Play with fire and your going to get burned.

I know a bit about the types of systems these things use...

The ground flight station, infected or otherwise, could not compromise the encryption key. Those systems wouldn't have the key. The easiest way to get it is to bribe the guys who load it. Though I agree that it was monumentally stupid to use known infected machines to run missions.

A mid-flight takeover of the flight system would be a logistical nightmare and would be very difficult assuming you had the key. If you are capable of that, you'd already have enough hardware and knowledge that it begs the question - why do you even need the plane? You would be better off not tipping your hand of your prowess until a real blow could be made.

Given the current political scenario over there, this is an intentional move for propaganda value. The administration needs to ratchet up tensions with Iran to justify the eventual war. Given the President's reaction to this, I would say this is a highly likely proposition. It could also be a tech transfer to China (there's been a few of those over the years), or both.

Or, much less likely, a stupid bug on a system failure that somehow managed to park a plane intact. Yeah... right.

Another possibility...

The malware is intentionally targeted at this specific flight software, and has some intimate knowledge of the software. When flying in certain parts of the world it will insert commands through the existing comm path to the plane's flight computer to go land at a malware friendly base and then shut off external data links.

Karl, the dirty secret about the encryption keys for the drones and such is worse than you might think. The guys in the field have those handheld devices that they can send/receive text, voice and video. However, it is reasonable to suspect that all of them have the proper keys burned into the FPGAs and the keys ARE NOT unique to the device. Further, it would seem that login isn't required, otherwise a lance corporal picking up the device after the sergeant, lieutenant, or whoever held it to call in support wouldn't be able to do so in an emergency ie. under fire.

We had the story about the drone footage in Iraq being found on captured hard-drives there. Further, in the Wikileaks dumps on Afghanistan there are at least two incidences of multiple seal teams / special forces being sent to re-capture handhelds lost during other actions. There are other instances of downed drones - but the other ones are quite different.

The US military has learned nothing from Vietnam. There is a PDF of scanned documents from investigations of NVA and VC capture and usage of captured equipment in Vietnam - I can't find the link at the moment - and it was quite a report. In one instance and perfect english speaker vectored a B-52 strike squadron out of Guam to a "target" several miles away. They called in an air cavalry landing into the wrong grid surrounded by a few NVA regiments that cost over 600 US deaths over two days of heavy fighting.

One of the lessons that was supposed to be learned out of those fiascos was that even on the encrypted communications code should be used and those codes should be changed often - especially grid codes and yet they found (by listening in) that most traffic was in the open and the grid codes were never being changed.

The danger with the newer devices is that as passive listeners the only thing that monitors can determine is how many devices are connected and where they are located. However, if they are unsure of how many devices are in the field at or near a specific op location they have no way of knowing whether one of the devices is in enemy hands.

Yeah well if their key management sucks then nothing else matters.

This is the first rule of encrypted communications -- once the key is compromised you're ****ed and dead, period.

Quote:

This is what you get when you try to use commodity off-the-shelf software and hardware to run your sensitive equipment.

Why the hell are they running any type of OS that can get any sort of common virus. These things should be on an entirely custom built software stack that has been independently and extensively analyzed for vulnerabilities.

Custom is not synonymous with secure. Regardless of the money you spend on security, it's unlikely to be as nice as many of the commodity options out there (Net/Open BSD come to mind) locked down by a competent sysadmin. The grass is not greener....

Quote:

Why the hell is Windows even allowed on ANY secure military network??

An unfortunate necessity of meeting schedule and budget at times. Those requirements are often more heavily weighted than some of the technical requirements.

Quote:

Lazy greedy contractors.

I'm sure if it was specified in the requirements we'd be glad to higher the hundreds of software developers to make our own OSes. Greedy? Yes! Lazy? No.

I can't wait until an armed drone is commandeered, and set against our own troops. The incompetence is as staggering as it is unsurprising.

Anyone running Windows in a mission-critical application deserves what they get. FreeBSD or similar, yes. Windows? No ****ing way.

One of these days our .MIL guys are going to have one of their windows-powered thingies shoved up their ass, and it will be "hot" rather than something with a camera in it.

