$26 of Software Defeats American Military 534
reporter writes "A computer program that can be easily purchased for $25.95 off the Internet can read and store the data transmitted on an unsecured channel by an unmanned drone. Drones are crucial to American military operations, for these aerial vehicles enable Washington to conduct war with a reduced number of soldiers. '... the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under US surveillance.'"
but what are the hardware costs? (Score:4, Interesting)
Well, demodulating an unencrypted digital signal is not news.
I am more interested in what kind of RF equipment one would need to capture it off the air. ;)
It's not like you can do this with your WiFi card.
Appearantly, not much (Score:1, Interesting)
In the summer 2009 incident, the military found "days and days and hours and hours of proof" that the feeds were being intercepted and shared with multiple extremist groups, the person said. "It is part of their kit now."
It's either pretty cheap or very easily stolen. I would thing they are using something off the shelf.
Re:Seriously would it have been difficult (Score:1, Interesting)
Why did nobody slap AES or blowfish block ciphers around the video packets?
You marvel because (yet again) government is shown to be incompetent and inefficient?
Not only that, but I'm sure the US government will now pay millions more than it actually costs to "secure" these feeds. And then they will probably lose the encryption keys and work out some sort of hack as a compromise that will be far less secure than the original - only no one will know about it.
This is what you pay taxes for.
Re:The Pentagon is full of idiots (Score:2, Interesting)
Putting encryption in drones is bad. If they fail, the 'bad' people learn much.
If the encryption fails in the long world wide US com links, the US learns nothing due to computer errors.
What they have now is good.
Its in the clear, real time, fast and anyone in the US mil can get to it.
If it falls from the sky, its suburban comms junk, some fancy optics and mb a weapons pack.
If you work for the US mil, your real problem is space blankets or Mylar balloons vs some thermal imagers:)
Re:Oh noes (Score:5, Interesting)
It could be a deliberate ploy to manipulate what the enemy "sees". Why not have a "leak"?
It's a bit like leaving USB keys around for the unsuspecting to pick up...
Some real kneejerk reactions above (Score:5, Interesting)
Is there any real security risk in this? I suspect it is very small. The Russians never bothered to encrypt the telemetry on their ICBM tests, because after all even assuming someone was reading it, they had no way of stopping the thing. Even if you know where the drone is, it is going to be very hard to shoot down; RPGs and IEDs really aren't much use. And given that this is a video feed, how do you ray trace back to the actual position of the camera?
Unfortunately there are plenty of assholes out there who will exaggerate anything in order to claim that they are more security conscious than the next person (and perhaps hope to get a contract for their company). But this is surely small war, no-one dead, move along please.
Can't add encryption? (Score:4, Interesting)
From TFA:
The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes.
As an engineer in the defense industry and with experience integrating communication systems, I can't even think of one military data radio system in use that doesn't have encryption ability. Even if they are using off-the-shelf wifi (doubtful) they wouldn't need to change hardware to at least have some encryption. Either this quote is a lie, or someone did something monumentally stupid.
Re:but what are the hardware costs? (Score:5, Interesting)
Simple explanation here.
Back in the early days of this design, someone designated drone-originated video as unclassified. Otherwise there's no way in hell it would be unencrypted.
This isn't an oversight - there's guaranteed a loooong paper trail going back to a conscious decision regarding the classification level of the drone video here, and following conscious decisions regarding the design.
If you use encryption in a military system that is not NSA Type 1 approved, there's a LOT of paperwork required to prove that your encryption is not being used to protect classified information.
Type 1 approved crypto is a royal pain in the ass. - http://en.wikipedia.org/wiki/Type_1_encryption [wikipedia.org]
It often proves significantly easier in terms of cost and paperwork to not encrypt than to prove that your encryption isn't being used to protect classified information. Security guys ask, "If it's unclassified, why are you encrypting it?", with "It's good design practice." resulting in massive beancounter agro.
Proprietary software (Score:4, Interesting)
No more words needed.
Re:but what are the hardware costs? (Score:2, Interesting)
The hardware costs are not really so important when the military is concerned - even in otherwise poor nations the military can have some very expensive toys.
If I could pick up the UAV's broadcast, I'd probably be far more interested in being able to overpower any control frequency long enough to crash the thing and/or stopping the signal getting back to base. I'd say the control signals are far more likely to be encoded than the vid stream, so selective frequency jamming would be the way to go.
Re:but what are the hardware costs? (Score:5, Interesting)
No kidding.
The SINCGARS is the standard today, though a few versions later.
I flew RQ-11A Ravens in Iraq, and even THOSE aren't plain text transmitions. WFT?
I'm sure a small mod will be pushed out now and the other UAV's will be encrypted and freq-hoping like it's no big deal.
Re:Oh noes (Score:1, Interesting)
It could be a deliberate ploy to manipulate what the enemy "sees". Why not have a "leak"?
It's a bit like leaving USB keys around for the unsuspecting to pick up...
Yes, but the enemy will take this into account.
So they transmit the real data unencrypted, since the enemy will think it is a fake and therefore definitively wrong.
This is the age old principle that confusion is stronger than encryption.
Re:Gung ho (Score:3, Interesting)
To second your post, my best friend is a Major in the Marine Corps (F-18 pilot). He has an engineering degree from Penn and is one of the smartest, most dedicated people I know. His roommate (also a Major and F-18 pilot) has a bachelors and masters degree in electrical engineering from Stanford. Sure, some dumbass people manage to climb up the ladder, but most of the people at that rank and above are pretty darn sharp.
