suicidal Thoughts’ . That can’t be right.”Myth: The Rorschach Test Is A Cheap NFL Jerseys Trusted Diagnosis ToolYou’ve seen the Rorschach test in half of the movie or TV scenes intended to demonstrate just how nuts the crazy character is. The psychiatrist shows a series of cards with ink blots .”I see that dude from Watchmen . The blue one.”

Comments are closed.