Great news: Iranian-backed terrorists hacked US drone video feeds
posted at 2:30 pm on December 17, 2009 by Ed Morrissey
Skygrabber software, downloadable from the Internet — $25.95. Laptop computer with wireless Internet connection — $500. Ability to hack into US defense systems and see Predator drones heading toward locations of your terrorist comrades — priceless:
Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.
U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington’s growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.
Gee, you think? Don’t get me wrong; I’m no military genius or anything, but it seems to me that one particular task at the Pentagon should be to make sure that our enemies don’t have real-time access to our Predator video feeds. We’ve used encrypted and frequency-hopping communications systems for decades now. No one thought to apply that technology to drone communications?
Apparently, it just wasn’t a priority:
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.
You have got to be kidding me. When I worked in the corporate world, I had responsibility for a sensitive computer system that required industry certification as secure. It cost us a lot of money to make it that way, and we had to follow very restrictive specifications on communications to ensure as much security as possible. We never just assumed that people wouldn’t discover holes in our paths, as our customers expected their data to remain confidential.
Hopefully, the Pentagon takes this task a little more seriously. When a $26 software package can counteract the effectiveness of multimillion-dollar military equipment simply because it took fourteen years for anyone to fix a gaping hole in its security, it’s not difficult to see why terrorists think they can outwit the US and the West.