Searching \ for '[OT] Insurgents Hack U.S. Drones' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: massmind.org/techref/index.htm?key=insurgents+hack
Search entire site for: 'Insurgents Hack U.S. Drones'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Insurgents Hack U.S. Drones'
2009\12\17@230404 by Eric Wolf

picon face
Not exactly unbelievable.  The Pentagon assumes alot that it
shouldn't.  There's just too much "old guard" laying in the tech
sector of the DOD.

On Thu, Dec 17, 2009 at 9:52 PM, Vitaliy <spam_OUTpiclistTakeThisOuTspammaksimov.org> wrote:
{Quote hidden}

> -

2009\12\18@015918 by William \Chops\ Westfield

face picon face
>> But the Pentagon assumed local adversaries wouldn't know how
>> to exploit it, the officials said."
>>
>> Unbelievable.
>
I dunno.

First, the article I read said that all the insurgents had done was  
access the broadcast video, which is a pretty long way from "hacking"  
in my dictionary.

Second, it implied that the software/equipment to do this was  
something you could buy "off the shelf" these days, which was assumed  
to be what had been done.

Buying a police scanner doesn't translate to knowing how to exploit  
and hack the police radio system...

(not that it isn't useful if you're the one the drone is chasing.)

I made up an original joke on the subject:

"Insurgents in Iraq and Afghanistan have intercepted live video feeds  
from Predator drones. They were caught uploading video segments  
containing themselves to youtube, facebook, and other internet sites,  
and have been referred to their HR departments for possible  
disciplinary action."

(my wife thought it was stupid :-())

BillW

2009\12\18@051613 by Gerhard Fiedler

picon face
William "Chops" Westfield wrote:

>>> But the Pentagon assumed local adversaries wouldn't know how to
>>> exploit it, the officials said."
>>>
>>> Unbelievable.
>
> I dunno.
>
> First, the article I read said that all the insurgents had done was
> access the broadcast video, which is a pretty long way from "hacking"
> in my dictionary.
>
> Second, it implied that the software/equipment to do this was
> something you could buy "off the shelf" these days, which was assumed
> to be what had been done.

Exactly... I can't speak for Vitaliy, but what I find unbelievable is
that the Pentagon assumed that "local adversaries" (i.e. people outside
the USA) are generally to dumb to do this, and that they were surprised
to find that they weren't.

Such unbelievable miscalculations apparently don't happen only with
unencrypted drone video feeds.

> Buying a police scanner doesn't translate to knowing how to exploit  
> and hack the police radio system...

Of course not. But what would you think of a police officer who thought
that listening to (unencrypted) police radio was too high-tech for
criminals and that normal police radio was safe? "Unbelievable?" :)

Gerhard

2009\12\18@131746 by Nathan House

picon face
>First, the article I read said that all the insurgents had done was
>access the broadcast video, which is a pretty long way from "hacking"
>in my dictionary.

I read an article on this a few days ago, and that's exactly what I was
thinking.. I wonder why the video link wasn't encrypted, though?

2009\12\18@133747 by Mark E. Skeels

flavicon
face
Good grief.

Can you imagine them being that negligent?

I wonder if it wasn't done on purpose.

Mark


Nathan House wrote:
>> First, the article I read said that all the insurgents had done was
>> access the broadcast video, which is a pretty long way from "hacking"
>> in my dictionary.
>>    
>
> I read an article on this a few days ago, and that's exactly what I was
> thinking.. I wonder why the video link wasn't encrypted, though?
>  

2009\12\18@143214 by Marcel Birthelmer

picon face
> Security through obscurity: the oldest joke in the security book.
>
> No surprise here that huge government organizations haven't got the joke
> yet.
>
> Very sad.

Well, you can see where they're coming from. If obscurity is just that
much cheaper, and the risk (in their opinion) is worth it, then it's
not necessarily a bad decision. Adding secure channels where none need
to be would be overengineering, and this being the military, any
engineering effort is expensive.
So the point isn't that they were trying to be secure by being
obscure... the problem is that they didn't think they needed to be
secure at all.

