$26 of Software Defeats American Military 534
reporter writes "A computer program that can be easily purchased for $25.95 off the Internet can read and store the data transmitted on an unsecured channel by an unmanned drone. Drones are crucial to American military operations, for these aerial vehicles enable Washington to conduct war with a reduced number of soldiers. '... the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under US surveillance.'"
IN soviet russia (Score:5, Funny)
...you observe uav
Re:IN soviet russia (Score:5, Insightful)
Mods. That comment may be redundant, it may be old and tired, but it is certainly not offtopic. In fact, in the grand scheme of frist psots!, it might be the most on-topic one I've seen in years.
but what are the hardware costs? (Score:4, Interesting)
Well, demodulating an unencrypted digital signal is not news.
I am more interested in what kind of RF equipment one would need to capture it off the air. ;)
It's not like you can do this with your WiFi card.
Re:but what are the hardware costs? (Score:5, Insightful)
Re:but what are the hardware costs? (Score:5, Funny)
Re:but what are the hardware costs? (Score:5, Funny)
Re:but what are the hardware costs? (Score:5, Informative)
No, demodulating a signal is not news. But not encrypting it in the first place ought to be.
(And TFA had a red herring in its focus on the software used to record the signal--the software is probably the easy part, once you've captured the signal).
We were using SINCGARS in the early 90's. SINCGARS is a frequency hopping, encrypted method of voice communication. We were just starting to use it to network military vehicles and personnel with HQ and each other. If SINCGARS could have been cracked, it would have put a beacon on every vehicle and soldier on and off the battlefield, not to mention eavesdropping. However, the inventor of SINCGARS could not decrypt the signal without the software and hardware keys. The software keys were changed at will. Usually weekly, but could easily be done daily. I am shocked that this signal does not use better encryption and/or frequency hopping. This type of communication is critical to tomorrow's battlefield.
Re:but what are the hardware costs? (Score:5, Insightful)
If they can prevent me from watching porn on cable and satellite, they should be able to prevent these guys from hijacking the video feeds from the UAVs.
Re:but what are the hardware costs? (Score:5, Funny)
Re: (Score:3, Informative)
True! So True!
Re:but what are the hardware costs? (Score:4, Insightful)
Maybe they're purposefully sending incorrect video feeds unencrypted, and this story has been disseminated to lull the enemy into a false sense of security.
Re:but what are the hardware costs? (Score:5, Funny)
What they SHOULD do is to substitute porn for the regular video feeds.
They would either stop watching out of their sense of morality or NEVER stop watching.
Win - Win situation.
Re:but what are the hardware costs? (Score:5, Interesting)
Simple explanation here.
Back in the early days of this design, someone designated drone-originated video as unclassified. Otherwise there's no way in hell it would be unencrypted.
This isn't an oversight - there's guaranteed a loooong paper trail going back to a conscious decision regarding the classification level of the drone video here, and following conscious decisions regarding the design.
If you use encryption in a military system that is not NSA Type 1 approved, there's a LOT of paperwork required to prove that your encryption is not being used to protect classified information.
Type 1 approved crypto is a royal pain in the ass. - http://en.wikipedia.org/wiki/Type_1_encryption [wikipedia.org]
It often proves significantly easier in terms of cost and paperwork to not encrypt than to prove that your encryption isn't being used to protect classified information. Security guys ask, "If it's unclassified, why are you encrypting it?", with "It's good design practice." resulting in massive beancounter agro.
Re: (Score:3, Informative)
That's right. I'm not sure this is even a problem. So you can see the video. BFD. You know, the fun really begins when we start broadcasting bogus video. Much cheaper than launching real platform and just as fun.
I worked on a UAV system in the mid 80's and we didn't encrypt anything (everybody remain calm:that was then, this is now). I did the entire RF system using off the shelf packet radio systems at 1200 baud. Encryption adds overhead and we were just a POC demo.
Re:but what are the hardware costs? (Score:5, Interesting)
No kidding.
The SINCGARS is the standard today, though a few versions later.
I flew RQ-11A Ravens in Iraq, and even THOSE aren't plain text transmitions. WFT?
