Print 116 comment(s) - last by jimhsu.. on Dec 22 at 10:16 PM

Officials say there is no evidence that flight control systems were compromised

The U.S. military makes heavy use of UAVs in many areas of the world for reconnaissance duties. The UAV is widely used in Iraq and Afghanistan as well as in Somalia and other locations. The drones are used to track and sometimes attack targets when needed.

The Wall Street Journal reports that enemy insurgents have been able to use a commonly available piece of software to intercept the unencrypted feeds that the drone uses between the aircraft and ground control. The software used by the insurgents to capture the video feeds was a $26 app available online called Sky Grabber.

One of the developers of the Sky Grabber software told the WSJ in an email, "It [Sky Grabber] was developed to intercept music, photos, video, programs and other content that other users download from the internet -- no military data or other commercial data, only free legal content."

The military claims that there is no indication that he insurgents were able to take control of the drones or interfere with their flight in any way. However, some fear that the ability to capture the live video feeds will allow the insurgents to track the position of the drones to better avoid attack and surveillance. The big fear is that intercepted feeds could be used to discover allied troop surprise attacks and lead to the death of allied soldiers.

The interception of the video feeds from the aircraft was apparently not a onetime occurrence. In the summer of 2009, the WSJ reports that the military found "days and days and hours and hours of proof" that the video feeds were being intercepted on a laptop that was recovered from a Shiite militant.

A defense official James Clapper was asked to assess the interception of the feeds and concluded, "There did appear to be vulnerability. There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so."

The military is working on encrypting all feeds from its drone aircraft, but adding encryption to the feeds requires not only updates be added to the drones, but updates to the control systems on the ground as well. The U.S. first learned of the flaw in unencrypted drone feeds in Bosnia during the 1990s, but the Pentagon assumed that the insurgents wouldn't know how to exploit the vulnerability.

While the evidence of feeds found was most prolific in Iraq, there is evidence that the feeds have been intercepted in Afghanistan as well. "There was evidence this was not a one-time deal," said a person close to the matter.

Fixing the security gap in the drones during the program development would have added delays according to former security officials and would have added to the cost of the drones. Even the new generation of drones called Reaper have feeds that are unencrypted.

It's unclear whether the successor to the Reaper called the Avenger will suffer from the same issue with unencrypted security feeds.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

**Shakes head**
By Brandon Hill on 12/17/2009 9:41:38 AM , Rating: 4
The U.S. first learned of the flaw in the drones unencrypted feeds in Bosnia in the 1990s, but the Pentagon assumed that the insurgents wouldn't know how to exploit the vulnerability.

Palm --> Forehead

RE: **Shakes head**
By weskurtz0081 on 12/17/09, Rating: -1
RE: **Shakes head**
By dgingeri on 12/17/09, Rating: -1
RE: **Shakes head**
By gsellis on 12/17/09, Rating: 0
RE: **Shakes head**
By weskurtz0081 on 12/17/09, Rating: 0
RE: **Shakes head**
By fic2 on 12/17/09, Rating: 0
RE: **Shakes head**
By Iaiken on 12/17/09, Rating: 0
RE: **Shakes head**
By weskurtz0081 on 12/17/09, Rating: 0
RE: **Shakes head**
By Nubsicles on 12/17/2009 10:12:47 AM , Rating: 5
With this kind of careless mistake having already been made (and made again) - they should not only encrypt the feed, but broadcast a pseudo-feed in parallel.

I think rick-rolling the enemy would more than make up for this little snafu ;)

RE: **Shakes head**
By fic2 on 12/17/2009 12:35:28 PM , Rating: 1
Wouldn't call it a little snafu, but I like your idea - maybe just play a several hour delayed feed unencrypted.

RE: **Shakes head**
By kattanna on 12/17/2009 2:46:18 PM , Rating: 5
why not take it a step further and play something that will piss off the people the drone is after..

something like muhammad and osama having sex

or women walking openly about without being covered and possibly learning and thinking for themselves

RE: **Shakes head**
By Einy0 on 12/17/2009 6:56:13 PM , Rating: 2

RE: **Shakes head**
By sieistganzfett on 12/17/2009 8:54:57 PM , Rating: 2
Give a 6! :)

RE: **Shakes head**
By camylarde on 12/18/2009 4:24:18 AM , Rating: 2
;-) Yeah, broadcast them porn and all talibans will stop waging war, knowing what they are missing in their society ...

And one point, watch out for RIAA, this is public broadcast!

RE: **Shakes head**
By deltadeltadelta on 12/18/2009 5:38:58 PM , Rating: 2

RE: **Shakes head**
By Jeffk464 on 12/22/2009 1:16:48 PM , Rating: 2
Hey cool Idea, a parallel feed of their buddies getting blowed up on earlier missions. :)

RE: **Shakes head**
By Regs on 12/17/2009 10:25:15 AM , Rating: 2
It's the use it or lose it accounting policy. Instead of waiting for it to work, pay now and fix it later.