I say we nuke it from Orbit, its the only way to be sure.

I literally told a person who works on UAVs about 18 months ago that "we'd better not get used to relying on UAVs on unsophisticated enemies and then think they will work just as well against a real enemy like China." Obviously, the person could not say anything (work is classified) so they just changed the subject. I had expected any real enemy to jam the comm link--which would render the drones useless. But, these Iranian/Chinese appear to have done way better than that!

can someone (ya hijackers, I'm looking at YOU) please target these drones at Wall St? let's get some practical use from them before they're scrapped

Wasn't there a story recently where you could buy off the shelf hardware and watch the video feed coming from the drones?

Quote:

can someone (ya hijackers, I'm looking at YOU) please target these drones at Wall St?

harrison, go check out who was in the twin towers on 9/11... it reads like a who's who of wall street. goldman, aig, jp morgan, irs, sec, hundreds of hedge funds... Someone picked that specific target for a reason... and that's probably the most convincing reason why I do not believe it was US government contrived.

asimov, its allegedly $26 dollar software.

Forget about encryption key and such.

The drone was landed there by US operators deliberately to provoke conflict so weapon merchants have a new war and new conduit for more profit. It was all by design.

Billions of dollars of research just to wind up in the hands of the Communist Chinese. If you can compromise the security with enough time you can surely send it to another target location including its point of origin! You've just bombed yourself!

Anyone know if these drones have any type of EMP protection?

If I had a captured and functioning drone, I'd keep the fact quiet just to give myself and RE team more time to further hack the systems and learn more details.
Seems like a poor military strategy to me to broadcast such knowledge for shear propaganda and intimidation until I had learned everything I could.

Wonder how many combatant foreign engineers were educated in the USA.

Quote:

Wasn't there a story recently where you could buy off the shelf hardware and watch the video feed coming from the drones?

from "the bar"

Quote:

http://online.wsj.com/article/SB12610224....
DECEMBER 17, 2009

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter....

From what i can determine the build date is about 2009 or a little earlier

Wikipedia
RQ-170 Sentinel
http://en.wikipedia.org/wiki/Lockheed_Ma....

Asimov, there was. It was a bull**** story though. Video and such is encrypted. They are covering up the fact that having possession of any device that connect up via GlobalHawk and such compromises the whole damn system.

Check out the chip sets available from Xlinx, for example, in this area with real-time encrypted streaming. If anyone believes you can buy something off-the-shelf that would be able to decrypt the traffic I have an equity tranch of a CMBS backing the Brooklyn Bridge to sell you at par.

-----------------------------------------

I am out of posts for the day. Hope you see this Asimov.
-----------------------------------------

I know what the story said. But you have to look at the things that are made for those communications devices. The chipsets encrypt in real-time, it isn't store and forward, so there is no unencrypted stream. The stream never exists unencrypted in off-chip memory - you would have to physically touch the device to obtain the input ahead of the chipset. And since they were capturing in-flight drone footage that wouldn't be possible.

Unless that off-the-shelf stuff can crack AES-256 on the fly it never happened the way the reported stories said it did.

Mind: I think the point was that it wasn't encrypted, it just frequency hopped using off the shelf hardware.

Quote:

I can't wait until an armed drone is commandeered, and set against our own troops.

And I am sure it will be front page news on MSM. (/sarc)

It's still in very good shape given the drone pilots that took it over probably busted the landing gear when they were landing it. As much as we have Chinese/Taiwanese working at the major US contractors it's probably the work of the Chinese.

Remember the threat the Chinese made about attacking Iran?

Given a direct capture of a drone by the Chinese would be considered a hostile act. Capture by the Chinese and then handed over to Iran would embarrass the US publicly and prove to the US their drone technology can be stopped. It would also give the Chinese an intact drone.

It could be the Russians as well. They also have many Russians working at US defense contractors.

I smell Russia, Iran does not have the technology to bring in a drone like this.

Russia is not our friend.

As with any software, it is only a matter of time before it is reverse engineered.

As with any encryption, it is only a matter of time before it is cracked.

It won't be long before you can download warez that will enable a user with a satellite uplink and a joystick to commandeer any remote device.