I'm sure a small mod will be pushed out now and the other UAV's will be encrypted and freq-hoping like it's no big deal.
Re:but what are the hardware costs? (Score:4, Insightful)
frequency hopping != encryption
especially if you are the only transmitter in that spectrum nearby.
Germans had great confidence in ENIGMA (Score:3, Interesting)
The Germans had great confidence in ENIGMA as well. But, the Allies could read it and it made us look stupid. Granted, cracking some of the current Allied codes would require a fundamental breakthrough in computing - like a proof that P=NP and the utility to solve these problems, but...
What if the Chinese had it?
We would be screwed.
Re:but what are the hardware costs? (Score:5, Funny)
Turns out the drones use bluetooth. Just the other day my laptop asked me to sync to one when I was put a pringles can on the antenna.
"Windows has found a MQ-9 Reaper, would you like to connect?"
At this point I was (a.) terrified and (b.) glad that somebody with some clout was going to do something about the increased crime in the area.
Re:but what are the hardware costs? (Score:5, Informative)
Re:Appearantly, not much (Score:4, Informative)
Warning:
Comment in first link warns not to trust uploader. Possible nasty shit instead of actual App.
And, no, I am not going to find out...The last thing I want is the feds kicking in my door. Keeping the article in mind, I suspect the Government will be closely watching these torrents now (if they haven't already been doing so. Wouldn't surprise me if the whole story is a government plant to smoke out tourists...erm, terrorists).
I apologize for the self-response, but felt it was warranted.
Sh..... (Score:5, Funny)
Don't tell the DoD. They've been paying $7,000 per license for that software.
Re: (Score:2, Insightful)
Don't they understand that even the weakest simplest encryption, is 1000 times better than none at all?
Re:Sh..... (Score:4, Insightful)
Re:Sh..... (Score:4, Insightful)
Re: (Score:3, Insightful)
"Halliburton is not in the defense business to defend. They're in the defense business to make money"
What?! You mean to tell me that Halliburton, Raytheon, Lockheed Martin, and General Electric are not staffed by monks who've taken a vow of poverty?
People who aren't in business to make money seldom manage to stay in business long enough to do anything at all. And I'd much rather contractors operate at a profit than be perpetual budgetary basket-cases like NASA.
Re: (Score:3, Informative)
I have to take exception to this. I work for a military contractor and I take my job very seriously. I know that there are men and women who are trusting me with their lives to do my job properly. They require me to do my job error-free. On-time, on-budget are nice but are, and always will be, secondary concerns.
I get paid very well, I get a lot a nice benefits, and the atmosphere is excellent. (Hell, I even get to read /.!) The goal of any company is to make money, yes, but that's a fact of life. I expect
Re:Sh..... (Score:5, Insightful)
Re: (Score:3, Insightful)
Silly concentration-camp prisoners during WW2, falling for that lie and thinking the Allied forces were the good guys. Man, what a bunch of rubes, when clearly, according to you, they were no different than the Wehrmacht.
Or did you really mean some battlefields, or "the occasional battlefield"?
Re: (Score:3, Informative)
They let just anyone fly jets too.
Although it's not a jet, the top drone pilot is a 20 y/o kid whose only experience prior was video games.
Gung ho (Score:5, Insightful)
Not to be harsh about it, but think back to high school and college and ask yourself if you would describe the people who were planning military careers as the "best and brightest" of your class.
Ahh, you are thinking of the one or two guys who were all gung ho but not especially bright and had delusions about being a badass commando. Yeah, my school had some too. See the thing is though that those guys aren't the guys running the military. The guys you are thinking of end up as infantry grunts or something similar and exit the service after a few years. I have a cousin who is one of those guys. Smart but classic ADHD and socially stunted and not someone I'd trust right now to be in charge of anything. But he served two tours in Iraq and now he's in college so I have hope for him.
The guys in the officer corps (commissioned and higher level NCO) are almost invariably bright and hard working and most of them that I've ever met didn't talk much about their interest in the military. I have a classmate who is a major in the US Navy who never gave the slightest hint he was interested in a military career. He was quiet, very smart, and I would have guessed he'd be an engineer but instead he's become a heck of a good officer. I have a number of friends who were graduates of West Point and Annapolis and I've been impressed as hell by each one of them. Smart, incredibly disciplined, and I'd hire any one of them in a heartbeat.