RE: **Shakes head**
By drycrust3 on 12/17/2009 10:50:55 AM , Rating: 3
Exactly right! The Germans didn't think Enigma was compromised until after the war as well. In addition, they didn't know their top level coding machine, which was better than Enigma, was compromised as well. When you have an exceptionally valuable source of intelligence it is common sense to not tell everyone that you have it.

As I see it, a picture doesn't just save a thousand words, it can also be interpreted 1000 ways as well. Yes, it tells Americans where the enemy is, but since the feed is continuous it will also tell the Enemy where the Americans are, and it will tell them what the Americans or their allies are interested in.

RE: **Shakes head**
By fic2 on 12/17/2009 12:37:53 PM , Rating: 5
At least the Germans and everyone else had the intelligence to actually encrypt their communications - that is basic common sense and has been for 1000+ years. What brain dead dumb*ass spec'd this system?

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 1:21:54 PM , Rating: 2
Do you think it's possible that there might have been some limitations back in the 90's that made it difficult to encrypt? Maybe bandwidth problems?

RE: **Shakes head**
By Smilin on 12/17/2009 1:37:48 PM , Rating: 5

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 2:07:39 PM , Rating: 2
How about limitations to the mission. Outside of cost, do you think there could have been a reason they chose NOT to encrypt the feed?

RE: **Shakes head**
By T2k on 12/17/09, Rating: -1
RE: **Shakes head**
By weskurtz0081 on 12/17/2009 3:00:30 PM , Rating: 4
Well, clearly you don't understand what I am asking.

Are you fully aware of the limitations that were faced back in the early 90's when these things were being designed.

Are you fully aware of the reasoning that was involved when the final decision was made to not encrypt the feed?

Or, are you just going to act like some keyboard gangster, slinging curse words around and making everything bold for some reason.

How many years did you spend in the military, how familiar with the limitations and decision making process that were involved when the Predator was designed?

RE: **Shakes head**
By Smilin on 12/18/2009 12:39:51 PM , Rating: 4
So I'll answer on his behalf (to spare us both the rant).

I am sure there were a great deal of limitations and challenges when this project was underway. However all of these variables that are unknown to you and I are irrelevant.

The need to encrypt realtime intelligence data trumps all other reasoning.

And to answer your other questions:
1 tour in military - Naval aviation.
Not familiar at all with processes during predator design.

RE: **Shakes head**
By weskurtz0081 on 12/18/2009 5:46:36 PM , Rating: 2
So, your answer is, regardless of what was required, how feasible it was, if it was reasonably possible at that time, it should have been done.

I was also in the military, in aviation, specifically avionics, 1 tour.

RE: **Shakes head**
By JHBoricua on 12/17/2009 4:15:09 PM , Rating: 2
Outside of cost, do you think there could have been a reason they chose NOT to encrypt the feed?
Besides the decision maker being clueless there is absolutely no reason not to have this encrypted.

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 4:41:35 PM , Rating: 2
Roll the clock back 20 years, and tell me what you would say then.

RE: **Shakes head**
By JediJeb on 12/17/2009 5:35:04 PM , Rating: 2
Exactly, 20 years ago when the technology was in the 286 processor and slower range encryption would have been something to be carefully looked at to know if it would handle real time feeds with the amount of data needed to be transmitted. So many today just think that we have always been able to stream HDTV to our cellphones like it was nothing.

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 10:06:45 PM , Rating: 2
Exactly, thank you.

Also consider, the technology to hijack these unencrypted feeds might not have been as readily available either.

Much has changed since then, and the issues they were facing then were completely different than the issues they would be facing today if they were designing them today. Just like the technology will have advanced MUCH further in the next 20 years.

They had a plan to replace these drones with newer versions that would have fixed this problem, but the funding and the project was axed.

RE: **Shakes head**
By Smilin on 12/18/2009 12:56:28 PM , Rating: 4

The technology to encrypt the video stream WAS available. It was a decision not to use it.

Sure they were using a 286 or something in PCs back then but we're not talking about a PC are we? Specialized hardware has always been able to outperform general purpose CPUs. If they were stuck using 286s they wouldn't even have enough horsepower to process the video...encrypted or not.

RE: **Shakes head**
By Zoomer on 12/19/2009 8:44:46 PM , Rating: 2
And that would add design complexity, power requirements, etc. With the reliability reqs and redundancy required, it may have required even more ICs.

If they were stuck using 286s they wouldn't even have enough horsepower to process the video.

Exactly. Why spent the extra effort, delaying the project and adding costs to it, when even the most powerful computer that could even be conceived could not handle simple animated gifs, let alone intercepting and decoding video?

The plan seems sound to me; implement the base functionality and leave out the fluff for the first release, then improve it for the next revision.

We hear of military projects having ridiculous cost and deadline overruns. They can't be all incompetent. I'm sure part of the reason why is the revision of requirements AFTER they started. This is like software engineering 101.

RE: **Shakes head**
By micksh on 12/17/2009 2:35:24 PM , Rating: 1
Encryption hardware would add weight to drones thus reducing useful load they can carry. That's one of the reasons.