Here is the point that really needs some deep thought: U.S. institutions of higher learning have been training foreign engineers, architects, doctors, scientists and military for decades. We have been exporting our technology in exchange for out of state tuition. Chances are middle eastern grad students were on the development teams for various aspects of the military's drone program.

So does this captured drone signal the end of the drone era now that it has been compromised?

"Yeah well if their key management sucks then nothing else matters."

I can attest to the fact that eleven years ago, high level key management most definitely did not suck because even minor violations would cause major disciplinary action. Nothing was more carefully controlled than crypto key tapes, at least in the USAF. However, that was with physical key tapes which would be destroyed after expiration/supercession. By now, they must have transitioned to the electronic key distribution system they were beginning to implement back then and that always had me wondering about key accountability.

However, the keys will do you absolutely no good whatsoever without the very sophisticated cryptographic hardware associated with them. That, BTW, was the reason behind the attack on the US Navy spy ship USS Pueblo by the North Koreans. Thanks to scumbag Navy spy John Walker and later his son, the Russians had the keys. They just needed the hardware and the N. Koreans provided that. Thus, many of our classified comms were compromised during the Vietnam war. Even expired keys were valuable to them because they could record encrypted classified comms and decrypt them later after the keys were obtained.

From what I've read in the public domain, this type of drone can follow a pre-programmed path without control input or can be flown via secure satcom link. I'm sure the satcom link would have anti-jam characteristics and the satcom antenna(s) are apparently under the bulges on the top of the wing making the satellite downlink to the drone even less likely to be jammed except perhaps via antenna side lobes when the drone is in a banking maneuver. I've also read that if something malfunctions that is not serious enough to cause uncontrolled flight or if comm is lost with the ground control station during controlled flight, the drone will fly back to a predesignated point such as the launch site.

The Russians delivered a sophisticated electronics warfare van to the Iranians just six weeks ago:

http://www.flightglobal.com/blogs/the-de....

However, as I said, even if the control comm link was somehow jammed, the drone would fly home on its own. Looking at the Iranian videos, the positive dihedral of the wing is now zero or negative, the tape apparently used at the wing attachment joints is a mess, and they've gone to great lengths to hide the underside of the drone. The underside of the nose also looks pushed in from its normal curvature. When you combine that with what appears to be an unpainted airframe covered with what resembles the yellow zinc chromate primer used on aluminum airframes, I suspect this may have been a prototype, modified RQ-170 being flown operationally which had a fatal malfunction and went into a flat spin, landing upright, damaging the underside with the G forces causing the wing dihedral change and joint tape disruption. The Iranians hide the underside to perpetuate their claim that they took control of the drone.

And from Aviation Week, some interesting speculation about the lower level stealth technology of this particular drone type:

http://www.aviationweek.com/aw/generic/s....

A number of features suggest that the RQ-170 is a moderately stealthy design, without the DarkStar’s or Northrop Grumman X-47B’s extreme emphasis on low radar cross section (RCS). The leading edges do not appear to be sharp—normally considered essential for avoiding strong RCS glints—and it appears that the main landing gear door’s front and rear edges are squared off rather than being notched or aligned with the wing edges.

In addition, the exhaust is not shielded by the wing, and the wing is curved rather than angular. That suggests the Sentinel has been designed to avoid the use of highly sensitive technologies. As a single-engine UAV, vehicle losses are a statistical certainty. Ultra-stealthy UAVs—such as the never-completed Lockheed-Boeing Quartz for which DarkStar was originally a demonstrator—were criticized on the grounds they were “pearls too precious to wear”—because their use would be too restricted by the risk of compromising technology in the event of a loss.

The medium-gray color, similar to the Reaper’s, is a clue to performance. At extreme altitudes (above 60,000 ft.), very dark tones provide the best concealment even in daylight because there is little lighting behind the vehicle while it is illuminated by light scattered from moisture and particles in the air below it. The RQ-170 is therefore a mid-altitude platform, unlikely to operate much above 50,000 ft. This altitude also would have simplified the use of an off-the-shelf engine. General Electric has been working on a classified variant of its TF34 engine that appears to fit the thrust range of the RQ-170.

This is so frustrating.