The US military is an incredibly complicated and large organization with huge budgets, difficult goals, and a huge workforce. If you think managing all that is easy and doesn't require tremendous skill, you are delusional. Sure they make mistakes just like any other large organization but their mission is also more complicated than most and if they fail, people die.
Re: (Score:3, Interesting)
To second your post, my best friend is a Major in the Marine Corps (F-18 pilot). He has an engineering degree from Penn and is one of the smartest, most dedicated people I know. His roommate (also a Major and F-18 pilot) has a bachelors and masters degree in electrical engineering from Stanford. Sure, some dumbass people manage to climb up the ladder, but most of the people at that rank and above are pretty darn sharp.
Re: (Score:3, Informative)
Re: (Score:3, Informative)
The Navy does not have a rank called Major.
Quite right. Brain fart on my part. He's an O-4 which in the Navy is Lt Cmdr. Most of the military guys I know are in the other branches so I transposed...
Re:Sh..... (Score:5, Interesting)
I went to school with a guy that was student body president, captain of the basketball team, and valedictorian of his class. He went to the Air Force Academy, and after graduating won a Rhoades Scholarship. He has three master degrees, and graduated first in his class from flight school.
He was (maybe still is) in command of the 89th Airlift Wing, which is responsible for flying and maintaining the planes that carry the president, vice president and other top U.S. officials. I believe he was recently promoted to Brigadier General.
Yes -- I'd describe him as "the best and brightest". He also happens to be a very nice guy.
Re:Sh..... (Score:5, Insightful)
I think this has about as much to do with Army IT as IE vulnerabilities have to do with the Microsoft IT department.
This is bullshit, guys. (Score:5, Informative)
The only question is, would this make more sense as an added option in wireshark, or GNU Radio?
Re:This is bullshit, guys. (Score:5, Funny)
The only question is, would this make more sense as an added option in wireshark, or GNU Radio?
Well to keep with the unix philisophy of small reusable components the following should be done:
Re:This is bullshit, guys. (Score:4, Funny)
Yes, it was approximately the size of a UAV.
Re: (Score:2, Informative)
Re: (Score:2, Redundant)
You have that backward. It hasn't gone by Ethereal for quite a few years. The official, current name is Wireshark [wireshark.org].
$26 is a lot (Score:5, Insightful)
Counting the cheapest part of the machine is silly.
Software is often free. $26 is a lot for software. The radio reception, etc. and knowing where to aim are all much more expensive and require skill.
Re: (Score:2)
Re: (Score:2, Offtopic)
It's not even a particularly original strategy. The British used to employ almost identical tactics back in the late 19th/early 20th century. Back then, the prerequisite of a British campaign was that the enemy should under no circumstances carry guns -- even spears made us think twice. The kind of people we liked to fight were two feet tall and armed with dry grass.
Re:$26 is a lot (Score:4, Informative)
You really should attribute Blackadder when you quote it.
Anyway, it was written for comedic effect rather than accuracy, generally in colonial wars British fought against people with guns, Zulus being a prime example of a group often depicted inaccurately without firearms or military organization, an insult to both sides of that conflict.
Re:$26 is a lot (Score:4, Insightful)
Yes, it did. Not that the Taliban didn't have it coming, but the USA was still the attacker.
If your friend shoots one of my family members and then goes and hides in your house, I'm not picking a fight with you when I come to drag him out. If you decide to get in my way, that's your problem.
The pathetic thing here is that Taliban, Al-Qaida and bin Laden are all still alive and at large, so it could be argued that the US actually lost, failing to meet its goals for the invasion.
By the same logic, Germany and Japan still exist today so I guess the US lost in WW2, also. Good thinking!
They do seem to be quite primitive, actually, considering how quickly their defense collapsed, and how few casualties the attacker suffered.
Frankly, the US could probably roll over the Canadian military tomorrow, just as quickly, while suffering not many more casualties. I guess Canada is primitive too, huh?