RE: **Shakes head**
By JHBoricua on 12/17/2009 4:16:48 PM , Rating: 5
Encryption hardware would add weight to drones thus reducing useful load they can carry. That's one of the reasons.
Yep, all those extra ounces of having an encryption chip was the dealbreaker.

RE: **Shakes head**
By blowfish on 12/17/2009 4:23:02 PM , Rating: 2
An encrypted feed should use no more bandwidth than an unencrypted one - it just takes mor processing power at the UAV and the ground station.

It's hardly as if these things are built down to a price anyway! You know for a fact that the manufacturers are making a bigger margin on any military equipment than they would in the real world.

This just seems on the face of it to be a monumentally arrogant f"!k-up.

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 4:40:42 PM , Rating: 2
Really, so you are saying encryption has NO over head? Even today encryption such as IPSEC has about an 8% overhead, and I would be willing to bet that overhead was higher 20 years ago.

Look man, clearly you are not capable of considering that things were a little different 20 years ago in the encryption and internet/satellite arena. I agree, they screwed up, but back in the early 90's, data encryption wasn't as big of a deal as it is today, it just wasn't. How many people were even able to afford a computer when these things were being designed? Just think about it, you don't know what was going on when General Atomics Aeronautical Systems were designing these drones.

RE: **Shakes head**
By GeorgeOu on 12/17/2009 9:33:05 PM , Rating: 2
That "8% overhead" comes from added size in the packet header, but that only applies when you're trying to encrypt at the IP layer. If you encrypted at the application layer, it does not add that kind of overhead.

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 10:12:28 PM , Rating: 2
And encrypting the entire video feed on late 80's early 90's technology wouldn't have posed any issues back then?

Not to mention, would the type of encryption they used back then even be worth a damn today? Similar to wireless encryption, it's EXTREMELY easy to crack older encryption standards, and much more difficult to crack newer ones.

Also, it would have created a tactical problem on the ground. The troops would then have to manage the security, contractors would have to be trusted, any of the hardware on the ground capable of handling the encryption would have to be destroyed if the user was captured.

There are SO many issues that would have been introduced if it was done back then. Should they have done it? I don't know. Maybe, I am not really sure what it would have taken to accomplish it when they were designing the drone. I am not sure what the limitations of the Satellite system was back then. There are a LARGE number of variables that you have to account for.

RE: **Shakes head**
By karielash on 12/17/2009 10:55:30 PM , Rating: 3
You can update encryption algorithms and redesign or implement new hardware. Simple fact is there was hardware encryption available at the time (no matter how limited that might have been after 20 years) but someone took a conscious decision not to implement even basic levels of protection. It need not have been complex, even a delay of a few minutes between a live and a hacked video stream could make the difference between success and failure. This was a poor decision no matter how you look at it. And not correcting that mistake once it was apparent was an exceptionally bad move.

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 11:51:03 PM , Rating: 2
The point is, there is probably more to it than you and I are aware of.

I agree that it was probably a mistake, but remember, hind sight is 20/20. It's easy to say they screwed up, but a little more difficult to understand what the entire scope of the decision required.

As far as redesigning hardware, often times it's not a simple task in aviation. Most of the computers on military air craft are running old hardware by consumer standards. Much of that stuff is VERY proprietary and might be rather expensive to fix/replace.

Also, remember, these drones were originally scheduled to be replaced earlier this decade, but the funding go cut.

Anyway, I don't disagree it was a mistake, and I have said as much multiple times, I just think the situation may have been a little more involved that just saying "they should have encrypted the video feed".

RE: **Shakes head**
By weskurtz0081 on 12/17/2009 11:59:56 PM , Rating: 2
One other thing to think about. Encryption still has CPU overhead, and who knows what type of encryption was available then, what kind of power it took, what type of hardware is on the drone....

Point is, there are MANY MANY different possibilities that should be considered, it was 20 years ago.

Sitting here today, I agree, it is clear it should have been encrypted, but if I were back in 1990 working for the contractor that designed it, I might not be saying the same thing.

RE: **Shakes head**
By SlyNine on 12/18/2009 3:26:34 AM , Rating: 3
They had DES in 1977, Otho it is insecure today any encryption is better then none. This combined with none standard container files and codecs could have made it very hard to intercept and make useful in a reasonable amount of time.

Remember it probably doesn't matter if they break it a month from now.

The biggest problem would be any false sense of security.

RE: **Shakes head**
By drycrust3 on 12/18/2009 1:29:27 AM , Rating: 3
If you think about it, just because there is no evidence that the enemy aren't actually intercepting the live broadcast feed doesn't mean they aren't, nor does it mean they aren't using the information. All it means is you haven't got any evidence to suggest a link.
If you look at what the British did in WW2, basically once you were "in" on the Ultra secret, you weren't allowed out. So, if the insurgents were using the information, and the believed it was very valuable, then it makes sense that no hint of it would reach the Americans because those in the know simply wouldn't be allowed to be involved in any activity that had the slightest chance of them ending up in an American jail.
In addition, one of the ways used to crack the Enigma code was to take a message that wasn't encrypted or used a low level encryption and to use that as a means to crack the code for that day.

