yon Leveron blog

John's musings on the Interknot cowpath

Insurgents Hack U.S. Drones

Posted by John on 17th December 2009

Sad, really.


Insurgents Hack U.S. Drones

$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected

DECEMBER 17, 2009

By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE

WASHINGTON — Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington’s growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.

The Obama administration has come to rely heavily on the unmanned drones because they allow the U.S. to safely monitor and stalk insurgent targets in areas where sending American troops would be either politically untenable or too risky.

The stolen video feeds also indicate that U.S. adversaries continue to find simple ways of counteracting sophisticated American military technologies.

U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.

In the summer 2009 incident, the military found “days and days and hours and hours of proof” that the feeds were being intercepted and shared with multiple extremist groups, the person said. “It is part of their kit now.”

A senior defense official said that James Clapper, the Pentagon’s intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network.

“There did appear to be a vulnerability,” the defense official said. “There’s been no harm done to troops or missions compromised as a result of it, but there’s an issue that we can take care of and we’re doing so.”

Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn’t yet clear if the problem had been completely resolved.

U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to intercept video feeds from Predator unmanned aircraft.

U.S. Air Force U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to intercept video feeds from Predator unmanned aircraft.

Some of the most detailed evidence of intercepted feeds has been discovered in Iraq, but adversaries have also intercepted drone video feeds in Afghanistan, according to people briefed on the matter. These intercept techniques could be employed in other locations where the U.S. is using pilotless planes, such as Pakistan, Yemen and Somalia, they said.

The Pentagon is deploying record numbers of drones to Afghanistan as part of the Obama administration’s troop surge there. Lt. Gen. David Deptula, who oversees the Air Force’s unmanned aviation program, said some of the drones would employ a sophisticated new camera system called “Gorgon Stare,” which allows a single aerial vehicle to transmit back at least 10 separate video feeds simultaneously.

Gen. Deptula, speaking to reporters Wednesday, said there were inherent risks to using drones since they are remotely controlled and need to send and receive video and other data over great distances. “Those kinds of things are subject to listening and exploitation,” he said, adding the military was trying to solve the problems by better encrypting the drones’ feeds.

The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.

Last December, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. “There was evidence this was not a one-time deal,” this person said. The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.

The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software’s developers, said he was unaware that his software could be used to intercept drone feeds. “It was developed to intercept music, photos, video, programs and other content that other users download from the Internet — no military data or other commercial data, only free legal content,” he said by email from Russia.

Officials stepped up efforts to prevent insurgents from intercepting video feeds after the July incident. The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes. Additional concerns remain about the vulnerability of the communications signals to electronic jamming, though there’s no evidence that has occurred, said people familiar with reports on the matter.

Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren’t readily compatible, said people familiar with the matter.

In an email, a spokeswoman said that for security reasons, the company couldn’t comment on “specific data link capabilities and limitations.”

Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator’s price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies.

“There’s a balance between pragmatics and sophistication,” said Mike Wynne, Air Force Secretary from 2005 to 2008.

The Air Force has staked its future on unmanned aerial vehicles. Drones account for 36% of the planes in the service’s proposed 2010 budget.

Today, the Air Force is buying hundreds of Reaper drones, a newer model, whose video feeds could be intercepted in much the same way as with the Predators, according to people familiar with the matter. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator. General Atomics expects the Air Force to buy as many as 375 Reapers.

(via http://online.wsj.com/article/SB126102247889095011.html )


Yes, security lapses like this are unfortunately all too common. It is easy to see why there’s a need for hardware based encryption here. How much would it really cost to add an ASIC with something at least of the level of 256 bit Twofish, or AES, etc. While the tactical value of the drone video may decay pretty quickly, perhaps we don’t want any random folks reviewing an entire day’s video feed in, say, 10 years.

It’s high time that folks consider any public venue to be “compromisable”, whether wireless, or wired (copper, fiber, etc.)  If many business require the use of strong crypto (often via VPN) from your laptop back to the company office before you can even browse to an intranet https-secured site, perhaps this should be a clue for standards in other places, too.

—————-
Now playing: Rob Zombie – Foxy, Foxy
via FoxyTunes

Technorati FavoritesShare

Tags: , , , , ,
Posted in Security - Crypto | 3 Comments »

Twitter-Microsoft Bing Deal Confirmed, but so Is Facebook-Bing

Posted by John on 22nd October 2009

Twitter-Microsoft Bing Deal Confirmed, but so Is Facebook-Bing (Guess Who Else Is Coming to Dinner?)

(via http://kara.allthingsd.com/20091021/exclusive-guess-who-else-is-coming-to-dinner-twitter-microsoft-bing-deal-confirmed-but-so-is-facebook-bing/ )

by Kara Swisher – Posted on October 21, 2009 at 8:41 AM PT


In a stunning one-two punch, Microsoft will announce separate nonexclusive deals today with both Facebook and Twitter to integrate their real-time feeds of status updates into the Bing search service.

According to sources, Microsoft (MSFT) digital head Qi Lu will announce the deal onstage in a few hours at the Web 2.0 Summit.

bing-logo-white

BoomTown reported earlier today that the Microsoft data-mining deal with Twitter was poised to be announced.

But the addition of Facebook raises the stakes considerably because it has the largest pool of status updates, despite all the hype around Twitter. Facebook has previously stated that it has 40 million updates a day, on average, from its 300 million-plus audience.