You're confusing American dominance for Iraqi incompetence, and then assessing their entire nation based on your misunderstanding. That's just silly.
Re:$26 is a lot (Score:5, Insightful)
Well, its a fine demagoguery you got there, but the actual reality was that the Taliban demanded to see evidence of Bin Laden's responsibility before handing him over (remember that Bin Laden is just a "spiritual leader" - read: "pontificating bore that talks hell of a lot but hasn't actually done much directly" as opposed to other, more hands-on operatives who worked out of Pakistan, Saudi Arabia and, in the case of the 9/11 crew, Germany) and the USA flatly refused. Following which the USA invaded declaring any and all comers as "unlawful combatants" with no rights of any kind.
So to keep your analogy straight, you have a case of my friend showing up at my house saying that you are gunning for him, following which you show up with a box of explosives and demand that I hand him over or else "because he did me wrong!". And when I say "hold on for a sec, what proof exactly do you have?" you say "I don't have to explain myself to a non-human like you, far beneath my superior Manifest Destiny self! What I say goes or else! You got 10 minutes to comply!" and then set the bomb off 5 minutes later, killing my wife and maiming my kids, following which you get the biker gang down the street to help you rummage through and "govern" the wreckage. And so now you have two mortal enemies instead of one and not exactly what could be called a "moral high ground".
This is how the Afghanistan mis-adventure is seen by "the other side" and it is of little wonder that the fight will likely go on indefinitely, Taliban having quite a bit (and growing by many accounts) of local support and very able to present itself as the victims of a belligerent, arrogant, foreign, religiously-motivated, supremacist aggressor, victims who will defend their ancestral homeland, their religion and their "way of life" against that aggressor to the bitter end.
I'd say the odds of "victory" in Afghanistan for the USA are pretty much on the same level as those of all the previous Empires ... not entirely zero but any Vegas slot machine looks like a guaranteed retirement plan by comparison.
Re: (Score:3, Interesting)
Well, its a fine demagoguery you got there, but the actual reality was that the Taliban demanded to see evidence of Bin Laden's responsibility before handing him over ... and the USA flatly refused.
Your first mistake is assuming that operations against Al Qaeda in Afghanistan started in 2001. The rest of your argument is rendered moot by that mistake. The US has been operating in Afghanistan since the 90's, as a response to earlier Al Qaeda attacks. The 2001 invasion was just the final commitment in a much longer campaign.
I'd say the odds of "victory" in Afghanistan for the USA are pretty much on the same level as those of all the previous Empires ... not entirely zero but any Vegas slot machine looks like a guaranteed retirement plan by comparison.
That, of course, hinges on how you define "victory". If all we care about is maintaining majority control over the country and preventing it from being used as a staging area for
Re:$26 is a lot (Score:5, Insightful)
Oh I see, so in addition to being the chief sugar-daddy and arms supplier to Al Qaeda throughout 1980s, the USA then proceeded to meddle directly and covertly in Afghanistan as soon as their "allies" won and the USSR withdrew, showing itself utterly duplicitous and untrustworthy to the locals ... and this is improving your case how exactly?
By that token the Nazis "won" WWII in 1942 ... I mean they occupied and held a lot of territory at the time, "preventing it from being used as a staging area by the Allies", no?
Yes, the time-honoured way of getting your ass handed to you: "fail to declare coherent, logical and testable goals, bloviate endlessly about 'progress' and 'democracy' and whatever other abstract and nebulous feel-good concept you can come up with, declare 'victory' and skedaddle home holding your bruised posterior, having met 'your goals' 110%! - whatever those 'goals' morphed into in the end in order to be met 110%". You did not seriously think you are the first would-be conqueror to come up with this?
You have an interesting way of defining "boredom", apparently measured in trillions of dollars, thousands of wounded, dead and maimed on your side and many more on theirs...
And yes, all the defenders have to do is to do what they always have done ... to outlast the latest Empire until it crawls back whence it came from. They have an ample precedent for that, although you are of course the Super-extra-specially-exceptional Empire, the American One, so everything will be oh-so-super-specially-extra-exceptionally different for you, despite no substantial changes in the general conditions of the whole affair. Just because America is oh-so-Speeeecial!
