What Were They Thinking?
The fact that a sophisticated, multi-million-dollar aerial surveillance system could be compromised so easily because of a fundamental security oversight is stunning, several security analysts said.
"Frankly, this is shocking to me," said Ira Winkler, president of the Internet Security Advisors Group. (Winkler is also the author of Spies Among Us and a Computerworld columnist.) "You have one of the most critical weapon systems in the most critical regions transmitting intelligence data unencrypted," Winkler said.
In order to intercept these communications, you require (1) a satellite dish [now I have a use for my old one!], and (2) a copy of a $26 Russian software tool called SkyGrabber, which is designed to help people in remote Russian locations (there being few other kind) to access satellite TV and Internet.
"Those sorts of assumptions always get us in trouble," said Lewis, who earlier this year led a group that developed a set of cybersecurity recommendations for the White House. "You can be sure that the insurgents weren't the only folks watching the feeds," he said.
The insurgents have not, so far as we know, actually succeeded in seizing control of a Predator. (Though of course you always have to wonder when a Hellfire supposedly targeting the al-Qaeda leadership blows up a Muslim wedding instead.)
The Air Force has known about this for ten years! And done nothing! (The CIA drones flying out of Pakistan apparently encrypt all transmissions, showing that the CIA know at least a little about elementary communications security.)
But wait! There's more! Not only are the Predator drones vulnerable, so are all our fighters and bombers!
The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq.
But those early units were “fielded so fast that it was done with an unencrypted signal. It could be both intercepted (e.g. hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program. In a presentation last month before a conference of the Army Aviation Association of America, a military official noted that the current ROVER terminal “receives only unencrypted L, C, S, Ku [satellite] bands.”
So the same security breach that allowed insurgent to use satellite dishes and $26 software to intercept drone feeds can be used the tap into the video transmissions of any plane.
Sure is lucky we're fighting a bunch of unsophisticated tribal know-nothings, because otherwise, y'know, we could be in trouble.