Re:Sh..... (Score:1, Interesting)
Most of the computer engineering is done by private contractors, not by service personnel. Also, jet pilots are a VERY small fraction of the total service population. The vast majority are doing low skill "just follow the manual" jobs and entered the service due to a lack of other options.
Re:Sh..... (Score:5, Interesting)
I went to school with a guy that was student body president, captain of the basketball team, and valedictorian of his class. He went to the Air Force Academy, and after graduating won a Rhoades Scholarship. He has three master degrees, and graduated first in his class from flight school.
He was (maybe still is) in command of the 89th Airlift Wing, which is responsible for flying and maintaining the planes that carry the president, vice president and other top U.S. officials. I believe he was recently promoted to Brigadier General.
Yes -- I'd describe him as "the best and brightest". He also happens to be a very nice guy.
Re:All your drone are belong to us (Score:2, Interesting)
Now that the WSJ is a Rupert Murdoch mouthpiece, it is a tabloid.
Re:$26 is a lot (Score:3, Interesting)
Well, its a fine demagoguery you got there, but the actual reality was that the Taliban demanded to see evidence of Bin Laden's responsibility before handing him over ... and the USA flatly refused.
Your first mistake is assuming that operations against Al Qaeda in Afghanistan started in 2001. The rest of your argument is rendered moot by that mistake. The US has been operating in Afghanistan since the 90's, as a response to earlier Al Qaeda attacks. The 2001 invasion was just the final commitment in a much longer campaign.
I'd say the odds of "victory" in Afghanistan for the USA are pretty much on the same level as those of all the previous Empires ... not entirely zero but any Vegas slot machine looks like a guaranteed retirement plan by comparison.
That, of course, hinges on how you define "victory". If all we care about is maintaining majority control over the country and preventing it from being used as a staging area for further attacks against the west, then we've already won. The Taliban is now using Pakistan as a staging area for it's attacks in Afghanistan, and Al Qaeda is broke and mostly useless.
Under any other reasonable definition we ... we haven't achieved all of the goals we've set for ourselves, but the odds of eventually meeting them are pretty much 100%. The opposite forces have no chance of achieving a military victory - the best that they can hope for is that we get bored and go home. As long as we're willing to stay, we can't lose. Unfortunately, it seems likely that we will decide to leave, largely due to opinions such as yours. I find that truly depressing. Seems like people didn't learn a damn thing from the American mistakes in the 80's.
Re:Gung ho (Score:1, Interesting)
I third the point. Long ago I thought about a career as a naval officer, and went so far as to sign up. They have a program where you can back out at the last minute after having taken a tour, talked to a lot of people, and so forth. I did back out, for my own reasons. But, I came away extremely impressed with the organization, and the people running it. They were as competent or more so than anyone I have since met in the private sector. I am a bleeding heart liberal. But I have tremendous respect for the US military.
Re:Hubris (Score:5, Interesting)
The Germans did not think the Poles could break their codes. The Japanese did not think the US and the Australians would break their codes.
The problem was never breaking the codes.
The problem was breaking the codes more or less instantaneously.
You need time to frame and execute an appropriate response - and far too often the correct response will be to do nothing.
Since to do anything will invite suspicion.
Eavesdropping on the Rising Sun [americanheritage.com]
The Code War [americanheritage.com]
The Edison of Secret Codes [americanheritage.com]
Okay, so they transmit unencrypted... (Score:3, Interesting)
Germans had great confidence in ENIGMA (Score:3, Interesting)
The Germans had great confidence in ENIGMA as well. But, the Allies could read it and it made us look stupid. Granted, cracking some of the current Allied codes would require a fundamental breakthrough in computing - like a proof that P=NP and the utility to solve these problems, but...
What if the Chinese had it?
We would be screwed.
Re:$26 is a lot (Score:4, Interesting)
Actually, this is typical US-centric ignorance showing, Taliban and Al Qaeda are both derivatives of Wahhabi Sunni Arabic Islam sect, while Iranians are not only Shiites but also Persian, not Arabs. Their language is Farsi, not Arabic. Taliban and Bin Laden were always at war with Iran, they consider Shiites to be "apostates". It is one of the reasons the US chose Saddam as its cat's-paw to attack Iran, he was (at least nominally) a Sunni and held deep contempt of all things Shiite, Iran in particular. Curiously, Saddam and Bin Laden were also at odds, mainly because Bin Laden saw Saddam's Iraq in the way of re-creating his utopian Caliphate, with the Caliph restored to Baghdad in its centre. Needles to say pretty much secular and socialist Saddam would not be welcome in the epicentre of the zealot paradise and Bin Laden had fatwas issued calling for Saddam's head to roll (which makes Dick Cheney's idiotic claims of Saddam - Al Qaeda cooperation truly comical).
As I pointed out in another post, should Bin Laden not take credit, some other wacko (and most likely several of them at once) would. Bin Laden's main claim to fame is that the US chose him to be the "Celebrity Evildoer #1" single-handedly responsible for all evils globally, past, present and future. Needless to say this instantly gave him far greater credibility then all the others combined.
It was in the interest of every radical loon to claim that he, and only he, was the "mastermind" of the most famous and successful terrorist foreign strike on the US soil. The instant ego expansion possibilities were just endless on this one for the Jihadists.
Actually, no, it is not great. We do not want you to be the "bad guy". In fact we'd rather that the US came to its senses and started to act like its actions were based on the great principles and traditions it always boasts about being at its core. The world would be a much better place for it than with the US as a hypocritical, back-stabbing, duplicitous, greedy, self-centred, arrogant bully it is acting like now.