Hi All,
>
> This Christmas, I offer to the US Defense Advanced Research Projects
> Agency a reflection of truth about the Predator program:
>
>
formatting link
>
> As some of you have undoubtedly already seen, the live video feed was
> allegedly hacked using OTS*
*off the shellf software
formatting link
Futhermore, these drones seem to crash a lot:
formatting link
Earlier this year, when I spoke to DARPA program managers and prime contractors about secure, mobile, wirless links, it seemed that that "their bread was not fully baked" in this area. I asked a technical director of a $11US+ billion program if this was the case, and he was reluctant to admit that, after $5US billion already spent, they still had not figured out how to do secure mobile links in a way that actually made sense. His response was something like,
"Yes, before, we had some issues around 2000-2001, but recently we have provided demonstrations that show that we have control of the situation."
DARPA, please, you are impressing us toooo much!!!!
-- Randy Yates % "Bird, on the wing, Digital Signal Labs % goes floating by mailto:// snipped-for-privacy@ieee.org % but there's a teardrop in his eye..."
"Iraq insurgents hack into video feeds from US drones "Insurgents in Iraq have hacked into live video feeds from unmanned American drone aircraft, US media reports say."
See
formatting link
among many others.
Apparently, the insurgents have been using off-the-shelf software called SkyGrabber to view the live video feeds from the drones. So the word "hacked" in the article is not entirely accurate, since it implies that effort was involved, whereas in actuality the SkyGrabber software made it almost effortless.
Well, if you give me $100US million dollars, I will open a (non-Swiss) bank account, deposit $99.5US million into the account, and use the remaining $500,000US to hire two cryptographers for six months to get the encryption right.
The Predator was not exactly a high-school science project.
Surely we can all agree that there is something ironic about a top- secrete weapon lacking security that a 20-year-old computer science student at a top engineering school could probably get right (almost) on the first run.
What they did (not do), given rancid amounts of money given to them by the general public, is inexcusable.
Which makes one wonder what real crytographers in other countries are thinking right now. I doubt if any of them are impressed.
Imagine:
The most powerful country in the world, your adversary, spending enough money on their military technology annually to overwhelm your entire GDP, only to have one of their more advanced systems "hacked" by what are probably kids, since many older people in Afghanistan/etc. have never used the Internet. In retrospect, the word "hacked" allows DARPA & Company to save face, since the word "hacked", as you stated, implies some effort by the adversary, whereas "listened in" would be more indicative of the stupidity at play. Perhaps they should have used "breached" instead of "hacked". The average person can appreciate breaches.
This is not just embarrassing. It makes us look vulnerable, both in the eyes of our adversaries, as well as our friends.
If it were not for the greediness/cockiness of DARPA and these prime contractors who make this stuff...well, it would still be intolerable.... but the greediness/cockiness added to it makes me want to puke. I spent months listening to these military guys talk about their "capability", a flowing stream of unending bombastic babble, wasting millions (sometimes billions) of dollars.
I searched Google for "DARPA Wireless Security" and found one of the first links that came up:
formatting link
This solicitation talks about "breakthrough", "paradigm shift", "revolutionary", "robust", and in the end, they give us Linksys.
All that money they spent to make a wireless link that my 14-year-old niece could have set up!
Passing encrypted video over a satellite network built for unencrypted analog video is not a trivial challenge. As far as I know, there exists no scheme to do this that has not been broken already. The problem is that encryption works partly by diffusing information so that no part of the output looks like any part of the input. The satellite link is filled with errors and distortion that have to be contained to retain adequate video quality.
I just assumed that, since it is the US military, employing a drone to do semi-stealth reconnaisance, that a basic requirement would be that young kids who probably earn < $100/month should not be able to intercept the stealth video. My bad.
Maybe they should leave it as it is. That way, the terrorists could put it up on YouTube. Maybe there is a Hollywood show in it...
"So You Think You Can Out-Run A Hell-Fire Missile."
Hmmm...that's a bit like a surgeon leaving a person's gut open after an appendectomy and saying,
"Well, technically, you never explicitly said to stitch him up, geez."
Is it "known" that the GI stuff (irony :) isn't cracked?
rick jones
--
No need to believe in either side, or any side. There is no cause.
There's only yourself. The belief is in your own precision. - Joubert
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
It isn't as if the presumed young kids who earn < $100/month came-up with the way to grab the feeds - they are simply using something that someone else produced. Not too unlike say the potentially young kids in the U.S. military who might be receiving the drone feeds "in the field."
rick jones
--
oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...
Data encryption of the kind that they need for someone who is experienced in cryptography is near-trivial. The biggest problem, which is not a problem in this particular case, is key distribution.
Maybe I misunderstand, but the system, based on this link:
formatting link
...looks like it is entirely in the digital domain.
If that is true, encryption, under the scenarios required by US DoD, would take maybe 3 weeks using Rijndael or other symmetric cipher for a rough run, and maybe a month more by a crypto expert to remove the fatal flaws.
The more I think about this, the more I find it hard to believe that the people who designed the communications of the Predator could be so...ahem....
A more plausible, conspiracy-theorist, explanation might be this:
The US Military realizes that al-Quaeda/Taliban are becoming more and more sophisticated in their employment of technology such as laptop computers, desktoop computers, networks, smartphones with Internet connections, etc. Ideally, one could inject a nerd-mole into these groups to infiltrate their computer systems, but that would be expensive, hit-or-miss, and if he is caught, he would be surely executed.
A much easier alternative would be to fake a breach of your own security system, then publicize widely exactly how it was breached: via software that is readily avaialble on Internet. Make the software ridiculously cheap, since most terrorists do not have Bin Laden's billions. Then wait for the fish.
Every terrorist and wannabe-terrorist who wants to be able to break into US military satellite com's will visit the web site, whereupon IP addresses and times of visit will be collected into a database, creating a nice map (using Google Earth of course) of distribution of terrorists. Furthermore, by clandestine agrement with author of software, a root-kit will be built into the software. When terrorists' computers become infected by the download, the military will be able to receive highly valuable information from infected computers. If military is fortunate, these computers will occasionally become networked, in which case, the virus could propagate.
Yes, it's a long shot, but give me a break...a $10 million drone, under a multi-billion-dollar program, designed by Ph.D's in electrical engineering, computer science, and aero/astro, and they forget something as simple as a little symmetric crypto? NSA, which has last say in all crypto/data security matters, would have/should have never allowed this.
They're grabbing it later in the system, but if you want it encrypted later in the system, you have to encrypt it earlier in the system.
There is no place in the system to put such a cipher. The only practical way to do is to encrypt the analog uplink. The satellite- based system from the uplink from the Predator to the downlink to the operator is simply not encryption-capable. Essentially, the problem is basically that they chose a completely unsuitable system to handle the image downlink to the operator.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.