• Home
• About
• In the news / Citations
• Articles & Works
• Picture Gallery
• Contacts

What is a Cyber Weapon? April 22, 2012

Posted by David Cenciotti in : Information Security, Information Warfare , 1 comment so far

We’ve been taking about Militarisation of cyberspace for some time now. This interesting article by Hackmageddon.com provides a model to classify cyber weapons in accordance with four parameters: Precision, Intrusion, Visibility, and Easiness to Implement. Based on these parameters, cyber threats can be compared to smart bombs, handguns, traditional bombs and paintball pistols. Read below to discover why.

What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, he would probably be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).

A real paradox in the same days in which The Pentagon, following the Japanese Example, has unveiled its new strategy aimed to dramatically accelerate the development of new Cyber Weapons. And do not think these are isolated, fashion-driven examples (other nations are approaching the same strategy), but rather consider them real needs in the post-Stuxnet age, an age in which more and more government are moving their armies to the fifth domain of war [you will probably remember the (in)famous episode, when F-Secure was able to discover Chinese Government launching online attacks against unidentified U.S. Targets].

Recently Stefano Mele, a friend and a colleague of the Italian Security Professional Group, tried to give an answer to this question in his paper (so far only in Italian but it will be soon translated in English) where he analyzes Cyber Weapons from a legal and strategical perspective.

As he points out “Correctly defining the concept of Cyber Weapon, thus giving a definition also in law, is an urgent and unavoidable task, for being able to assess both the level of threat deriving from a cyber attack, and the consequent political and legal responsibilities attributable to those who performed it”. Maybe this phrase encloses the reason why a coherent definition has not been given so far: a cyber weapon is not only a technological concept, but rather hides behind its complex juridical implications.

According to Stefano’s definition: a cyber weapon is:

A device or any set of computer instructions intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs therein contained or thereto relevant, or even intended to facilitate the interruption, total or partial, or alteration of its operation.

One could probably argue whether a cyber weapon must necessarily generate physical damages or not, in which case, probably, Stuxnet, would be the one, so far, to encompass all the requirements. In any case, from my point of view, I believe the effects of a cyber weapon should be evaluated from its domain of relevance, the cyberspace, with the possibility to cross the virtual boundaries and extend to the real world (Stuxnet is a clear example of this, since it inflicted serious damages to Iranian Nuclear Plants, including large-scale accidents and loss of lifes).

With this idea in mind, I tried to build a model to classify the cyber weapons according to four parameters: Precision (that is the capability to target only the specific objective and reduce collateral damages), Intrusion (that is the level of penetration inside the target), Visibility (that is the capability to be undetected), and Easiness to Implement (a measure of the resource needed to develop the specific cyber weapon). The results, ranging from paintball pistols to smart bombs, are summarized in the below chart.

Read more…

Related articles

• What are Cyber-Weapons? (cyberarms.wordpress.com)
• Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry (theaviationist.com)
• Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry (hackmageddon.com)
• Drones used as Proxies to get around ISP blocking and law enforcement: Predator’s to add server payload? (theaviationist.com)
• After latest F-35 hack, Lockheed Martin, BAe Systems, Elbit under multiple cyber attacks….right now. (theaviationist.com)

Beware of EXIF when you upload images to Flickr: USAF photo caption says image was taken in 2012. Flickr says May 2009. USAF lied. March 24, 2012

Posted by David Cenciotti in : Bizarre, Information Warfare , 4comments

The following picture was uploaded few days ago on the official USAF Flickr photostream.

Here’s the caption (highlight mine):

An Alaska Air National Guard HH-60G Pave Hawk helicopter practices high-altitude landing operations March 14, 2012. The primary mission of the Pave Hawk is to conduct day or night personnel recovery operations into hostile environments to recover isolated personnel during war. (U.S. Air Force photo by Master Sgt. Sean Mitchell)

By accident while was watching the image, my attention was caught by the date shown on the right hand column of the Flickr page, showing that the image was actually taken on May 5, 2009.

Since Flickr uses the EXIF data of the file to determine the date, I assumed that the image was taken in 2009, unless the camera date was set wrong.

Obviously, when I posted the following message to the The Aviationist Facebook page (and retweeted it on Twitter):

USAF caption says this photo was taken on Mar. 14, 2012. Flickr via Exif says May 2009. Who lied? http://bit.ly/GL1sZE

while many followers replied that Exifs are quite unreliable since date and time cand be mis-set on the camera, others affirmed that, although possible, it is quite uncommon that the date can be set wrong by professional photographers.

However the solution of this little mystery was given by Mark Brueschke, a follower of the FB page who lives in Alaska. Indeed, Mark noticed that the moon was in the wrong quarter for the period: on Mar. 14, 2012 the moon was in the last quarter, while the one depicted in the photo is between the first quarter and full moon, exactly how it should have been on May 5, 2009.

Furthermore the amount of show at elevation is not coherent with the one he saw in March on this year when there was snow on all elevations above 100 m.

So the image was really taken in 2009.

Ok, we’ve proved the USAF lied, but it’s no big deal. Maybe they just needed an image to be uploaded on Flickr and, since the one taken in May 2009 was not previously used, they uploaded it.

However this episode should remind everybody the risk of using digital technologies which embed so many information that can be exploited in various ways.

Few days ago Helihub published an article about four Apaches lost in 2007 thanks to the smartphone geotagging.

In few words, in Iraq, insurgents were able to determine the exact location of AH-64 Apache helicopters and successfully attack them because some soldiers had taken pictures on the flightline and uploaded them (including geotagging data) to the Internet.

Related articles

• Can posting pictures to Flickr reveal your hometown? (digitaltrends.com)

You will believe China has already copied the Lockheed Martin F-35 and the T-50 just visited Nellis AFB when you see these images. January 28, 2012

Posted by David Cenciotti in : Information Warfare , 7comments

Did you know that China’s J-18 Night Owl has already been photographed and appears as a copy of the Lockheed Martin F-35? And what about the T-50 that has secretly visited Nellis AFB?

Have a look at the following images.

I didn’t know that either until Al Clark, an aviation illustrator and photographer, sent me a link to his works. Obviously, above images were photoshopped, but the result is awesome and it takes some time to analyze them and be sure they are not genuine.

I’ve often been asked to evaluate the authenticity of images published on Chinese forums and websites, as well as footage released by Iran that has often used doctored videos and fake images to spread regime’s propaganda messages and, in most cases, the authenticity of the material released by the Iranian State TV or news agency, could soon be determined.

If they want to deceive not only intelligence officer but also amateur analysts, and be much more credible, maybe Iran state media should start studying how Al Clark creates his realistic digital mock-ups.

Captured U.S. stealthy drone was hijacked exploiting GPS vulnerability. But hack description does not solve the mystery December 15, 2011

Posted by David Cenciotti in : Captured Stealth Drone, Drones, Information Security, Information Warfare, Iran, Military Aviation , 25comments

Eventually there is an explanation for the mysterious capture of the U.S. stealth drone by Iran. In an exclusive interview to the Christian Science Monitor, an  Iranian engineer (on condition of anonymity) working to reverse engineer the RQ-170 Sentinel hacked while it was flying over the northeastern Iranian city of Kashmar, some 225 kilometers (140 miles) away from the Afghan border, says they were able to exploit a known vulnerability of the GPS.

In simple words, in a scenario that I had more or less described in my last post which described also the known threats to the drone’s Position, Navigation and Guidance system, the Iranain electronic warfare specialist disrupted the satellite link of the American robot and then reconfigured the drone’s GPS setting the coordinates to make it land in Iran at what the Sentinel thought it was its home base in Afghanistan.

They jammed the SATCOM link and then forced the drone into autopilot reconfiguring the waypoint of the lost-link procedure to make it land where they wanted.

Such techniques were tuned by studying previously downed smaller drone, like the 4 U.S. and 3 Israeli that could be exhibited in Iran in the next future.

Furthermore, in explaining why the “Beast of Kandahar” had signs of belly landing the engineer said to CSMonitor:

“If you look at the location where we made it land and the bird’s home base, they both have [almost] the same altitude,” says the Iranian engineer. “There was a problem [of a few meters] with the exact altitude so the bird’s underbelly was damaged in landing; that’s why it was covered in the broadcast footage.”

Ok, this seems to explain almost everything.

However, to be honest, it is the last sentence that raises some questions. Landing a drone, as well as an airplane, with the autopilot on a runway it’s not only a matter of altitude. There are many other things to consider, like the runway heading, the procedure to be followed on approach to avoid specific areas, known obstacles etc.

Maybe the Iranians had identified an airport with the same runway heading, with the same elevation, with no planes interesting runways and taxiways and so on. Still, it’s hard to believe that the Sentinel did not encounter any obstacle and suffered only some (minor) damages on landing.

So I’m still not certain that, although tricked by GPS spoofing, a drone can be landed safely without taking over control even if the Iranian engineer said to CSMonitor that they made the robot

“land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.

Without considering that the lost-link procedure does not foresse the RQ-170 landing autonomously at his actual homebase (because of the many variables, such as wind and traffic) but orbiting until link is re-established or fuel finishes.

Anyway, maybe it’s time for the U.S. to reconsider their drones’ equipment, countermeasures and combat operation procedures as well as Iran’s electronic and cyberwarfare capabilities.

Stay tuned.

"Three U.S. and four Israeli drones captured in Iran to be put on display soon": Tehran Times says. "Downed" RQ-170 saga continues December 15, 2011

Posted by David Cenciotti in : Captured Stealth Drone, Drones, Information Warfare, Iran, Military Aviation , 4comments

Tehran Times reported that Iran is about to put on display “foreign spy drones in Iran’s possession” within an exhibition that will also showcase the “latest domestically manufacture electronic warfare equipment”, and national reporters and foreign ambassadors will be allowed to visit them.

According to a source close to the Iranian newspaper, the foreign robots in the hands of the  ayatollahs’ regime are three U.S. and four Israeli drones.

“the four Israeli drones that are now in Iran’s possession had violated the country’s airspace along the eastern borders, and the three U.S. unmanned aircraft had penetrated into the country’s airspace along either the eastern or southern border.”

The news arrives in the aftermath of the capture of a stealth RQ-170 Sentinel, so far considered the most advanced (known) U.S. drone, the first to be displayed after several claims of American ‘bots downed while spying uranium enrichment sites as part of the covert war against Iran’s nuclear program.

Interestingly, the same article discloses for the first time what everyone already knew: a number of countries have reportedly asked for permission to inspect the “Beast of Kandahar”.

While waiting for new images to analyze, there are still many questions to be answered about the capture of the stealthy Sentinel.

An interesting document titled “Report on Operating Next-Generation Remotely Piloted Aircraft for Irregular Warfare”  published by the U.S. Air Force Scientific Advisory Board in April 2011 and made available by Public Intelligence a couple of days ago, provides some interesting (and official) assesement about the reliability of the communication link between the drone and the ground control station.

According to the document, U.S. drone are subject to the following threats (excerpt):

• Jamming of commercial satellite communications (SATCOM) links is a widely available technology.  It can provide an effective tool for adversaries against data links or as a way for comma nd and control (C2) denial.
• Operational needs may require the use of  unencrypted data links to provide broadcast services to ground troops without security  clearances.  Eavesdropping on these links is a known exploit that is  available to adversaries for extremely low cost.
• Spoofing or hijacking links that can lead to damaging missions, or even to platform loss.

Dealing with the threat to Position, Navigation and Guidance the documents undelines that:

“There is a wide range of methods that a determined adversary can use for  attacking RPA guidance and navigation systems.  The report mentions here only three  categories of threats without going into the details:

• Small, simple GPS noise jammers can be  easily constructed and employed by an unsophisticated adversary and would be  effective over a limited RPA operating area.
• GPS repeaters are also available for corrupting navigation capabilities of RPAs.
• Cyber threats represent a major challenge for future RPA operations.  Cyber attacks can affect both on-board and ground systems, and exploits may range from asymmetric CNO attacks to highly sophisticated electronic systems and software attacks.”

So, what may have happened to the Sentinel?

We can only speculate. The drone may have suffered a lost-link event because of a technical failure (link losses occurs every now and then) or an attack from Iran. Following the loss of satellite link, the procedure foresees that the drone switches to automatic flying and heads towards a preplanned set of waypoints to fly a loop until link is re-established or fuel finishes (with consequent crash).

As I think (and hope) that the preplanned waypoint for lost-link procedure for a mission inside the enemy airspace is set inside the friendly airspace (in order to prevent it from crashing “behind the enemy lines”) I can’t explain why the drone crashed in Iran and not in Afghanistan.

Unless, Iran was really able to corrupt the stealthy robot’s navigational system using jammers and rogue GPS repeaters guiding it in the wrong direction.

04:00PM GMT Dec 15 update

Something that came to my mind while discussing this post with Guido Olimpio, Corriere della Sera correspondent from the U.S.: Tehran is going to show the remains of 7 drones (4 American and 3 Israeli robots) “downed” in Iran. But, if they were flying inside the Iranian airspace they had to be stealth ones.  Shall we expect something never seen before?

BTW: the exhibition could something like the Tishreen War Panorama museum in Damascus, Syria, that I visited few years ago, where wreckage of Israeli planes and parts of them, were showcased.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link: http://theaviationist.com/category/captured-stealth-drone/

search

• Subscribe to Blog via Email

  Enter your email address to subscribe to this blog and receive notifications of new posts by email.

• Facebook page

• The Aviationist patch

  

  Send me an email if you want to support this site buying the original TheAviationist.com patch, only available through this website!

  4.33 inch (11-cm) patch on velcro.

• Donations

  Support this website by making a donation

  
• 
• 
• 
• 
• 

• Blog Authors

  

  

  

  

  

  

  

• Categories

  Select Category 9-11 Aircraft Carriers airships Airshow Airspace violations Armed Forces Day Aviation Aviation Safety Bizarre Books Calendar Captured Stealth Drone China Crime & Homeland Security Digital Photography Drones F-104 Farnborough 2012 Flight Simulation Giornata Azzurra Grosseto Hacking Helicopters Information Security Information Warfare Iran ItAF Museum Italian Air Force Italian Navy Libyan Uprising Mali Maritime Security Military Aviation    494FS Deci    F-35    Spring Flag    Vega 2010    Winter Hide 2011 Military History    Falklands War Museums NH90 crash non-military aviation North Korea Operation Odyssey Dawn Operation Unified Protector Osama Bin Laden raid Panoramic Photography Patches Photography Pillars of Defense Podcast Satellite Season's greetings Space Special Operations Stealth Black Hawk Swiss Air Force Syria Turkish RF-4E shot down Uncategorized weapons Yearly summary

• Tags

  Aeronautica Militare Afghanistan aircraft carrier AMI Aviation Safety AWACS Benghazi Decimomannu Electronic Warfare Eurofighter Eurofighter Typhoon F-16 F-2000 helicopter Hornet Iran Israeli Air Force ItAF Italian Air Force Libya Libyan uprising Lockheed Martin Lockheed Martin F-35 Lightning II Military Aviation Mirage 2000 NATO Pratica di Mare Rafale Royal Air Force Sentinel SIGINT Sigonella Spanish Air Force Surface to Air Missile Syria Tornado Tornado ECR Trapani Turkish Air Force Typhoon U.S. Air Force UAV United States Air Force Unmanned Aerial Vehicle USAF

• Top Posts

• Archive of previous posts

  Select Month May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 May 2006 March 2006 November 2005
• 
• 
• 

• Blogroll

  • 102° Gruppo CBOS Virtuale
  • 916 Starfighter
  • Air Devils
  • Airplanes Magazine
  • Associazione culturale 4° Stormo Gorizia
  • Aviopress
  • Decimomannu airbase
  • Flightstats
  • Google Globetrotting
  • Great Circle Mapper
  • Hackmageddon
  • Military Aviation Blog
  • My pics on A.net
  • My pics on JetPhotos.net
  • SAF 21 a website dedicated to the Contemporary Swiss Air Force
  • Scramble
  • Wings over Iraq

• Resources

  • 
  • Aviationintel.com
  • Flight24.com
  • Flightradar24
  • 
  • Information Dissemination
  • LiveATC.net
  • Mil Mode S
  • Mysteryship
  • Planefinder

• On Air

  Click on the thumbnails below to watch the videos of my TV interviews:

  

  

  

• Comments policy

  Visitors can add a comment to every post in the blog. However a few rules must be followed:
  Comments must be signed: Anonymous comments will no longer be accepted. You can use your initials or a nickname, but email addresses are required for commenting even if they will not be published on the blog, nor shared. Comments without email address will not be approved.
  Language and Manners: you can criticize posts and articles in this blog, but comments which include offensive or inappropriate language, or considered by the blog owner to be rude and offensive, will be edited or deleted. Play nice.
  How the Author will respond: comments on this blog will only be responded to in direct response to the blog comment. If you need a private reply by the author, send him an email.
  Blocked Commenters: Anyone who violates this Comments Policy may be blocked from future access and/or commenting on this blog.
  All Rights Reserved: The blog author reserves the right to edit, delete, move, or mark as spam any and all comments. He also has the right to block access to any one or group from commenting or from the entire blog.
  Hold Harmless: All comments within this blog are the responsibility of the commenter, not the blog owner. By submitting a comment on this blog, you agree that the comment content is your own, and to hold this site and Author harmless from any and all repercussions, damages, or liability.
  

• OPSec compliant site

  "Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information" (Wiki).
  Hence, OPSec is to mil ops what, more generally speaking, INFOSec is to information (and information systems). Learn more about INFOSec and its impact on mil operations by visiting the Information Securitysection of this site.
  As a journalist belonging to the Italian Journalists Society (Ordine dei Giornalisti) all the information and reports in this site are provided in accordance with a code of ethics based on the freedom of information right (ratified also by the Italian Constitution and made a right of every person by the Universal Declaration of Human Rights and the European Convention for the Protection of Human Rights and Fundamental Freedoms) that takes into proper consideration OPSec implications and sensitiveness of information. Details on which is deemed sensitive in nature is edited, limited or postponedly published; all the information published on this site are carefully checked and were obtained by interviews, researches, studies and analysis of material whose publication was implicitly or explicitly authorized and/or is in the public domain.
  

  
  

  

  

  

• The policy on this site is to credit all images with known sources and to ask specific permission from the original owners of content. The credit and the link should be within the text. If you see an image that you'd like to remove for any reason, or to correct the attribution info - or if you know the source for the "original unknown" images - please send me an email with as much details as possible. When possible, also contents in the Public Domain will be credited. Please consider that all the external contents and images used within a post in this blog are used within the fair use doctrine that allows limited use of copyrighted material without requiring permission from the rights holders for analysis, news reports, studies, etc.
  

• © David Cenciotti

  Contents of this blog/website may not be used withour author's prior written permission. All rights reserved.

• Feeds

• Full
• Comments