Which is pretty much a guaranteed loss for the USA as the "will to stay" (translated to real-life measurements of mayhem and treasury) is far, far, lower than "their" will to outlast you - they are after all fighting for their homes, their "way of life" (as they see it) and their religion (and "zealot" is too kind a word to describe most of them) - and all that on top of their vastly disproportionately lower cost of warfare!
No, you will leave because that is the only thing you can do. The alternative is "total war" and utter bankruptcy of the US Empire. None of the previous empires left because of nay-sayers either, they left because staying further meant Imperial Collapse (and some, like the USSR, waited a tad too long). No amount of Rah-Rah cheer leading will change basic realities of Afghanistan and the logistics of foreign conquests.
Re:$26 is a lot (Score:4, Insightful)
Now this is a classic case of Projection! Accuse your opponent of the very thing you are doing and then try to escape pretending that somehow defending your lies is beneath your oh-so-high-moral-standards!
Speaking of detailed explanations [wikipedia.org] however... oh but you probably meant this whiny quote form the US government "The United States wanted to be able to deny that the CIA was funding the Afghan war, so its support was funneled through Pakistan's Inter Services Intelligence agency (ISI). ISI in turn made the decisions about which Afghan factions to arm and train, tending to favor the most Islamist and pro-Pakistan. The Afghan Arabs generally fought alongside those factions, which is how the charge arose that they were creatures of the CIA." - oh so everything is now so wonderfully clear! You did not hand the brown envelopes directly to Bin Laden, you had a middle man! Therefore you soooo absolutely absolved of any culpability, yes Siree! After all if one hires a middle-man, one is automatically innocent of anything that middle-man might have done in one's name ... unless of course you are not an American! Then all the rules change, naturally.
Re:$26 is a lot (Score:4, Interesting)
Actually, this is typical US-centric ignorance showing, Taliban and Al Qaeda are both derivatives of Wahhabi Sunni Arabic Islam sect, while Iranians are not only Shiites but also Persian, not Arabs. Their language is Farsi, not Arabic. Taliban and Bin Laden were always at war with Iran, they consider Shiites to be "apostates". It is one of the reasons the US chose Saddam as its cat's-paw to attack Iran, he was (at least nominally) a Sunni and held deep contempt of all things Shiite, Iran in particular. Curiously, Saddam and Bin Laden were also at odds, mainly because Bin Laden saw Saddam's Iraq in the way of re-creating his utopian Caliphate, with the Caliph restored to Baghdad in its centre. Needles to say pretty much secular and socialist Saddam would not be welcome in the epicentre of the zealot paradise and Bin Laden had fatwas issued calling for Saddam's head to roll (which makes Dick Cheney's idiotic claims of Saddam - Al Qaeda cooperation truly comical).
As I pointed out in another post, should Bin Laden not take credit, some other wacko (and most likely several of them at once) would. Bin Laden's main claim to fame is that the US chose him to be the "Celebrity Evildoer #1" single-handedly responsible for all evils globally, past, present and future. Needless to say this instantly gave him far greater credibility then all the others combined.
It was in the interest of every radical loon to claim that he, and only he, was the "mastermind" of the most famous and successful terrorist foreign strike on the US soil. The instant ego expansion possibilities were just endless on this one for the Jihadists.
Actually, no, it is not great. We do not want you to be the "bad guy". In fact we'd rather that the US came to its senses and started to act like its actions were based on the great principles and traditions it always boasts about being at its core. The world would be a much better place for it than with the US as a hypocritical, back-stabbing, duplicitous, greedy, self-centred, arrogant bully it is acting like now.
It doesn't defeat them (Score:3, Insightful)
Defeating them would be gaining control of the drones (a really scary proposition)
This seems to be an information leak.. something that ought to be fixable by using some sort of encryption.
Or even by making slight changes to the stream format, since SkyGrabber seems to just be off-the-shelf software.
Re: (Score:2)
Defeating them would be gaining control of the drones (a really scary proposition)
If the outgoing stream wasn't encrypted, what makes you think the control stream was? It probably wasn't encrypted either - apart from the fact that the commands themselves are a form of substitution cypher.