2009\12\18@145052 by Eric Wolf

picon face
I guess the real question is, How many more taxpayer dollars will be
spent in a new R&D project to fix, reactively, what they could have
easily fixed for a small sum, proactively?  Innovation has never been
the problem.  The lack of foresight in predicting the innovation of
others, however, has been a major handicap.  I'm sure we all can agree
that intelligence really has no bearing on geographical location.

On Fri, Dec 18, 2009 at 1:31 PM, Marcel Birthelmer
<.....marcelb.listsKILLspamspam@spam@gmail.com> wrote:
{Quote hidden}

> -

2009\12\18@145406 by John Ferrell

face
flavicon
face
It would make a nice mis-information delivery tool.

John Ferrell  W8CCW

"Extremism in defense of liberty is no vice, and moderation in pursuit of
justice is no virtue."
-Barry Goldwater
"You don't get harmony when everybody sings the same note."
-Doug Floyd

{Original Message removed}

2009\12\18@150435 by Herbert Graf

picon face
On Fri, 2009-12-18 at 20:31 +0100, Marcel Birthelmer wrote:
> > Security through obscurity: the oldest joke in the security book.
> >
> > No surprise here that huge government organizations haven't got the joke
> > yet.
> >
> > Very sad.
>
> Well, you can see where they're coming from. If obscurity is just that
> much cheaper, and the risk (in their opinion) is worth it, then it's
> not necessarily a bad decision.

True.

> Adding secure channels where none need
> to be would be overengineering, and this being the military, any
> engineering effort is expensive.

But it's done ALL the time.

> So the point isn't that they were trying to be secure by being
> obscure... the problem is that they didn't think they needed to be
> secure at all.

No. The response from the military was they assumed people living in
those regions wouldn't have the knowledge to view the feeds. This is a
form of security through obscurity (the feed was secure because the
enemy didn't know how to view it).

Anybody with ANY security background knows how ridiculous this approach
is, and this is ignoring the fact that the internet has become such a
vast resource for figuring out things like this.

What it demonstrates is the mindset of those in charge, which is much
scarier then the fact that the feeds are wide open for all to see.

TTYL

2009\12\18@172809 by William \Chops\ Westfield

face picon face

On Dec 18, 2009, at 10:39 AM, Mark E. Skeels wrote:

>> I wonder why the video link wasn't encrypted, though?

From the article: "The vulnerability could date back to the 1990s,  
said Peter Singer, a military technology analyst for the Brookings  
Institution."

Some of you might recall the 1990s; CPUs back then didn't have as many  
GIPS as they do now, and real-time encrypt/decrypt of video-rate data  
might not have been such a no-brainer (assume that a "vulnerability"  
dating back to 90s means a design dating back to early 90s.  Pre-
pentium!)

The article goes on to imply that encryption was intentionally turned  
off to improve real-time multiple-viewer access to the video.

Mountain out of molehill if you ask me...

BillW

2009\12\18@173548 by Herbert Graf

picon face
On Fri, 2009-12-18 at 14:27 -0800, William "Chops" Westfield wrote:
> On Dec 18, 2009, at 10:39 AM, Mark E. Skeels wrote:
>
> >> I wonder why the video link wasn't encrypted, though?
>
>  From the article: "The vulnerability could date back to the 1990s,  
> said Peter Singer, a military technology analyst for the Brookings  
> Institution."
>
> Some of you might recall the 1990s; CPUs back then didn't have as many  
> GIPS as they do now, and real-time encrypt/decrypt of video-rate data  
> might not have been such a no-brainer (assume that a "vulnerability"  
> dating back to 90s means a design dating back to early 90s.  Pre-
> pentium!)