RE: **Shakes head**
By GodisanAtheist on 12/17/2009 11:35:00 AM , Rating: 3
Yeah, when the people in charge of this country's cyber security skimp on the encryption it really makes you wonder...

RE: **Shakes head**
By SlyNine on 12/17/2009 1:22:51 PM , Rating: 2
I don't suppose this was some common container file and I certainly hope it wasn't a consumer codec like H.264 or VC1. The arrogance in thinking a none encrypted signal wouldn't be intercepted, yep you got it facepalm.

Otho I guess there is the possibility that this is actually a deception to get insurgents to rely on false information by sending a pseudo video. I donno. But it really sounds to me like they F'd up.

RE: **Shakes head**
By Hieyeck on 12/17/2009 1:58:58 PM , Rating: 1
Assuming makes ASSes of U and ME

RE: **Shakes head**
By CommodoreVic20 on 12/18/2009 9:25:42 AM , Rating: 2
I must say... It is pretty cool that the 'insurgents' were able to do this. We are talking about a guy with a crappy laptop in the desert that intercepts and rapes a multi-billion dollar military project. I mean its such a sci-fi movie scenario that is actually really happening. I can only assume this is the beginning of the whats to come. Reprogramming bots to do the hacker's dirty work ala terminator? Can wait to see the saga...

RE: **Shakes head**
By aqwan135 on 12/20/09, Rating: 0
RE: **Shakes head**
By Etern205 on 12/22/2009 9:58:12 AM , Rating: 2

RE: **Shakes head**
By jimhsu on 12/22/2009 10:16:29 PM , Rating: 2
I thought we all knew of "security through obscurity" ... apparently that failed thousands of years ago.

By Smilin on 12/17/2009 10:00:49 AM , Rating: 2
WTF do they mean "learned of the flaw"??

How does that flaw need to be learned? Thats like saying "Oh gee, I just learned that when I had my house built a decade ago with no front door that it's a security concern".

How could this thing have been engineered that way to begin with? Someone designed the video transmission system and made the deliberate choice of how it was going to be done. It is not hard in the *slightest* to encrypt video using geez...the list is so frickin long. SRTP for starters?

By AnotherGuy on 12/17/2009 11:33:43 AM , Rating: 3
im sure there were problems setting up the encryption at first... causing delays... thats why that might have skipped it at first... but thats not an excuse for them to not deploy it in the newer models

By fatedtodie on 12/17/09, Rating: 0
By Donovan on 12/17/2009 1:02:14 PM , Rating: 5
Encryption doesn't require any bandwidth overhead as long as you do any compression before you encrypt...the output is generally the exact same size as the input. It does require some processing overhead, but preventing monumentally stupid f-ups like this is well worth the extra cost. I'm astounded that there wasn't even some simple scrambling or obfuscation being done.

It's pretty sad when our state-of-the-art military weaponry has less security than a home gaming console. Those consoles may get hacked too, but I would like to see the enemy trying to perform the Twiizer attack on a UAV in flight.

By JediJeb on 12/17/2009 5:51:59 PM , Rating: 1
And how big would a computer that is comparable to an Xbox or PS3 have been in the early 90s when these were being developed? It's like comparing an Atari 2600 to a PS3 and saying they would have no trouble running the PS3 games on the Atari. Who know that headaches would have been involved with encryption back when these were being designed.

As someone else also posted, back when these were being designed noone would have thought that for $26 you could buy some software that would pick up the feed.

It was an oversite that they have not yet been retrofitted with something to encrypt the data, but I don't think you can put all the blame on the original designers.

By Smilin on 12/17/2009 1:36:22 PM , Rating: 2
Both the bandwidth and processing overhead of encryption are negligible (look at say IPSec or SRTP) and transmitting video across the globe has been commonplace since the days of black and white.

Video across wifi works just fine AND it's modestly encrypted already. A UAV is going to have far more bandwidth available and have less strenuous latency requirements. Running encryption will not make or break a video stream. If the network fails with encryption it was almost certainly going to fail without.

This has nothing to do with "real reasons" of why it was done this way. This is outright incompetence.

By fatedtodie on 12/17/09, Rating: -1
By blowfish on 12/17/2009 4:26:43 PM , Rating: 3
in English perhaps?

By Smilin on 12/17/2009 4:30:22 PM , Rating: 2
What you are calling "mom mentality" the rest of us call logic. Or here is another colorful phrase we could use for the USAF right now: "stupid is as stupid does". You asked for proof though. Here it is...

My proof that this is incompetence lies in the fact that:
1. It was a deliberate decision not to encrypt.
2. This was a stupid decision.

Now since you clearly disagree please tell me if it's #1 or #2 you disagree with.

Was it an accident rather than a deliberate decision? "oops I encrypted the control channel but just totally spaced the bad!!!" or... do you argue that it was a smart decision? (and please do enlighten us with your genius on this).

