Bad OPSEC (Operations Security) exposed by Air War on ISIS?
“Loose Tweets Destroy Fleets” is the slogan (based on the U.S. Navy’s WWII slogan “Loose Lips Sink Ships”) that the U.S. Air Force Central Command used a couple of weeks ago for an article aimed at raising airmen awareness about the risk of sharing sensitive information on social media.
Indeed, the AFCENT article speaks directly to the threat posed by Islamic State supporters who, according to Stripes, on at least two occasions have acquired and posted online personal data of military personnel, urging sympathizers, “lone wolves,” to attack Americans in the States and overseas in retaliation for the air strikes.
The article highlights the importance of proper OPSEC to keep sensitive information away from the enemy and to prevent leakage of information that could put missions, resources and members at risk, “and be detrimental to national strategic and foreign policies.”
Interestingly, the article only focuses on the smart use of social media. Ok, however, there are other possible OPSEC violations that the U.S. Air Force (as well as many other air arms currently supporting Operation Inherent Resolve, in Iraq and Syria, or Enduring Freedom, in Afghanistan) should be concerned of.
USAF C-146A Wolfhound of the 524th Special Operations Squadron
During the last few months many readers have sent us screenshots they took on FR24.com or PF.net (that only collect ADS-B broadcast by aircraft in the clear) showing military planes belonging to different air forces over Iraq or Afghanistan: mainly tankers and some special operations planes.
We have informed the U.S. Air Force and other air forces that their planes could be tracked online, live, several times, but our Tweets (and those of our Tweeps who retweeted us) or emails have not had any effect as little has changed. Maybe they don’t consider their tankers’ racetrack position or the area of operations of an MC-12 ISR (Intelligence Surveillance Reconnaissance) aircraft a sensitive information…
“The guys that were working down out of Hurlburt, they’re combing through social media and they see some moron standing at this command. And in some social media, open forum, bragging about the command and control capabilities for Daesh, ISIL. And these guys go: ‘We got an in.’ So they do some work, long story short, about 22 hours later through that very building, three [Joint Direct Attack Munitions] take that entire building out.”
Although the U.S. Air Force did not release any further information about the location of the headquarters or the aircraft that carried out the attack, the story is quite interesting as it proves that not only are social media used by ISIS for propaganda and recruiting purposes, they are also used by U.S. intel team to identify ground targets, supplementing ISR (Intelligence Surveillance Reconnaissance) activities conducted with the “usual” platforms, like satellites, spyplanes and UAVs (Unmanned Aerial Vehicles).
U.S. and NATO soldiers are always made aware of the risk of using social media and, generally speaking, digital technologies which embed information that can be exploited by the adversaries in various ways. Still OPSEC (Operations Security) breaches occur.
Some of them are well described in the book The Sword of David – The Israeli Air Force at War, written by Donald McCarthy.
According to McCarthy, who served in the U.S. Air Force from 1964 to 1968 before becoming a respected and well informed historian, the information for Operation Orchard is alleged to have come from Ali Reza Asgari, an Iranian general disappeared in February 2007, who may have been the source of the intelligence required by the Syrian nuclear site attack.
After gathering the required details, the Israelis planned a secret mission that was launched on Sept. 6 2007, at night.
McCarthy points out the fact that Syria as well as other Arab countries were equipped with advanced Russian air defense systems, such as the Pantsir-S1 (SA-22 Greyhound as reported by NATO designation), claimed to be immune to electronic jamming. At the time of Operation Orchard, Syria operated twenty nine of these advanced air defense systems, so it remains unclear how the IAF aircraft flew undetected into the night sky out over the Mediterranean Sea, across the Euphrates River and along their route to the nuclear facility.
As explained by McCarthy, according to the most widely accepted theory the strike force included one or more Gulfstream G550 aircraft, equipped with the IAI Elta EL/W-2085 radar system.
Indeed, the success of the operation was largely attributed to effectiveness of the Israeli Electronic Warfare platforms that supported the air strike and made the Syrian radars blind: some sources believe that Operation Orchard saw the baptism of fire of the Suter airborne network system against Syrian radar systems.
This system, combined with the F-15Is electronic warfare capabilities, shut down Syrian air defense systems, providing the other airplanes the cover they needed to hit and destroy the Dir A-Zur nuclear plant.
After the attack, the initial reports stated that the IAF aircraft had almost entirely destroyed the nuclear site, claims that were also confirmed by the comparison of pre and post-attack satellite imagery.
Even if the incident was shrouded in secrecy, Turkish media outlets reported that external fuel tanks were found on the ground not far away from the Syrian border: as reported by Shlomo Aloni & Zvi Avidror in their book Hammers Israel’s Long-Range Heavy Bomber Arm: The Story of 69 Squadron, these external fuel tanks were identified by foreign press as belonging to F-15 aircraft.
Helium balloons of the future network that should give Internet to everyone in the world fortunately use ADS-B.
If you point your browser to Flightradar24.com and zoom off the coast of New Zealand, you’ll see 7 slow moving aircraft: these are actually helium balloons, part of Google’s Project Loon, broadcasting their position, speed, altitude etc. via Mode-S ADS-B.
Project Loon is a research and development project whose aim is to provide Internet access to everyone, even if they live in rural and remote areas. The project features high-altitude balloons, made from sheets of polyethiylene plastic and measuring 15×12 meters, placed in the stratosphere at an altitude of about 20 mi (32 km) with the purpose of crating an aerial wireless network with up to 3G-like speeds.
The helium balloons are all “floating” around 1,000 feet to the southeast of New Zealand, and a probably involved in a testing campaign; after the trial (kicked off in June 2013) Google hopes to launch thousands of balloons around Earth to provide global Internet access.
In the wake of Snowden scandal, someone said that the purpose of the project may not be philantropic and the task of the network of balloons would be global communications monitoring. But this is another story.
Maintainers counter cyber threats for first time at Nellis’s Red Flag
“Train as you fight, fight as you train” has always been Red Flag‘s motto.
U.S. Air Force’s main exercise has to prepare aircrew and support personnel to fight modern war. In the air, on the ground, over the sea and in the cyberspace.
For the first time, the recent Red Flag 14-1 at Nellis Air Force Base featured a “contested, degraded or operationally limited” environment, or CDO, for maintainers, who were trained to cope with cyber vulnerabilities in the systems they use on the flightline.
Ground personnel are always using computers and brand new technologies that may be targeted by cyber attacks launched by tech-savvy adversaries: laptop used for aircraft maintainance and diagnosis, GPS systems, communication and network equipment are all high-value targets for enemy hacking teams. That’s why Red Flag maintainers receive academics on cyber vulnerabilities, information operations and other CDO-related threats.
Hence, along with “kinetic operations” conducted by fighter jets, attack planes and strategic bombers that must dominate a contested airspace or battlefield, a simulated “non-kinetic” war is fought by Red Flag participants to defend their critical systems from attacks coming from the cyberspace; attacks that may be as devastating as those using bullets, bombs and missiles.