Oh noes (Score:5, Informative)
So they recorded unencrypted OTA video feeds? While yes, they probably should have been encrypted in the first place and . . .
The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.
Yea that's kinda bad and lazy of them,
Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.
they're fixing it.
Re:Oh noes (Score:5, Insightful)
Security vulnerabilities happen, and are unfortunate and need to be fixed, and we really should spend more time and resources on caring about them; but that is all manageable software/systems engineering stuff.
Making important decisions on the basis of "Eh, our enemies are just ignorant mud farmers anyway, no problem", on the other hand, is colossally arrogant and extremely dangerous. Particularly, since the US currently has the world's highest tech and most expensive military, "Eh, they're just primitives, no problem" is a practically all-purpose dismissal of virtually any problem that you are too lazy to fix. That is a recipe for learning, the hard way, about every new asymmetric warfare trick.
Re:Oh noes (Score:5, Funny)
I believe that the technical term for that is "Security Through La-la-la-I'm-not-listening!"
Although it has a long and glorious past filled with successes, it's still not a recommended way to secure anything more important than ordering a pizza.
Re:Oh noes (Score:5, Interesting)
It could be a deliberate ploy to manipulate what the enemy "sees". Why not have a "leak"?
It's a bit like leaving USB keys around for the unsuspecting to pick up...
Time to copyright! (Score:5, Funny)
Stupid question time... (Score:2)
...why in the world wasn't all the data feeds sent to & from a drone encrypted ALREADY? It took someone sniffing the wireless feed for someone to realize this?!
note to self: (Score:2)
it is generally a bad idea to piss off people who have access to thermonuclear weapons and killer robots when I don't.
since this is /. I'll throw in a conspiracy theory + dumb meme: is the program really a CIA honeypot which just reports fake data? in the post 9/11 era, does your tracking software track you?
Re: (Score:3, Informative)
The software CIA honeypot is Microsoft and people who use it networked.
Just as Enigma was and crypto ag was.
Skygrabber is a powerful filter system for a satellite dish. Passive and not networked.
Mb some version
Seriously would it have been difficult (Score:2)
Why did nobody slap AES or blowfish block ciphers around the video packets? I admit I am assuming the video is digital. There are inexpensive (in terms of the cost of a drone) silicon implementations of both for the planes and BSD licensed software for the stations. If they just used preshared keys its would have been trivial to do and probably would have prevented this.
Re:Seriously would it have been difficult (Score:5, Informative)
It should've been encrypted, for sure. Agreed.
However, it does need to be encryption that works over a noisy channel, with possible gaps in the datastream. Your typical block-cipher using chaining thus doesn't qualify. (If you wonder why, try encrypting a one-megabyte file, then change a few characters randomly in the first half of the file, then decrypt it)
It's still not a hard problem mind you, just slightly more so than "grab AES, set it to CBC-mode"
Re:Seriously would it have been difficult (Score:5, Insightful)
...
You are a dangerous fool. Never use a one-time pad more than once, even for "light" security. Doing that turns the whole thing into a Vigenère cipher [wikipedia.org] and destroys all security. You might as well just XOR each byte of the message with 0x42.
Re:Seriously would it have been difficult (Score:4, Informative)
A Vigenère cipher generates ciphertext C(N) by passing plaintext symbol P(N) through the function E(P(N), K[N mod len(K)]), where N is the symbol number of the input, K is the key, K[Q] is the Qth symbol in K, and E is a function such that E(A,B) -> A', and E(A',B) -> A. Decryption simply applies the same function to the ciphertext, yielding the original plaintext.
This description clearly applies to XOR with a random pad. What makes a one-time pad secure is that the key is always longer than the input, so attacks that depend on correlation don't work. Conversely, Vigenère is insecure because the key repeats. Used with a random "key" as long as the message, Vigenère is equivalent to XOR, and is provably and perfectly secure.
Re:Seriously would it have been difficult (Score:4, Informative)
Telling me the key length is a big hint. But 5,632 bytes is only about 11 repetitions of your key. That means I have 512 separate Caesar ciphers to crack, with a ciphertext of 10 or 11 characters each. Even Sherlock Holmes needed more than that to solve the puzzle of the Dancing Men.