Sorry, I don't agree. Cable companies were "encrypting" their pay
channel video signals to customers in those days, even that minimal
amount of "encryption" (trivial to break today, a little harder in those
days) would have been better then the nothing they were relying on.

TTYL




2009\12\18@185125 by William \Chops\ Westfield

face picon face

On Dec 18, 2009, at 2:35 PM, Herbert Graf wrote:

> Cable companies were "encrypting" their pay channel video signals to  
> customers in those days, even that minimal amount of  
> "encryption" (trivial to break today, a little harder in those days)

I dunno.  "Cable decryptors" were OTS technology back then too.

BillW

2009\12\18@193325 by Sean Breheny

face picon face
Perhaps, but I think Herbert's point was mainly that live video
encryption was also OTS then, and was certainly within the military's
capability.

On Fri, Dec 18, 2009 at 6:51 PM, William "Chops" Westfield
<westfwspamKILLspammac.com> wrote:
{Quote hidden}

>

2009\12\19@064139 by Apptech

face picon face
> The article goes on to imply that encryption was intentionally turned
> off to improve real-time multiple-viewer access to the video.
>
> Mountain out of molehill if you ask me...

That fact that various 'customers' were found to have hours of video on
their laptops suggests otherwise.

Knowing what a drone can see from how high, what sort of resolution of
detail is available, viewing angle, zoom range optical/digital, loss of
definition with zoom, how fast does it zoom, does it pan, how fast it can
respond to a signal, how it responds to environmental conditions, whether
rain affects it, or snow or ..., what its dawn/dusk sensitivity is or
whether it loses colour definition in low light, whether it loses video lock
or brain lock under various conditions, whether any video alterations or
commends have discernible signatures in the command string, what sort of
thing is of interest, what sort of standard patrol patterns it flies, what
it takes to distract it from station keeping or patrolling, what you can see
and is lands or takes off - or after and before these events,  does it flare
whn the camera is pointed sunwards and if so how much and how long, do they
tak care not to point the camera sunwards?,... and much more, would be of
immense value to some. Arranging for various dummy setups to be visible in
the field of view wold allow testing on what works and what doesn't. Setting
a trap to lure a drone within striking distance would be easier when you can
see what it can see.

For extra points you MAY just be able to make an optical seeker that uses
the drones own video signal to direct a seeker to its target. Sure beats
having to design, build and fly your own.


  R

<http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hpp_MIDDLETopStories>





2009\12\19@105100 by sergio masci

flavicon
face


On Sun, 20 Dec 2009, Apptech wrote:

{Quote hidden}

Dosen't it also open up another can or worms, that of jamming and
manipulating the image? I know it might sound absurd if you've only got a
few low tech shepherds in your sights but what about the rest of the
world. Are they going to let an opertunity like that go by. Unfriendly
countries could be developing tech behind the scenes in case the US ever
decides to use these drones against them or the use sells their drones to
an enemy of said country.

Regards
Sergio Masci


2009\12\19@164541 by Vitaliy

face
flavicon
face
Gerhard Fiedler wrote:
> I can't speak for Vitaliy, but what I find unbelievable is
> that the Pentagon assumed that "local adversaries" (i.e. people outside
> the USA) are generally to dumb to do this, and that they were surprised
> to find that they weren't.

Exactly. "The Arabs are too stupid to figure it out."

Also agree 100% with Russell's comments, and don't understand how BillW et
al can think that it's not a big deal.

A similar scandal happened a couple of years ago with voting machines (saw
the story on PBS). The spokesman for the company that made them, claimed (on
record) they were unhackable. An engineer brought in from Finland easily
bypassed the security and was able not only to view the votes, but to change
the counts.

Having recently been a part of the government procurement process, I was
able to see firsthand how inefficient and corrupt it is. And the more rules
and laws the government puts in place, the worse it becomes. We don't need
more regulation, we need *less* regulation, more transparency, and an
emphasis on personal responsibility.