If you are really looking at all of this and saying "oh people just want to complain" rather than "this is fcuking stupid" then you sir are the fcuking stupid one.

By donxvi on 12/17/2009 10:59:26 PM , Rating: 2
Do you have a design tradeoff document that was used in making this decision ? Was it in error ? Think pros & cons.

Have you ever been involved in design of a complex system ? Heck, the ones I work on in my job aren't THAT amazing, but in the real world of engineering, it's rare that there's a RIGHT or WRONG big decision or else it wouldn't be an issue. It's a ROCK and a HARD PLACE decision. Engineering is all about tradeoffs and compromises. That's how products get turned from ideas into hardware.

You'll see examples of that when you get out into the real world.

By SlyNine on 12/18/2009 3:12:55 AM , Rating: 2
Encryption has been done since WW2 transmissions. There is no tradeoff. Its as simple as this. If it has to do with intelligence and protecting information that can be used to kill our troops, YOU ENCRYPT IT! Its not like they used an encryption that got broke, they simply did not use anything at all.

This is not a rock in a hard place or a trade off. This is broadcasting military intelligence for the world to intercept. It sounds ludicrous that it's that big of a fug up. But it is and there IS NO excuse.

By donxvi on 12/18/2009 6:08:55 AM , Rating: 2
I don't know much about signals broadcasting, much less encryption of such, how do you know so much ? I don't see many engineering decisions that don't involve a tradeoff out there in industry. You obviously feel this was a "must-have" but it appears that someone that spent more than 10 minutes thinking about it, and had some position of power in government or industry, didn't.

I've learned through my years that a failure to recongize that the things other people do probably include the same challenges and non-obvious details as the things I do is a sign of an inexperienced or closed mind.

By Smilin on 12/18/2009 11:55:52 AM , Rating: 1
You obviously feel this was a "must-have" but it appears that someone that spent more than 10 minutes thinking about it, and had some position of power in government or industry, didn't.

That is exactly my point. It *IS* a must-have and that person in power made the wrong decision. I do not have to be an expert in their field or do years long analysis to see this.

There is no way you can frame this as a good decision. When you start weighing pros and cons of cost, development time, technical limitations in the 90s etc you are just chipping dimes onto a scale. The need for intelligence data to be encrypted is a 50lb rock on the other side of the scale.

Put it this way: If it was a good decision would we be having this discussion?

I've learned through my years that a failure to recongize that the things other people do probably include the same challenges and non-obvious details as the things I do is a sign of an inexperienced or closed mind

Really? That's where you went with him?

We'll I've learned through my years that blubbidy bluuuuh and blibbudy-blib that you are an inferior bluh.

Let your argument speak for itself. Don't make (likely incorrect) assumptions about the person you are debating with or lend yourself some unverifiable credentials. Nobody here is so close minded that they don't recognize that UAV development is *hard*.

By SlyNine on 12/19/2009 4:01:49 PM , Rating: 2
You're using an appeal to authority fallacy in your argument. Your conclusion is, since supposed experts in x field didn't do something there must have been a "GOOD" reason. If you have an argument then use it. This is like when the moon hoax believers say Jan Lunberg couldn't explain a photo and that means the moon landing might be faked.

There is nothing wrong with asking what's the trade off and getting both sides. But don't just assume because an expert didn't do it wasn't some sorta blunder.

By Smilin on 12/18/2009 12:04:42 PM , Rating: 2
You'll see examples of that when you get out into the real world.

And I'm sure you'll have better success at whatever it is you do once you lose your condescending attitude and incorrect assumption that others lack your experience.

By donxvi on 12/17/2009 10:47:38 PM , Rating: 2
Great idea, "It is not hard in the slightest to encrypt video using SRTP" you say.
SRTP came out about a decade after the Predator, so unless some of these guys fired up the captured alien time machines at Area 51 (which the Predator probably didn't rate, it was being used for B2s or Aurora or something) they couldn't have done it. How would SRTP run on those hot 100MHz processors we were using in our PCs back then ?

By weskurtz0081 on 12/17/2009 11:55:02 PM , Rating: 2
Also, keep in mind, most of the computers used in military aviation are already old by consumer standards by the time they hit the street (I know first hand, I have experience in aviation/avionics).

So, depending on when it came out, the hardware might have been 5 years or more outdated. There are many good reasons for this, and some downsides as well, but fact remains that it's generally the way it is.

By SlyNine on 12/18/2009 3:14:37 AM , Rating: 2
Encryption has been around since WW2. It could have been encrypted.

By weskurtz0081 on 12/18/2009 5:50:10 PM , Rating: 2
Video encryption has been? Do you think any encryption that was around in the 80's would take more than a minute for a modern computer to break?

By SlyNine on 12/19/2009 4:07:19 PM , Rating: 2
It does not matter what the medium is, we are scrambling the transmission data ( the data packets them self) and it wont be known what kinda data it is until its decrypted on the other end. AES 128 and DES doesn't care WHAT the packets contain.

By weskurtz0081 on 12/20/2009 6:18:12 PM , Rating: 2
So, then, I ask the question, is ANY of the encryption that was available then secure today? Would the hardware that they were able to use on the drone able to handle such encryption?

By SlyNine on 12/21/2009 6:12:11 AM , Rating: 2
Encryption isn't particularly hard to do, if you add a specialized chip to do it.

The Encryption isn't persay secure today, however its certainly better then none, you do not have to broadcast what kind of encryption you are using during the transmission just as long as you know what it is.

The insurgents would have to have a ridiculous amount of money and resources to figure out what encryption it is. The only way that would be possible is if you broke the encryption either through brute force ( not happening) or other means. I am not a cipher cryptography expert so I couldn't tell you everything, anything was safer then broadcasting standard video container files and codecs with no encryption and any encryption would have been better then none.

Remember this is time sensitive data, if you don't decrypt it in a week, its useless to you. As it stands any nut with a laptop and this program can capture the feeds.

By SlyNine on 12/21/2009 6:17:46 AM , Rating: 2
But I will say this, The first part to breaking encryption is knowing what encryption is being employed. Otherwise you are using multiple methods to decrypt and probably avoiding the ones that are less likely to succeed. This adds a lot of time and complicates the process.

We have to remember that this is 2009 going on 2010. Even in 2000 if they didn't have encryption because of whatever reason, they should have added it before deploying it to Afgan and Iraq.

By weskurtz0081 on 12/21/2009 10:04:33 AM , Rating: 2
They were set to replace the original drone around the turn of the century, but the funding ended up getting cut. This would have fixed the encryption problem.

By Smilin on 12/18/2009 12:52:34 PM , Rating: 2
Most of the stuff I saw when working on military aircraft was 10-20 years outdated not just 5.

But..they have a lot of really specialized hardware. The general purpose CPUs of the day (386/486/Pentium) would not have handled such encryption but specialized chips would have no problem. Think IPSec module on a router.

Regardless the technology for encrypting a video stream was available to the USAF in the 90s. Somebody made a design decision not to use it.

By SlyNine on 12/19/2009 4:12:48 PM , Rating: 2
Just like a current CPU would struggle to produce graphics that a radeon 9700 could.

Our desktops would probably struggle doing things that specialized processors in the early 90s could do.

By Smilin on 12/18/2009 12:47:40 PM , Rating: 2
Easy there wise-ass. SRTP is the first thing that came to mind and I used it to make a point. I do not even know if it would be applicable for what they are doing.

The real point:
Encryption is not that hard and does not require much computing power.

Heck the computing power to actually process video in realtime is far worse. If they could send video in the 90s they could encrypt it...and if they don't encrypt it then at least send it using frequency hopping (70-80s technology).

*forehead palm*
By BarkyMcWoof on 12/17/2009 10:41:35 AM , Rating: 2
You want efficiency in running any system, turn it over to government. Health care, for instance.
How can it be that the drones' video broadcast can't be encrypted by flipping a switch? Shouldn't the contractor be responsible to retrofit?

RE: *forehead palm*
By kattanna on 12/17/2009 10:48:13 AM , Rating: 5
Shouldn't the contractor be responsible to retrofit?

why? im sure they built it according to the specs requested.

RE: *forehead palm*
By awaken688 on 12/17/2009 11:28:13 AM , Rating: 3
Exactly. The contractors get requirements and must build to match them. Simple as that. Someone probably said encryption would cost an additional $1 million in development or something and somebody in the govt said to scrap it.

RE: *forehead palm*
By aapocketz on 12/17/2009 2:19:00 PM , Rating: 2
Exactly. The contractors get requirements and must build to match them. Simple as that. Someone probably said encryption would cost an additional $1 million in development or something and somebody in the govt said to scrap it.

thats basically what I was trying to say in my other post, but you said it better. you are probably right.

RE: *forehead palm*
By Spookster on 12/17/2009 11:51:50 AM , Rating: 2
by BarkyMcWoof on December 17, 2009 at 10:41 AM

You want efficiency in running any system, turn it over to government. Health care, for instance.

The DOD would be the responsible party in allowing this design flaw to continue. The DOD would not be who would manage health care.

RE: *forehead palm*
By Nfarce on 12/17/2009 12:50:59 PM , Rating: 2
The DOD.

DOD, FDA, NASA, NSA, SSA, Medicare/Medicade, GSEs like Fannie Mae/Freddie Mac, and whatever government entity would run our health care. It doesn't matter - they're all government bureaucratic operations prone to multiple failures - all are examples of why we should not be turning our very livelihood over to yet another government bureaucratic operation.

RE: *forehead palm*
By Spookster on 12/17/09, Rating: 0
RE: *forehead palm*
By Nfarce on 12/17/2009 8:34:39 PM , Rating: 2
Who the F needs to wear a tin foil hat when we can all just simply see the efficient government success stories of Medicare, Medicaid, VA health care, Social Security, the IRS, the ..........