Feel free to carry on using your not-so-one-time pad, though. The larger the data set relative to the key, the easier it gets. Once you give the attacker enough data to make frequency analysis possible on the 512 separate Caesar ciphers, then your Vigenere cipher is gone.
Re:Seriously would it have been difficult (Score:4, Insightful)
And of course these drones have been operating for years, and have to withstand conditions well beyond what any off the shelf parts are rated for. Doing good crypto in a small package wasn't quite as easy twenty years ago when these were in development.
Re: (Score:3, Informative)
Private companies were much better, until they started outsourcing to India. It's amazing how economy can work for you and against you at the same time isn't it?
Seems Expensive (Score:3, Funny)
RMS (Score:5, Funny)
Not all religious zealots with huge bushy beards who fight in jihads and live in caves and don't use commercial software are terrorists.
Anonymous Coward (Score:2, Insightful)
Perhaps the smart play would be to quietly encrypt actual data, while continuing to broadcast placebo or manipulated data in the clear.
So instead of leaking this to the news... (Score:5, Insightful)
you have a good point (Score:5, Insightful)
furthermore, there's nothing to say they still can't do that, or aren't actually doing that already. in fact, a big story in the international press about how dumb the military is on these video feeds is a good cover. one can hope, anyways, that the military is smarter than depicted in this story
Hubris (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:Hubris (Score:5, Interesting)
The Germans did not think the Poles could break their codes. The Japanese did not think the US and the Australians would break their codes.
The problem was never breaking the codes.
The problem was breaking the codes more or less instantaneously.
You need time to frame and execute an appropriate response - and far too often the correct response will be to do nothing.
Since to do anything will invite suspicion.
Eavesdropping on the Rising Sun [americanheritage.com]
The Code War [americanheritage.com]
The Edison of Secret Codes [americanheritage.com]
More important question (Score:2)
So they were able to intercept the unencrypted, a more important question is why weren't these communications encrypted?
Re:More important question (Score:5, Insightful)
If received and understood by the enemy in a timely manner, very useful information. But if it is just the image unencrypted and not GPS coordinates, etc, the enemy would have to have enough people watching the feeds to recognize the terrain that was being photographed... it's easy to see why this might not be considered likely and lead to the poor judgement to leave it unencrypted when the drones were designed, many years ago with less powerful processors available.
What about the control channel? (Score:2)
If the data feed coming _from_ the drone is cleartext, what about the commands being sent to it? TFA says there's "no evidence" that insurgents have been able to commandeer the drones yet, but doesn't say whether that's because the channel is secure, or that they just haven't reverse-engineered the protocol yet. O_o
Dear Secretary Gates.. (Score:2)
Are you trying to lose the fucking war?
Yes, keep looking at the unencrypted channel... (Score:2)
Some real kneejerk reactions above (Score:5, Interesting)
Is there any real security risk in this? I suspect it is very small. The Russians never bothered to encrypt the telemetry on their ICBM tests, because after all even assuming someone was reading it, they had no way of stopping the thing. Even if you know where the drone is, it is going to be very hard to shoot down; RPGs and IEDs really aren't much use. And given that this is a video feed, how do you ray trace back to the actual position of the camera?
Unfortunately there are plenty of assholes out there who will exaggerate anything in order to claim that they are more security conscious than the next person (and perhaps hope to get a contract for their company). But this is surely small war, no-one dead, move along please.
Re:Some real kneejerk reactions above (Score:5, Insightful)
Unfortunately there are plenty of assholes out there who will exaggerate anything in order to claim that they are more security conscious than the next person (and perhaps hope to get a contract for their company). But this is surely small war, no-one dead, move along please.
And those same people don't know (or remember) the first rule of intelligence:
Those who know, don't talk. Those who talk, don't know.
Re:Some real kneejerk reactions above (Score:5, Insightful)
Is there any real security risk in this? I suspect it is very small.