For more examples of government stupidity, see "The Death of Common Sense:
How Law is Suffocating America."

Vitaliy

2009\12\19@190803 by Bob Blick

face
flavicon
face
Vitaliy wrote:

> Having recently been a part of the government procurement process, I was
> able to see firsthand how inefficient and corrupt it is. And the more rules
> and laws the government puts in place, the worse it becomes. We don't need
> more regulation, we need *less* regulation, more transparency, and an
> emphasis on personal responsibility.
>
> For more examples of government stupidity, see "The Death of Common Sense:
> How Law is Suffocating America."

Although you are pressing the political button a little harder than I
approve of, if you don't press it any further I won't take any action
other than to forward this to the other admins.

Thanks,

Bob

2009\12\19@222223 by Apptech

face picon face
> Although you are pressing the political button a little harder than I
> approve of ...

As that appears to be an admin comment on-list I'll comment on it on list.

I agree with Bob that critical allusion to US government action (or to many
but not all other government's actions :-) ) on-list is something the
PICList rules say should not be done - and that the rules should be
followed, as long experience shows that failure to do so often rapidly leads
to undesirable reuslts. It's only a very very short hop (possibly next-reply
close) to political partisan comment and a firestorm. So, it seems
inadvisable for Vitaly to have made a comment of that sort and it would be
useful if others don't do so so that we can continue to investigate an
interesting technical subject, while being aware that there are political
aspects that we have all agreed not to discuss.

However, I do feel that Vitaliy may have felt that the way that that request
was put,  as more of a rebuff than may have been meant and/or than was
deserved. It would arguably have been useful in the spirit of the season
(whatever that may be :-) ) to be really laid back with such advice. Most of
us manage to read between the lines on such occasions :-).

eg only

"It would be appreciated if people don't mention politics specifically, as
laid down in the list rules. If any critical comment directly relate to the
action of a party or government then it is very likely that someone else
will express an opposite point of view and in no time at all the discussion
is liable to turn into a political bunfight and an interesting thread will
need to be shut down" or something like that.



    Russell

2009\12\21@142145 by Martin McCormick

flavicon
face
Someone else mentioned that this could be a good opportunity for
misinformation. That is a great idea while we search for a
long-term solution. We could put up a small plane full of
transmitters fed by computers with each transmitter sending what
might look to the enemy like a drone feed. Real feeds might be
on some channels but garbage feeds would be everywhere which
would waste the enemy's time and resources trying to sort out
the junk feeds from real ones.

       A secure channel would be used to tell authorized
persons where the real feeds were. The challenge would be to
make the fake feeds have the same electronic characteristics as
well as the same appearance as genuine feeds.

Martin McCormick WB5AGZ  Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group

2009\12\22@095333 by Artem Zezyulinskiy

flavicon
face
The part cracked down is the link from the satellite to the control post.
This way you will have much problem to occupy the satellite bandwidth.

Artem

Martin McCormick a écrit :
{Quote hidden}

>

2009\12\22@163813 by Debbie

flavicon
face
I noticed there's a "How To" guide just appeared on Wikileaks -->
Debbie

"Reading mission control data from Predator Drone video feeds, 20 Dec 2009
www.wikileaks.org/wiki/Reading_mission_control_data_from_Predator_Drone_video_feeds%2C_20_Dec_2009
Released December 21, 2009
Summary
The following PDF appeared on the "full disclosure" mailinglist on Dec 20, 2009. It contains detail and a demonstration of how to read out video and mission control data from US Predator drones, which are in operation around the world, especially in Afghanistan and Pakistan."





--- On Wed, 23/12/09, Artem Zezyulinskiy <.....artemzezKILLspamspam.....sedatelec.com> wrote:

{Quote hidden}

     __________________________________________________________________________________
See what's on at the movies in your area. Find out now: http://au.movies.yahoo.com/session-times/

More... (looser matching)
- Last day of these posts
- In 2009 , 2010 only
- Today
- New search...