Insurgents Hack U.S. Drones

[Eugen Leitl]

http://online.wsj.com/article/SB126102247889095011.html

DECEMBER 17, 2009

Insurgents Hack U.S. Drones

$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected

By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to
intercept live video feeds from U.S. Predator drones, potentially providing
them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents
intercepted the video feeds by taking advantage of an unprotected
communications link in some of the remotely flown planes' systems. Shiite
fighters in Iraq used software programs such as SkyGrabber -- available for
as little as $25.95 on the Internet -- to regularly capture drone video
feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take
control of the drones or otherwise interfere with their flights. Still, the
intercepts could give America's enemies battlefield advantages by removing
the element of surprise from certain missions and making it easier for
insurgents to determine which roads and buildings are under U.S.
surveillance.

View Full Image

U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to
intercept video feeds from Predator unmanned aircraft.  U.S. Air Force

The drone intercepts mark the emergence of a shadow cyber war within the
U.S.-led conflicts overseas. They also point to a potentially serious
vulnerability in Washington's growing network of unmanned drones, which have
become the American weapon of choice in both Afghanistan and Pakistan.

The Obama administration has come to rely heavily on the unmanned drones
because they allow the U.S. to safely monitor and stalk insurgent targets in
areas where sending American troops would be either politically untenable or
too risky.

The stolen video feeds also indicate that U.S. adversaries continue to find
simple ways of counteracting sophisticated American military technologies.

U.S. military personnel in Iraq discovered the problem late last year when
they apprehended a Shiite militant whose laptop contained files of
intercepted drone video feeds. In July, the U.S. military found pirated drone
video feeds on other militant laptops, leading some officials to conclude
that militant groups trained and funded by Iran were regularly intercepting
feeds.

In the summer 2009 incident, the military found "days and days and hours and
hours of proof" that the feeds were being intercepted and shared with
multiple extremist groups, the person said. "It is part of their kit now."

A senior defense official said that James Clapper, the Pentagon's
intelligence chief, assessed the Iraq intercepts at the direction of Defense
Secretary Robert Gates and concluded they represented a shortcoming to the
security of the drone network.

"There did appear to be a vulnerability," the defense official said. "There's
been no harm done to troops or missions compromised as a result of it, but
there's an issue that we can take care of and we're doing so."

Senior military and intelligence officials said the U.S. was working to
encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but
said it wasn't yet clear if the problem had been completely resolved.

Some of the most detailed evidence of intercepted feeds has been discovered
in Iraq, but adversaries have also intercepted drone video feeds in
Afghanistan, according to people briefed on the matter. These intercept
techniques could be employed in other locations where the U.S. is using
pilotless planes, such as Pakistan, Yemen and Somalia, they said.

The Pentagon is deploying record numbers of drones to Afghanistan as part of
the Obama administration's troop surge there. Lt. Gen. David Deptula, who
oversees the Air Force's unmanned aviation program, said some of the drones
would employ a sophisticated new camera system called "Gorgon Stare," which
allows a single aerial vehicle to transmit back at least 10 separate video
feeds simultaneously.

Gen. Deptula, speaking to reporters Wednesday, said there were inherent risks
to using drones since they are remotely controlled and need to send and
receive video and other data over great distances. "Those kinds of things are
subject to listening and exploitation," he said, adding the military was
trying to solve the problems by better encrypting the drones' feeds.

The potential drone vulnerability lies in an unencrypted downlink between the
unmanned craft and ground control. The U.S. government has known about the
flaw since the U.S. campaign in Bosnia in the 1990s, current and former
officials said. But the Pentagon assumed local adversaries wouldn't know how
to exploit it, the officials said.

Last December, U.S. military personnel in Iraq discovered copies of Predator
drone feeds on a laptop belonging to a Shiite militant, according to a person
familiar with reports on the matter. "There was evidence this was not a
one-time deal," this person said. The U.S. accuses Iran of providing weapons,
money and training to Shiite fighters in Iraq, a charge that Tehran has long
denied.

The militants use programs such as SkyGrabber, from Russian company
SkySoftware. Andrew Solonikov, one of the software's developers, said he was
unaware that his software could be used to intercept drone feeds. "It was
developed to intercept music, photos, video, programs and other content that
other users download from the Internet -- no military data or other
commercial data, only free legal content," he said by email from Russia.

Officials stepped up efforts to prevent insurgents from intercepting video
feeds after the July incident. The difficulty, officials said, is that adding
encryption to a network that is more than a decade old involves more than
placing a new piece of equipment on individual drones. Instead, many
components of the network linking the drones to their operators in the U.S.,
Afghanistan or Pakistan have to be upgraded to handle the changes. Additional
concerns remain about the vulnerability of the communications signals to
electronic jamming, though there's no evidence that has occurred, said people
familiar with reports on the matter.

Predator drones are built by General Atomics Aeronautical Systems Inc. of San
Diego. Some of its communications technology is proprietary, so widely used
encryption systems aren't readily compatible, said people familiar with the
matter.

In an email, a spokeswoman said that for security reasons, the company
couldn't comment on "specific data link capabilities and limitations."

Fixing the security gap would have caused delays, according to current and
former military officials. It would have added to the Predator's price. Some
officials worried that adding encryption would make it harder to quickly
share time-sensitive data within the U.S. military, and with allies.

"There's a balance between pragmatics and sophistication," said Mike Wynne,
Air Force Secretary from 2005 to 2008.

The Air Force has staked its future on unmanned aerial vehicles. Drones
account for 36% of the planes in the service's proposed 2010 budget.

Today, the Air Force is buying hundreds of Reaper drones, a newer model,
whose video feeds could be intercepted in much the same way as with the
Predators, according to people familiar with the matter. A Reaper costs
between $10 million and $12 million each and is faster and better armed than
the Predator. General Atomics expects the Air Force to buy as many as 375
Reapers.

Write to Siobhan Gorman at siobhan.gorman at wsj.com, Yochi J. Dreazen at
yochi.dreazen at wsj.com and August Cole at august.cole at dowjones.com