The risk to this is not a danger to troops. The risk of this is having a completely un-edited video source available to people who would have a field day if the official US proclamation of what happened was visibly different from the recorded video stream
Re:Some real kneejerk reactions above (Score:4, Insightful)
Awesome point! And of course, since they've had access to these feeds for over a year, can we then assume that there hasn't been an incident where showing the footage would have disproved the US version of events?
Of course, they would be hestitant to tip thier hand that they've got access to the footage, but if they really caught us in a lie, don't you think they'd show it?
Can't add encryption? (Score:4, Interesting)
From TFA:
The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes.
As an engineer in the defense industry and with experience integrating communication systems, I can't even think of one military data radio system in use that doesn't have encryption ability. Even if they are using off-the-shelf wifi (doubtful) they wouldn't need to change hardware to at least have some encryption. Either this quote is a lie, or someone did something monumentally stupid.
Re:Can't add encryption? (Score:4, Insightful)
As an engineer in the defense industry you probably also know how long defense systems live and how hard it can be to get upgrades pushed out into the field. It wouldn't surprise me at all if it wasn't technically feasible to encrypt the video stream at the time this system was first deployed and since then upgrading it has never been a priority for anyone with enough clout to make it happen. Now that its on SecDef's radar how long do you think its gonna take before this gets fixed?
Famous Last Words... (Score:5, Funny)
"Hey I can see my house from here! Oh Wai..."
Proprietary software (Score:4, Interesting)
No more words needed.
Re: (Score:3, Insightful)
Must be good to live in a world where all life's problems can be solved by OSS software. Sadly, life just isn't that simple.
Re: (Score:3, Insightful)
Must be good to live in a world where all life's problems can be solved by OSS software. Sadly, life just isn't that simple.
They didn't have to use OSS.
How about using established standards?
Then the Army can drop in some off the shelf fix instead of having
to pay their sole vendor to custom code/design new software/hardware.
Yawn (Score:3, Insightful)
$26 software defeats American military? OMG, we've been beaten?
Oh, wait... you're just saying that insurgents have a tactical advantage in some missions because they've exploited a security vulnerability using $26 software. So maybe $26 software used as weapon aganist US military?
Ah... but the military discovered the problem in the field, and is working to plug the security hole. $26 software annoys American military temporarily.
And What If Al-Qida Sees A Beat Cop Overhead? (Score:3, Funny)
Sounds like a honey-pot to me (Score:3, Funny)
2) Offer software for sale on the internet.
3) Include tracking device with every copy of software sold.
4) Trace every shipment to it's destination.
5) Send Predator drone to attack destination.
Yep, sounds like a winning plan to me!
Okay, so they transmit unencrypted... (Score:3, Interesting)
Re: (Score:2, Interesting)
Putting encryption in drones is bad. If they fail, the 'bad' people learn much.
If the encryption fails in the long world wide US com links, the US learns nothing due to computer errors.
What they have now is good.
Its in the clear, real time, fast and anyone in the US mil can get to it.
If it falls from the sky, its suburban comms junk, some fancy op
Re: (Score:2)
What if the military has arranged a backdoor in this particular software package? That could result in an awful lot of valuable intelligence for them. Handing out a few unencrypted drone feeds to bait the trap might not be such a terrible tradeoff.
Not saying that's how it is, of course, but it's a possibility.
Re:All your drone are belong to us (Score:5, Insightful)
Sensationalist... i would expect this from a tabloid.
Title should have been: Unencrypted data broadcasted everywhere ... can be received by anyone!
The leap from that to "$26 of Software Defeats American Military" is quite a big leap in my opinion.
Re:All your drone are belong to us (Score:4, Funny)
Re: (Score:3, Informative)
I agree. I expect better from Slashdot, but they seemed to have turned their headline writing over to the DrudeReport.
What they don't say is that this report going back to January of this year, and that the military has been working on fixing the problem since then. They "hackers" can only pick up the video signal, not other info, and could not control the drones, which is what is implied from the headline.
I do think it is embarrassing and kind of hard to imagine that you couldn't see this coming, especiall
Re: (Score:3, Funny)
Obviously they don't think it's a big issue. And they're right. What's the worst case scenario here?
Last words overheard from an Al Qaeda satellite-intercept house: "Hey, look, I'm on TV!"