Twitter has been talking to Google (GOOG) about a similar arrangement, and, according to sources, so has Facebook.

twitter-logo

But the deal is a definite blow to the dominant search engine, since–for the first time–data will be available on Bing that are not available on Google.

Neither of the services is expected to be up and running for weeks, if not months. But there is the possibility of a demo today by Qi Lu of what it will look like.

What’s interesting about the deals, which have been in the works for several weeks, is that they will be very different.

Much of what is posted on Twitter is public by design, while Facebook users prefer the closed nature of the service to disperse a wide variety of personal information only to their friends, and they want to control it.

Thus, sources said, not all Facebook updates will be included in the real-time feed to be searched by Bing, but only those its users choose to make available to the wider public. Facebook will apparently provide users with a number of new tools to do so.

facebook

BoomTown first reported several weeks ago that Twitter was in advanced talks with both the search rivals about such a real-time search arrangement.

When asked about the talks onstage at Web 2.0 yesterday, Twitter CEO Evan Williams turned coy, according to numerous reports, joking “Whose deals?”



(for the rest of the article, head to http://kara.allthingsd.com/20091021/exclusive-guess-who-else-is-coming-to-dinner-twitter-microsoft-bing-deal-confirmed-but-so-is-facebook-bing/ )

Technorati FavoritesShare

Tags: , ,
Posted in General | No Comments »

Miro, a free HD video player for almost any video file. Offers over 6,000 free internet TV shows and video podcasts

Posted by John on 20th October 2009

Besides working with PHP_FCGI_MAX_REQUESTS today, there was something else fun – free HD :)

Despite the installer requesting for the popular Ask.Com toolbar (which I never install; BHO’s slow down my daily work, etc.) it is a great program; the toolbar from their sponsor is completely optional.


Miro is a free HD video player. It can play almost any video file and offers over 6,000 free internet TV shows and video podcasts. Miro has a simple, gorgeous interface designed for fullscreen HD video.

Since Miro downloads most videos, you can take your shows with you, even on an airplane (Ed: also good to preserve items that may be removed by others . . .) Quite simply, Miro is a better way to watch all the video you care about.

Best of all, Miro is 100% free and open source, developed by a non-profit organization and volunteers around the world.

Unlike your browser, Miro’s built for HD. The built-in Miro Guide connects you to thousands of free High Definition video shows. Miro downloads video fast and stores it on your local computer for a level of quality that is often impossible on streaming video websites (even the ones that call themselves ‘HD’).

Fullscreen, HD video on Miro is like nothing you’ve ever seen online. Can’t open a video? Now you can, with Miro. Miro can play virtually any type of video file – Quicktime, WMV, MPEG, AVI, XVID, and more. (Ed: Yes! No more installing crap-tastic programs for some specific video codec . . .)

When it comes to video podcasts, Miro goes far beyond iTunes by letting you subscribe to BitTorrent RSS feeds, with one of the fastest torrent downloaders in the world (it’s called ‘libtorrent’).

Search, download, and save videos… from YouTube, Google Video, Blip, and more. You can even save a search term and automatically get new videos as they are posted. With YouTube’s new HD support, the video quality can be incredible; Miro will save the highest quality YouTube version automatically, when you choose save.

Don’t miss Miro’s unique blog, as well, which like their Publisher section has some great bits for modern movie creators (hint, Joel!)

You can learn more about Miro, and download it from their site. Happy video-ing!

Technorati FavoritesShare

Tags: , , ,
Posted in Tech | No Comments »

good social technology

Posted by John on 18th September 2009

http://jleveron.mp/ powered by http://chi.mp/ – free domain name for social networking; nifty idea to aggregate.

http://www.gravatar.com/avatar/01b7c8dbb4dbb60a05b31d74c4cea9e6?s=200 Gravatars, or globally recognized avatars. Change the number on the end, and it will resize my Gravatar to that “size”, in a square form.

http://blog.guykawasaki.com/2006/02/how_to_be_a_men.html How to be a Mensch – good general read, not just for IT folks – which dovetails nicely with Desiderata

http://www.daveramsey.com/ Financial advice from Dave Ramsey can assist any IT entrepreneur.

Technorati FavoritesShare

Tags: , , , ,
Posted in General, PhilosophyAttempt, Tech | No Comments »

RSS Feeds of quality

Posted by John on 17th August 2009

Expect a good bit more here.

OpenDNS system status

Technorati FavoritesShare

Tags: ,
Posted in Tech | No Comments »

feed mania

Posted by John on 15th August 2009

Various bits related to the growing understanding of rss feeds :

http://www.brainyquote.com/link/quotefu.rss pretty cool idea, linked in from gmail, labs feature for “append random email signature from . . .”

http://feedvalidator.org/ test to see if your feed is working; you can always give it either http://leveron.com/blarg/feed/ or http://leveron.com/blarg/comments/feed/ to validate / test; you’ll also see that those actually redirect to feedburner, to let more people actually connect in various formats.

http://feeds.dreamhoststatus.com/?q=rothstein+fromordinary+hanjin+lessfilling+barbaro+homie This one is from my web host, to check the status of various machines that make up the back ends for different parts of this site.

Quote de jure : too many, separate post coming up.

Technorati FavoritesShare

Tags: ,
Posted in Tech, things WordPress | No Comments »