What is a Cyber Weapon? April 22, 2012Posted by David Cenciotti in : Information Security, Information Warfare , 1 comment so far
We’ve been taking about Militarisation of cyberspace for some time now. This interesting article by Hackmageddon.com provides a model to classify cyber weapons in accordance with four parameters: Precision, Intrusion, Visibility, and Easiness to Implement. Based on these parameters, cyber threats can be compared to smart bombs, handguns, traditional bombs and paintball pistols. Read below to discover why.
What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, he would probably be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).
A real paradox in the same days in which The Pentagon, following the Japanese Example, has unveiled its new strategy aimed to dramatically accelerate the development of new Cyber Weapons. And do not think these are isolated, fashion-driven examples (other nations are approaching the same strategy), but rather consider them real needs in the post-Stuxnet age, an age in which more and more government are moving their armies to the fifth domain of war [you will probably remember the (in)famous episode, when F-Secure was able to discover Chinese Government launching online attacks against unidentified U.S. Targets].
Recently Stefano Mele, a friend and a colleague of the Italian Security Professional Group, tried to give an answer to this question in his paper (so far only in Italian but it will be soon translated in English) where he analyzes Cyber Weapons from a legal and strategical perspective.
As he points out “Correctly defining the concept of Cyber Weapon, thus giving a definition also in law, is an urgent and unavoidable task, for being able to assess both the level of threat deriving from a cyber attack, and the consequent political and legal responsibilities attributable to those who performed it”. Maybe this phrase encloses the reason why a coherent definition has not been given so far: a cyber weapon is not only a technological concept, but rather hides behind its complex juridical implications.
According to Stefano’s definition: a cyber weapon is:
A device or any set of computer instructions intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs therein contained or thereto relevant, or even intended to facilitate the interruption, total or partial, or alteration of its operation.
One could probably argue whether a cyber weapon must necessarily generate physical damages or not, in which case, probably, Stuxnet, would be the one, so far, to encompass all the requirements. In any case, from my point of view, I believe the effects of a cyber weapon should be evaluated from its domain of relevance, the cyberspace, with the possibility to cross the virtual boundaries and extend to the real world (Stuxnet is a clear example of this, since it inflicted serious damages to Iranian Nuclear Plants, including large-scale accidents and loss of lifes).
With this idea in mind, I tried to build a model to classify the cyber weapons according to four parameters: Precision (that is the capability to target only the specific objective and reduce collateral damages), Intrusion (that is the level of penetration inside the target), Visibility (that is the capability to be undetected), and Easiness to Implement (a measure of the resource needed to develop the specific cyber weapon). The results, ranging from paintball pistols to smart bombs, are summarized in the below chart.
- What are Cyber-Weapons? (cyberarms.wordpress.com)
- Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry (theaviationist.com)
- Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry (hackmageddon.com)
- Drones used as Proxies to get around ISP blocking and law enforcement: Predator’s to add server payload? (theaviationist.com)
- After latest F-35 hack, Lockheed Martin, BAe Systems, Elbit under multiple cyber attacks….right now. (theaviationist.com)
Beware of EXIF when you upload images to Flickr: USAF photo caption says image was taken in 2012. Flickr says May 2009. USAF lied. March 24, 2012Posted by David Cenciotti in : Bizarre, Information Warfare , 4comments
The following picture was uploaded few days ago on the official USAF Flickr photostream.
Here’s the caption (highlight mine):
An Alaska Air National Guard HH-60G Pave Hawk helicopter practices high-altitude landing operations March 14, 2012. The primary mission of the Pave Hawk is to conduct day or night personnel recovery operations into hostile environments to recover isolated personnel during war. (U.S. Air Force photo by Master Sgt. Sean Mitchell)
By accident while was watching the image, my attention was caught by the date shown on the right hand column of the Flickr page, showing that the image was actually taken on May 5, 2009.
Since Flickr uses the EXIF data of the file to determine the date, I assumed that the image was taken in 2009, unless the camera date was set wrong.
Obviously, when I posted the following message to the The Aviationist Facebook page (and retweeted it on Twitter):
USAF caption says this photo was taken on Mar. 14, 2012. Flickr via Exif says May 2009. Who lied? http://bit.ly/GL1sZE
while many followers replied that Exifs are quite unreliable since date and time cand be mis-set on the camera, others affirmed that, although possible, it is quite uncommon that the date can be set wrong by professional photographers.
However the solution of this little mystery was given by Mark Brueschke, a follower of the FB page who lives in Alaska. Indeed, Mark noticed that the moon was in the wrong quarter for the period: on Mar. 14, 2012 the moon was in the last quarter, while the one depicted in the photo is between the first quarter and full moon, exactly how it should have been on May 5, 2009.
Furthermore the amount of show at elevation is not coherent with the one he saw in March on this year when there was snow on all elevations above 100 m.
So the image was really taken in 2009.
Ok, we’ve proved the USAF lied, but it’s no big deal. Maybe they just needed an image to be uploaded on Flickr and, since the one taken in May 2009 was not previously used, they uploaded it.
However this episode should remind everybody the risk of using digital technologies which embed so many information that can be exploited in various ways.
Few days ago Helihub published an article about four Apaches lost in 2007 thanks to the smartphone geotagging.
In few words, in Iraq, insurgents were able to determine the exact location of AH-64 Apache helicopters and successfully attack them because some soldiers had taken pictures on the flightline and uploaded them (including geotagging data) to the Internet.
- Can posting pictures to Flickr reveal your hometown? (digitaltrends.com)
You will believe China has already copied the Lockheed Martin F-35 and the T-50 just visited Nellis AFB when you see these images. January 28, 2012Posted by David Cenciotti in : Information Warfare , 7comments
Have a look at the following images.
I didn’t know that either until Al Clark, an aviation illustrator and photographer, sent me a link to his works. Obviously, above images were photoshopped, but the result is awesome and it takes some time to analyze them and be sure they are not genuine.
I’ve often been asked to evaluate the authenticity of images published on Chinese forums and websites, as well as footage released by Iran that has often used doctored videos and fake images to spread regime’s propaganda messages and, in most cases, the authenticity of the material released by the Iranian State TV or news agency, could soon be determined.
If they want to deceive not only intelligence officer but also amateur analysts, and be much more credible, maybe Iran state media should start studying how Al Clark creates his realistic digital mock-ups.
Captured U.S. stealthy drone was hijacked exploiting GPS vulnerability. But hack description does not solve the mystery December 15, 2011Posted by David Cenciotti in : Captured Stealth Drone, Drones, Information Security, Information Warfare, Iran, Military Aviation , 25comments
Eventually there is an explanation for the mysterious capture of the U.S. stealth drone by Iran. In an exclusive interview to the Christian Science Monitor, an Iranian engineer (on condition of anonymity) working to reverse engineer the RQ-170 Sentinel hacked while it was flying over the northeastern Iranian city of Kashmar, some 225 kilometers (140 miles) away from the Afghan border, says they were able to exploit a known vulnerability of the GPS.
In simple words, in a scenario that I had more or less described in my last post which described also the known threats to the drone’s Position, Navigation and Guidance system, the Iranain electronic warfare specialist disrupted the satellite link of the American robot and then reconfigured the drone’s GPS setting the coordinates to make it land in Iran at what the Sentinel thought it was its home base in Afghanistan.
They jammed the SATCOM link and then forced the drone into autopilot reconfiguring the waypoint of the lost-link procedure to make it land where they wanted.
Such techniques were tuned by studying previously downed smaller drone, like the 4 U.S. and 3 Israeli that could be exhibited in Iran in the next future.
Furthermore, in explaining why the “Beast of Kandahar” had signs of belly landing the engineer said to CSMonitor:
“If you look at the location where we made it land and the bird’s home base, they both have [almost] the same altitude,” says the Iranian engineer. “There was a problem [of a few meters] with the exact altitude so the bird’s underbelly was damaged in landing; that’s why it was covered in the broadcast footage.”
Ok, this seems to explain almost everything.
However, to be honest, it is the last sentence that raises some questions. Landing a drone, as well as an airplane, with the autopilot on a runway it’s not only a matter of altitude. There are many other things to consider, like the runway heading, the procedure to be followed on approach to avoid specific areas, known obstacles etc.
Maybe the Iranians had identified an airport with the same runway heading, with the same elevation, with no planes interesting runways and taxiways and so on. Still, it’s hard to believe that the Sentinel did not encounter any obstacle and suffered only some (minor) damages on landing.
So I’m still not certain that, although tricked by GPS spoofing, a drone can be landed safely without taking over control even if the Iranian engineer said to CSMonitor that they made the robot
“land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.
Without considering that the lost-link procedure does not foresse the RQ-170 landing autonomously at his actual homebase (because of the many variables, such as wind and traffic) but orbiting until link is re-established or fuel finishes.
Anyway, maybe it’s time for the U.S. to reconsider their drones’ equipment, countermeasures and combat operation procedures as well as Iran’s electronic and cyberwarfare capabilities.
"Three U.S. and four Israeli drones captured in Iran to be put on display soon": Tehran Times says. "Downed" RQ-170 saga continues December 15, 2011Posted by David Cenciotti in : Captured Stealth Drone, Drones, Information Warfare, Iran, Military Aviation , 4comments
Tehran Times reported that Iran is about to put on display “foreign spy drones in Iran’s possession” within an exhibition that will also showcase the “latest domestically manufacture electronic warfare equipment”, and national reporters and foreign ambassadors will be allowed to visit them.
According to a source close to the Iranian newspaper, the foreign robots in the hands of the ayatollahs’ regime are three U.S. and four Israeli drones.
“the four Israeli drones that are now in Iran’s possession had violated the country’s airspace along the eastern borders, and the three U.S. unmanned aircraft had penetrated into the country’s airspace along either the eastern or southern border.”
The news arrives in the aftermath of the capture of a stealth RQ-170 Sentinel, so far considered the most advanced (known) U.S. drone, the first to be displayed after several claims of American ‘bots downed while spying uranium enrichment sites as part of the covert war against Iran’s nuclear program.
Interestingly, the same article discloses for the first time what everyone already knew: a number of countries have reportedly asked for permission to inspect the “Beast of Kandahar”.
While waiting for new images to analyze, there are still many questions to be answered about the capture of the stealthy Sentinel.
An interesting document titled “Report on Operating Next-Generation Remotely Piloted Aircraft for Irregular Warfare” published by the U.S. Air Force Scientific Advisory Board in April 2011 and made available by Public Intelligence a couple of days ago, provides some interesting (and official) assesement about the reliability of the communication link between the drone and the ground control station.
According to the document, U.S. drone are subject to the following threats (excerpt):
- Jamming of commercial satellite communications (SATCOM) links is a widely available technology. It can provide an effective tool for adversaries against data links or as a way for comma nd and control (C2) denial.
- Operational needs may require the use of unencrypted data links to provide broadcast services to ground troops without security clearances. Eavesdropping on these links is a known exploit that is available to adversaries for extremely low cost.
- Spoofing or hijacking links that can lead to damaging missions, or even to platform loss.
Dealing with the threat to Position, Navigation and Guidance the documents undelines that:
“There is a wide range of methods that a determined adversary can use for attacking RPA guidance and navigation systems. The report mentions here only three categories of threats without going into the details:
- Small, simple GPS noise jammers can be easily constructed and employed by an unsophisticated adversary and would be effective over a limited RPA operating area.
- GPS repeaters are also available for corrupting navigation capabilities of RPAs.
- Cyber threats represent a major challenge for future RPA operations. Cyber attacks can affect both on-board and ground systems, and exploits may range from asymmetric CNO attacks to highly sophisticated electronic systems and software attacks.”
So, what may have happened to the Sentinel?
We can only speculate. The drone may have suffered a lost-link event because of a technical failure (link losses occurs every now and then) or an attack from Iran. Following the loss of satellite link, the procedure foresees that the drone switches to automatic flying and heads towards a preplanned set of waypoints to fly a loop until link is re-established or fuel finishes (with consequent crash).
As I think (and hope) that the preplanned waypoint for lost-link procedure for a mission inside the enemy airspace is set inside the friendly airspace (in order to prevent it from crashing “behind the enemy lines”) I can’t explain why the drone crashed in Iran and not in Afghanistan.
Unless, Iran was really able to corrupt the stealthy robot’s navigational system using jammers and rogue GPS repeaters guiding it in the wrong direction.
04:00PM GMT Dec 15 update
Something that came to my mind while discussing this post with Guido Olimpio, Corriere della Sera correspondent from the U.S.: Tehran is going to show the remains of 7 drones (4 American and 3 Israeli robots) “downed” in Iran. But, if they were flying inside the Iranian airspace they had to be stealth ones. Shall we expect something never seen before?
BTW: the exhibition could something like the Tishreen War Panorama museum in Damascus, Syria, that I visited few years ago, where wreckage of Israeli planes and parts of them, were showcased.
This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link: http://theaviationist.com/category/captured-stealth-drone/