You can hack Predator Drones with cheap software? What?

Hello,

I stumbled across this article on Gizmodo.
Iraqi Militants Hack Predator Drones

This is quite startling to learn that American UAVs streaming video and data can be intercepted and recorded by anyone with the right equipment and a cheap program.

If twelve-year-olds can encrypt their torrent downloads, I think it's a reasonably fair expectation for the US military to be able to encrypt mission-critical data transmissions, the insecurity of which could kill people. (Or, alternatively, the security of which ensures that that we can kill people. Someone's got to die, right? Right? Right.)

I thought that the armed forces would think ahead for stuff like this. This could really present a problem for operations where UAVs are used for logistical purposes like relaying positions to headquarters. Oh the scary stuff that can be done with $26 of software.

Main Source Article - Wall Street Journal

i just saw this onn cnn as well.

i wonder what the program is called?

Well, our military couldn't keep the planes from going into the towers. If they can't properly defend our borders, there must be some level of incompetency at work. Criminals are always on the cutting edge. It's in their nature. This doesn't surprise me one bit. Thats why "military intelligence" is considered an oxymoron.

they told the names of the software on the early show this morning, it was called Skygrabber. And cost $26 bucks, It is used to catch the feed from the satelite and not to hack into the drone itself.

I have been trying to download a copy of Skygrabber from Skygrabber.com and the page keeps displaying a 404. Can someone verify that the website is still publicly accessible?

EDIT: Although the website looks all screwed up, I was able to download Skygrabber by putting the main link into the address bar EXE File. I had to refresh the download several times within my Download window on Firefox before it downloaded.

EDIT2: The damn EXE file corrupts at 1.6MB

There was another thread regarding this, posted at the same time. I posted information there that is missing from here. Here is the info I posted:

You will notice you will have a lot of trouble trying to download a copy of Skygrabber.

The website seems to be under some kind of Denial of Service attack (by looking at dropped packets while trying to download).

I have found the parent directory holding a list of all the software this company has to offer. Here is the Index of this directory

I advise anyone who wishes to download this program, or the other programs on this website, that you use a download manager such as "DownloadThemAll" for Firefox. Reason is, I am finding it impossible to download any files without them being corrupted. Hope this helps.

[edit on 17/12/2009 by the_denv]

I would imagine downloading 'skygrabber' from hereon in is a bit of a 'nono' Props to the Iraqi ingenuity, however I suspect someone let them know of this fatal flaw, you know what I mean?

reply to post by the_denv


I think their site is being slammed from all the publicity.

Originally posted by purplemonkeydishwasher
I would imagine downloading 'skygrabber' from hereon in is a bit of a 'nono' Props to the Iraqi ingenuity, however I suspect someone let them know of this fatal flaw, you know what I mean?

Yeah, I guess someone could pipe the info or even log IPs connected to that server located in Ukraine, Kiev (WhoIS Database displayed this info). I could not care less because I have my own tricks But yeh I know what you mean

Lemon.Fresh: Yeah your probably right, we will hear of a building being burned down in Kiev on tonight's news and a permanent 404 on that website lol. I heard their electrical wiring is old fashioned in Ukraine That program must be getting downloaded hundreds of thousands of times today. To use the program costs money but there are ways round that on certain Russian forums, translate them from Google.

I successfully downloaded it, on the Trial version of it. Obviously I can not use it due to lack of hardware but the program itself looks fantastic. It makes me want to buy the hardware

I can see it now. "Achmed! I have hacked into the Great Satan's drone. Now we will know where they are watching. Wait a minute! That hovel looks familiar! I know where that is! Oh Sh*t!...................................."

Thnk about this for a moment. It is possible to determine your general location by your IP address. It is also possible to detect wireless network signals and localize their position.

I'd say there is a pretty good chance that this is a setup. Not only would it nail some insurgants, it would be a way to nail the smart insurgants.

reply to post by JIMC5499


You got a point there. Leave it vulnerable for a reason.

2nd line...

Well... it's not just drones they can hack into... Here's an update to the story!
Source:

Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought.

“This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).”

[edit on 12/18/2009 by x2Strongx]

reply to post by JIMC5499


Exactly! A transmission honey-pot so to speak.
At least I hope that is the case.

Looks like they forgot to download Microsoft's late Security update...

Shouldn't be a hard fix though... But, how long have these guys been vulnerable?

Originally posted by x2Strongx
Shouldn't be a hard fix though... But, how long have these guys been vulnerable?

The vulnerability has always been there from the beginning. As it stands, from the UAV -> Satellite -> Ground Satellite -> UAV Pilot communication transmissions have a 2 second delay, like lag on a high performance multiplayer online game.

A 2 second delay is the best they can get, the best they have always had to deal with. If they ever applied encryption into the SatCom transmitter and UAV receiver that would change the binary commands and make them longer. So instead of the usual 64 one's and zero's being send as one command, the encryption would lengthen the binary command to, say, 768 one's and zero's (x12). That would increase the delay from 2 seconds to 24 seconds.

Having a 24 second delay on a UAV is not good, especially when it costs millions and would be of no use targeting tanks or target painting them with the laser.

Here is an intro to the UAV (below) that can be intercepted (not hacked). Its just like tuning into a Satellite TV channel, just get the co-ordinates correct and you can capture the raw video and audio. You can do this with anything that uses RF. I remember someone telling me that once (back in the early 90s) they were tuning in their satellite dish and (unknown to them) a CCTV video feed appeared and it was from inside their local police station.

Triangulation of WiFi (2.4Ghz) is not that easy, although not impossible. The near and far field obstructs the triangulation and you could get an incorrect location. For Wifi, GPS, Kismet, NetStumbler and Google Maps can be used. All RF is the same, apart from the secure lines which can also be intercepted.

EDIT: Taking control of the UAV is impossible for the insurgents, all they can do is capture the audio and video. That is it.





[edit on 18/12/2009 by the_denv]

The threat from an insurgent is spoofing the video. I forget the buzzword, but it is something like "information assurance".

Man, what doesn't have a wiki these days:
Information Assurance

John Locker's intercept

The satellite where this video was transmitted

Sometimes the video is not from a predator but rather a survey plane such as Air Scan.
Air Scan
It's a cool looking push-pull plane (prop in front and back).