RE: *forehead palm*
By Spookster on 12/18/2009 12:16:07 AM , Rating: 2
Oh yeah maybe we should let the successful financials industries of wall street run them, ooh wait never mind they collapsed the economy again, ok maybe the auto industries, ohh wait they just keep running their businesses into the ground, ok well lets just keep the current insurance companies running things, oh wait they keep inflating costs beyond what anyone can afford.

RE: *forehead palm*
By weskurtz0081 on 12/18/2009 12:40:51 AM , Rating: 2
Yeah, because having roughly $10 Trillion dollars in debt=success!!!

Come on man, you think the government is good at running things? Seriously?

Plus, tell me exactly why medical costs are so high, and how changing how it is paid for will fix the REAL problems.

How about this. Let the businesses run themselves, but actually have some small BUT efficient regulations that prevent some of the things that have recently happened. You know, changes in government regulation assisted in the collapse of the financial industry....

RE: *forehead palm*
By Spookster on 12/18/2009 12:42:18 PM , Rating: 2
Well lets see the government has been running this country for over 230 years and not collapsed and failed yet. How many private companies can make that claim? Having debt does not mean failure. This country will always have debt no matter who is in office and no matter what anyone does short of wiping out every country we owe money to.

RE: *forehead palm*
By Nfarce on 12/18/2009 12:53:50 PM , Rating: 2
Well lets see the government has been running this country for over 230 years and not collapsed and failed yet. How many private companies can make that claim?

The government has NOT been running companies for 230 years. That's the point , ace. Private companies (or corporations) succeed and fail in a free market with competition. But people like you want the government to run everything and all aspects of our lives from cradle to grave, right?

And by the way, it seems to me the GOVERNMENT is doing a damn fine job of cooking the debt books (IE: raising the debt ceiling) every time they outspend themselves. You tell me what company can get away with THAT accounting practice these post-Enron days there, chief.

RE: *forehead palm*
By Spookster on 12/19/2009 3:48:26 AM , Rating: 2
People like me huh? Go drink some more kool aid and buy some more tin foil.

RE: *forehead palm*
By weskurtz0081 on 12/18/2009 5:52:23 PM , Rating: 2
So, considering everything that is going on, would you say things are getting better or worse?

Do you think running a perpetual deficit is a good thing?

RE: *forehead palm*
By SlyNine on 12/18/2009 3:20:20 AM , Rating: 1
So what's better, for you're insurance CO to go down because of bad choices, or your government?

I think there is a way health care could be done that would work out, I think it is really possible that the gov could do this.

But I'm afraid they will try and fail miserably and we will all suffer from it. Not to mention our kids.

We do need better health care. I'll admit that, but we need a solution that makes sense and doesn't get caught up in bureaucratic bullshit.

Why not encrypted in the first place?
By HighWing on 12/17/2009 9:54:51 AM , Rating: 5
To be honest I am more surprised that these drones were even sent out in the first place with unencrypted feeds. Seems to me that should have been a requirement before they were deployed. Obviously the control signals for the drones are sent via some secure way. Why skimp on the video feed? Heck after almost 2 decades I am even more surprised this was never fixed/upgraded in newer models.

By Spivonious on 12/17/2009 9:59:16 AM , Rating: 5
Yeah, if the signal is traveling through the air, then anyone with an antenna could pick it up. To assume that the insurgents wouldn't be smart enough to figure this wonder we're still fighting them.

RE: Why not encrypted in the first place?
By aapocketz on 12/17/2009 2:15:17 PM , Rating: 2
just a guess, but back in the 90s when the predator was designed, COTS military ruggedized digital video encryption hardware was difficult to find and it was probably deemed unnecessary at the time. Many UAVs even today use unscrambled analog feeds for comparison. Once you have manufactured a bunch of ground control stations and UAVs its hard to just change that. I am positive that new UAV systems designed today are all encrypted video.

Also its not like you install this program on a laptop and all of a sudden you can grab video from thin air. You have to hook it into an antenna front end of some sort that is able to grab and demodulate the feed at the proper frequencies. Even then you get the video, you got to know what it is of, does it have KLV data or an overlay? Where is the video of? A lot of the work in any surveillance system is not the raw info, but what it means and what to do with it.

By HighWing on 12/18/2009 1:44:09 PM , Rating: 2
I'm not an A/V expert but I do know enough to know that what your talking about doing is not all that hard to figure out, especially for someone who knows the stuff. Since we are working with unencrypted feeds, there are only so many standards to test against. Enough that I'm sure it wouldn't take months to figure out, probably only a few days at worst. My guess is the first thing they would do is record the raw data, then start throwing it against the different equipment/encoders till they got some sort of picture. Then you fine tune it from there. Once that's done you know exactly what you need to go watch the live feeds. Not like it's rocket science here.

wait what?
By MadMan007 on 12/17/2009 11:42:39 AM , Rating: 4
This is a funny quote:

was developed to intercept music, photos, video, programs and other content that other users download from the internet -- no military data or other commercial data, only free legal content

RE: wait what?
By Spookster on 12/17/2009 11:55:16 AM , Rating: 2
Yeah I thought that was funny also. So as long as you steal the content from other users and not the content producers it makes it legal?

RE: wait what?
By Harinezumi on 12/17/2009 5:34:52 PM , Rating: 3
Why should it be illegal to monitor electromagnetic waves passing through your property?

You got to be kidding me
By William Gaatjes on 12/17/2009 1:44:33 PM , Rating: 2
These drones transmit sensitive data about targets and possible troops data you do not want in hands of the enemy and this data is transmitted without encryption ?


RE: You got to be kidding me
By AssBall on 12/17/2009 2:10:38 PM , Rating: 2
Hehehe, maybe they did it on purpose. I doubt it, but think about watching videos of hellfire missles obliterating your friends without getting demoralized.

RE: You got to be kidding me
By William Gaatjes on 12/17/2009 4:30:20 PM , Rating: 2
i hope your right. Or your troops will not be that happy anymore now this got out widespread.

No wonder they can't find Osama
By littleprince on 12/17/2009 11:04:53 AM , Rating: 2
This is pretty surprising, and deserves a face palm!

By marvdmartian on 12/17/2009 1:28:15 PM , Rating: 3
Yeah, but wouldn't it be funny?

(Taliban technician) "Hey, Osama! The guy on this feed looks JUST LIKE YOU!!"
(Osama) "HUH???" (KABOOM!!!)

Hey! Look at this!
By bubba551 on 12/17/2009 1:06:27 PM , Rating: 2
Our house is on the TV!

RE: Hey! Look at this!
By Smilin on 12/17/2009 1:41:44 PM , Rating: 2
Those cross hairs can't be good.

By bh192012 on 12/17/2009 3:56:04 PM , Rating: 4
Wouldn't this also mean that the data could be spoofed/blocked. Sure against insurgants this *might* not be a problem, but I sure as F hope these drones were not developed to only fight 1 backwards group of people.

Send these drones over Iraq a little too close to Iran on a regular pattern, and one day you'll probably be getting a spoffed signal pointing out "insurgants" entering a school. Followed by some bombs and bad press. Ohhh wait, it's probably already been done.

USAF is so lame?
By D2Lalma on 12/17/2009 11:00:07 AM , Rating: 1
There is no encryption on the video fb? USAF is so lame? Unbelivable...

RE: USAF is so lame?
By delphinus100 on 12/17/2009 12:18:31 PM , Rating: 2
And it's not as if the tech for that isn't everywhere. TV satellite and cable operators do it without thinking twice...

Good idea for counter measure
By Lord 666 on 12/17/2009 12:18:57 PM , Rating: 2
Take the existing communication method and stream porn across it once a more secure method is introduced. This way it will offend the Muslim terrorists and harm them mentally.

If this is news, then don't purchase the majority of baby monitors. I have an older scanner that picked up the feed of several in the neighborhood. Even baby monitor video streams were picking up transmission from the Space Shuttle not long ago.

Truely disappointing.
By HrilL on 12/17/2009 12:46:56 PM , Rating: 2
Wow, to think that they would be so short sighted to think that because they are insurgents they wouldn't figure out how to tap into an unencrypted feed. These insurgents have millions of dollars to buy weapons and computers and other devices to to help fight their war.

What if their was a real conflict with another power? They surely would be tapping into all feeds and try to unencrypted some of the other feeds as well maybe try to take control of our drones. And surely they'd view any and all unencrypted feeds.

I am quite surprised the people designing these things are that retarded. It is not hard to add encryption to some damn feeds. It can be done in software and by the sound of it even weak 128bit encryption would stop this from happening.

By purelog1c on 12/17/2009 7:05:59 PM , Rating: 2
Exactly why i don't put my trust in the US military. look it's not so bad, the admin moderates well.

channel hop?
By AntiV6 on 12/17/2009 7:33:45 PM , Rating: 2
Don't UAV's frequency hop?

My father who's a pilot commented on that they change frequencies 12 times a second.

Can the software keep up with that?

By nofumble62 on 12/19/2009 11:38:01 AM , Rating: 2
The missles will home in those radio receivers. The terrorist will watch themselves smoking.

Think about it
By fudd666 on 12/21/2009 12:15:46 AM , Rating: 2
I would imagine it is imperative to have a live stream of important military information that is supposed to be in real time, actually in real time. If you encrypt the stream, you have to take it, encrypt it, send it, decrypt it, and watch, sure on modern computer tech the delay would be negligible, but it wouldn't be a hard srtetch to say that 10 years ago, the delay may have been to great.

I wish
By icanhascpu on 12/18/2009 5:07:30 AM , Rating: 1
I wish there was a better way to find the people responsible for actively choosing not to secure something like this and prosecute them.

We as American people did not vote these people into power for horseshit like this. Yet who is going to get the blame? Certainly not the actual people that made the fucked up decision like this.

Seriously, fuck them. They deserve to be in jail.

"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson
Related Articles
Air Force Debuts New Jet-powered UAV
April 29, 2009, 12:00 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki