31 dicembre 2009

Velivoli spia americane: la gaffe delle immagini "rubate"


[Aggiornamento] Ennesimo passo falso dei militari americani in materia di sorveglianza e protezione delle radiocomunicazioni, o brillante operazione di depistaggio, come sembrano lasciar intendere certi commenti su Internet? Come che sia, il "caso" delle immagini che secondo il Wall Street Journal sarebbero state rubate ai velivoli senza pilota che le forze americane utilizzano in diversi teatri per catturare immagini delle postazioni nemiche e intervenire in vere e proprie azioni di guerra grazie agli armamenti di bordo, ha già fatto il giro del mondo, arrivando anche alle nostre agenzie di stampa. Secondo l'importante quotidiano, su un computer sequestrato a un componente della guerriglia che agisce in Iraq contro le forze alleate di occupazione, sarebbero state trovate immagini riprese da un "drone", un velivolo robotizzato. Le riprese sarebbero state intercettate con l'aiuto di un software russo scaricabile da Internet per pochi dollari, SkyGrabber, intercettando i flussi di comunicazione che consentono ai militari di controllare i drones a distanza.
Il giornale fornisce molti dettagli dell'operazione e dà voce a una certa indignazione, ma di fatto non si riesce a capire bene la meccanica di questo "hack". I ribelli irakeni (coadiuvati dagli iraniani, afferma il WSJ) hanno intercettato che cosa, esattamente? Il software SkyGrabber viene utilizzato per sintonizzarsi con la propria parabola satellitare sulle trasmissioni dei servizi di navigazione Internet via satellite e salvare sul proprio disco i contenuti rivolti ad altri abbonati. Una intercettazione in piena regola, che combacia con l'incerto dominio dell'illegalità. Le immagini sono state catturate sui link radio diretti tra i drones e le stazioni di controllo a terra? Possibile, ma non si capisce bene perché questi flussi non siano dovutamente criptati. L'ipotesi più ragionevole è che l'azione sia stata diretta proprio a link satellitari perché, come è facile apprendere da fonti segretissime come Wikipedia, i velivoli automatizzati americani vengono gestiti centralmente dalla base di Creech in Nevada, necessariamente attraverso link satellitari verso le località da cui decollano questi particolari aerei, costruiti dalla General Atomics. E' proprio sul sito della base aerea che ho trovato questo interessante articolo sui sistemi di armamento "unmanned", senza equipaggio. Con l'aiuto di uno strumento a disposizione di pochissime centrali di intelligence, un software di intercettazione dal nome in codice "Google", sono riuscito a individuare un documento riservatissimo sui velivoli senza pilota preparato per un organismo altrettanto riservato: il Parlamento USA. Il documento è liberamente scaricabile dal benemerito sito di Fas.org ed è ricco di dettagli tecnici su questi dispostivi. [Un altro documento interessante riguarda il sistema di comunicazione, lo trovate qui insiema alla seguente illustrazione]:


La violazione appare talmente macroscopica da far pensare a una manovra di controinformazione. Un drone modello Predator o il più recente Reaper costa dai 10 ai 12 milioni di dollari e se non è in grado di assicurare flussi di comunicazione sicuri sarebbe davvero il colmo. Passi per le immagini di sorverglianza anti-guerriglia (e già è difficile da mandar giù un servizio di intelligence che si premura di far sapere al nemico "sei su candid camera"), ma che cosa accadrebbe se lo stesso nemico riuscisse ad assumere il controllo radio di un aereo robotizzato armato di missili?

DECEMBER 17, 2009
Insurgents Hack U.S. Drones
$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected

By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas. They also point to a potentially serious vulnerability in Washington's growing network of unmanned drones, which have become the American weapon of choice in both Afghanistan and Pakistan.
The Obama administration has come to rely heavily on the unmanned drones because they allow the U.S. to safely monitor and stalk insurgent targets in areas where sending American troops would be either politically untenable or too risky.
The stolen video feeds also indicate that U.S. adversaries continue to find simple ways of counteracting sophisticated American military technologies.
U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.
In the summer 2009 incident, the military found "days and days and hours and hours of proof" that the feeds were being intercepted and shared with multiple extremist groups, the person said. "It is part of their kit now."
A senior defense official said that James Clapper, the Pentagon's intelligence chief, assessed the Iraq intercepts at the direction of Defense Secretary Robert Gates and concluded they represented a shortcoming to the security of the drone network.
"There did appear to be a vulnerability," the defense official said. "There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so."
Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.
Some of the most detailed evidence of intercepted feeds has been discovered in Iraq, but adversaries have also intercepted drone video feeds in Afghanistan, according to people briefed on the matter. These intercept techniques could be employed in other locations where the U.S. is using pilotless planes, such as Pakistan, Yemen and Somalia, they said.
The Pentagon is deploying record numbers of drones to Afghanistan as part of the Obama administration's troop surge there. Lt. Gen. David Deptula, who oversees the Air Force's unmanned aviation program, said some of the drones would employ a sophisticated new camera system called "Gorgon Stare," which allows a single aerial vehicle to transmit back at least 10 separate video feeds simultaneously.
Gen. Deptula, speaking to reporters Wednesday, said there were inherent risks to using drones since they are remotely controlled and need to send and receive video and other data over great distances. "Those kinds of things are subject to listening and exploitation," he said, adding the military was trying to solve the problems by better encrypting the drones' feeds.
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.
Last December, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. "There was evidence this was not a one-time deal," this person said. The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.
The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software's developers, said he was unaware that his software could be used to intercept drone feeds. "It was developed to intercept music, photos, video, programs and other content that other users download from the Internet -- no military data or other commercial data, only free legal content," he said by email from Russia.
Officials stepped up efforts to prevent insurgents from intercepting video feeds after the July incident. The difficulty, officials said, is that adding encryption to a network that is more than a decade old involves more than placing a new piece of equipment on individual drones. Instead, many components of the network linking the drones to their operators in the U.S., Afghanistan or Pakistan have to be upgraded to handle the changes. Additional concerns remain about the vulnerability of the communications signals to electronic jamming, though there's no evidence that has occurred, said people familiar with reports on the matter.
Predator drones are built by General Atomics Aeronautical Systems Inc. of San Diego. Some of its communications technology is proprietary, so widely used encryption systems aren't readily compatible, said people familiar with the matter.
In an email, a spokeswoman said that for security reasons, the company couldn't comment on "specific data link capabilities and limitations."
Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator's price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies.
"There's a balance between pragmatics and sophistication," said Mike Wynne, Air Force Secretary from 2005 to 2008.
The Air Force has staked its future on unmanned aerial vehicles. Drones account for 36% of the planes in the service's proposed 2010 budget.
Today, the Air Force is buying hundreds of Reaper drones, a newer model, whose video feeds could be intercepted in much the same way as with the Predators, according to people familiar with the matter. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator. General Atomics expects the Air Force to buy as many as 375 Reapers.


Questo invece è uno dei tanti commenti che ho trovato, con un approfondimento su SkyGrabber:

The internet is abuzz with news of U.S drones being hacked with a Russian software program. Clearly, US always enjoys a technological edge over its adversaries in wars. However, in a recent development as reported in WSJ, US feeds from US Predatordrones were compromised. According to reports, feeds from US Predator drones were intercepted and recorded by insurgents in Iraq and Afghanistan, using the $25 piece of software called SkyGrabber. Insurgents in Iraq took control of the pointless drones using the SkyGrabber. They downloaded video feed with the software, which is essentially a satellite network snooper. Precisely, this is a sort of packet or token sniffing that is popular with teens.

SkyGrabber

Now what is SkyGrabber? Essentially, SkyGrabber is an offline satellite internet downloader. That implies the software can intercept satellite data such as movie, music, pictures that are being downloaded by other users. It saves the information in the hard disk.
The software doesn't require an online internet connection. The user just needs to customize the satellite dish for selected satellite provider and start grabbing the data packets.
SkyGrabber works on Satellite internet, which is mainly used in remote areas or in areas where Internet access is not smooth due to slow speed and high cost of local Internet connections. In such a set up responses to the requests come from the satellite. The data is accepted by all who are in the satellite coverage area. The SkyGrabber intercepts data of other users, assorts them into files and saves the files in hard drive.

Key Features of SkyGrabber
• Filtering information by the types of files ( mp3, avi, mpg )
• Filtering information by IP, MAC addresses
• Simultaneous work on the Internet and grabbing
• The monitoring system resources
• Showing progress downloads
• Handling TCP, GPE, IP, MPE package
• Handling HTTP responses (200, 206)
• Support Kazza, Gnutella
• Support dreamboxes

To have a first hand experience free download SkyGrabber.

Implications

The Iraqui insurgents pointing the satellite dishes into air and watching the downloads. The Iranian-backed insurgents intercepted the video feed from an unprotected communications link in some of the remotely flown planes' systems. According to the sources, they regularly captured the drone video feeds. It is used to intercept and record television feeds.
The incident warns military against the apprehensive shadow cyber war. It is sheer lack of intellect on the part of US military and intelligent use of satellite-intercepting software on the part of insurgents. This becomes clearer with in a few lines from WSJ that reads
U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.
In the summer 2009 incident, the military found "days and days and hours and hours of proof" that the feeds were being intercepted and shared with multiple extremist groups. This would mean a blotch on US military that boasts with a superior digital-age technology.
The cause of security breach was explained by Declan McCullagh in a note.
This apparent security breach, which had been known in military and intelligence circles to be possible, arose because the Predator unmanned aerial vehicles do not use encryption in the final link to their operators on the ground. (By contrast, every time you log on to a bank or credit card Web site, or make a phone call on most modern cellular networks, your communications are protected by encryption technology.)
It could be interpreted that the final link between the drone and the operator is between a satellite flying around in space. That final link remains unencrypted for unexplained reasons which makes it vulnerable to anyone with a even cursory knowledge of network communications. To be more clear with the reason, we need to learn that it's not critical communications data that will put our troops at risk, so the extra $50 on encryption is unjustified. So money matters for U.S military.


Nessun commento: