[Infographic] U.S. new raids, drone attacks target review process May 24, 2012
Posted by David Cenciotti in Drones, Military Aviation.Tags: Barack Obama, Drone attacks, Homeland Security, John O. Brennan, Pentagon, United States Department of State, White House
1 comment so far
The Associated Press has recently published the first detailed description of the once classified military’s review process for choosing terror leaders to be added to the capture or kill list.
Two current and three former officials U.S. officials spoke on condition of anonymity to the AP and described the current targeting procedure, developed by the Assistant to the President of the U.S. for Homeland Security John Brennan, that concentrates power over the use of both drones and special forces outside war zones, withinin a small White House’s team.
According to the U.S. officials, the Pentagon’s role in targeting process has been minimized: it can still carry out its own procedures to make recommendations to the Secretary of Defense, but the Brennan’s team would be in charge of approving the final recommendation to Obama.
[Read also: The mysterious U.S. F-15E Strike Eagle detachment in Djibouti. Are they conducting covert air strikes in Yemen?]
Previously, targets were reviewed within a military-run procedure that saw Brennan as just one of the voices in the debate. Under the new plan, Brennan’s staff leads the debate on which targets must be put on the list and runs the names past agencies such as the State Department at a weekly White House meeting.
Since Brennan is still the one to approve the final recommendation to President Barack Obama, there’s a widespread concern that bringing more power to his team could turn it into a sort of military headquarters, entrusting the fate of terrorist targets all around the world to a small number of senior officials.
[Read also: Covert US drone operations tracked in real time, via Twitter. Exposing tactics too.]
Several human rights groups have requested the White House to make public the process by which individuals end up on the targeting lists and the revelation by the officials who have spoken to the AP could help showing the American public that terrorist targets are chosen only after painstaking and exhaustive debate.
This could be particularly useful in an election year, when drone strikes across the globe can be a quite sensitive debating point.
The above image is a modified version of an AP infographic released on May 21
Like this:
What is a Cyber Weapon? April 22, 2012
Posted by David Cenciotti in Information Security, Information Warfare.Tags: Cyberspace, Cyberwarfare, Denial-of-service attack, Government of the People's Republic of China, Information Security, Pentagon, Stuxnet, Weapon
1 comment so far
We’ve been taking about Militarisation of cyberspace for some time now. This interesting article by Hackmageddon.com provides a model to classify cyber weapons in accordance with four parameters: Precision, Intrusion, Visibility, and Easiness to Implement. Based on these parameters, cyber threats can be compared to smart bombs, handguns, traditional bombs and paintball pistols. Read below to discover why.
What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, he would probably be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).
A real paradox in the same days in which The Pentagon, following the Japanese Example, has unveiled its new strategy aimed to dramatically accelerate the development of new Cyber Weapons. And do not think these are isolated, fashion-driven examples (other nations are approaching the same strategy), but rather consider them real needs in the post-Stuxnet age, an age in which more and more government are moving their armies to the fifth domain of war [you will probably remember the (in)famous episode, when F-Secure was able to discover Chinese Government launching online attacks against unidentified U.S. Targets].
Recently Stefano Mele, a friend and a colleague of the Italian Security Professional Group, tried to give an answer to this question in his paper (so far only in Italian but it will be soon translated in English) where he analyzes Cyber Weapons from a legal and strategical perspective.
As he points out “Correctly defining the concept of Cyber Weapon, thus giving a definition also in law, is an urgent and unavoidable task, for being able to assess both the level of threat deriving from a cyber attack, and the consequent political and legal responsibilities attributable to those who performed it”. Maybe this phrase encloses the reason why a coherent definition has not been given so far: a cyber weapon is not only a technological concept, but rather hides behind its complex juridical implications.
According to Stefano’s definition: a cyber weapon is:
A device or any set of computer instructions intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs therein contained or thereto relevant, or even intended to facilitate the interruption, total or partial, or alteration of its operation.
One could probably argue whether a cyber weapon must necessarily generate physical damages or not, in which case, probably, Stuxnet, would be the one, so far, to encompass all the requirements. In any case, from my point of view, I believe the effects of a cyber weapon should be evaluated from its domain of relevance, the cyberspace, with the possibility to cross the virtual boundaries and extend to the real world (Stuxnet is a clear example of this, since it inflicted serious damages to Iranian Nuclear Plants, including large-scale accidents and loss of lifes).
With this idea in mind, I tried to build a model to classify the cyber weapons according to four parameters: Precision (that is the capability to target only the specific objective and reduce collateral damages), Intrusion (that is the level of penetration inside the target), Visibility (that is the capability to be undetected), and Easiness to Implement (a measure of the resource needed to develop the specific cyber weapon). The results, ranging from paintball pistols to smart bombs, are summarized in the below chart.
Related articles
- What are Cyber-Weapons? (cyberarms.wordpress.com)
- Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry (theaviationist.com)
- Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry (hackmageddon.com)
- Drones used as Proxies to get around ISP blocking and law enforcement: Predator’s to add server payload? (theaviationist.com)
- After latest F-35 hack, Lockheed Martin, BAe Systems, Elbit under multiple cyber attacks….right now. (theaviationist.com)
The ninth minute barrier: Pentagon releases Falcon Hypersonic Technology Vehicle 2 failed test report. April 21, 2012
Posted by David Cenciotti in Military Aviation, Space.Tags: DARPA, DARPA Falcon Project, Hypersonic Technology Vehicle 2, Kwajalein Atoll, Mach number, Pentagon, Vandenberg Air Force Base
add a comment
With a statement released on Apr. 20, Defense Advanced Research Projects Agency said that Mar. 20 failed test was (unsurprisingly) caused by the extremely high speeds.
Launched from Vandenberg Air Force Base, California, the Falcon Hypersonic Technology Vehicle 2 (HTV-2) was expected to travel westward for about 30 minutes before plunging into the ocean near Kwajalein Atoll, some 4,000 miles from departure, after a test flight aimed to test new technology that could boost the Pentagon’s strike power.
However, nine minutes into the test flight, after demonstrating “stable aerodynamically-controlled flight” at speeds up to Mach 20, something went wrong.
As the aircraft travelled nearly 13,000 miles per hour in the higher parts of the atmosphere, larger than expected portions of the Falcon’s skin peeled from the aerostructure. The resulting gaps created strong, impulsive shock waves around the vehicle causing the vehicle to roll abruptly with continued disturbances that exceeded the HTV-2 ability to recover stability.
Such anomaly prompted the flight safety system to opt the vehicle’s aerodynamic systems to perform a controlled descent and splashdown in the ocean.
“The initial shockwave disturbances experienced during second flight, from which the vehicle was able to recover and continue controlled flight, exceeded by more than 100 times what the vehicle was designed to withstand,” said DARPA Acting Director, Kaigham J. Gabriel. “That’s a major validation that we’re advancing our understanding of aerodynamic control for hypersonic flight.”
Image credit: DARPA
Mar. 20 failed test was the third such tests for the Falcon. The first HTV-2 flight was conducted on Apr. 22, 2010 and lasted less than expected. Quite weirdly, nine minutes into the mission (just like in the 2012 test) the onboard systems detected an unsafe flight attitude and the vehicle was forced to descend directly into the ocean.
On Aug. 11, 2011, the HTV-2 flew its second test flight, but it lost contact about nine minutes into its planned 30-minute Mach 20 ride and it purposedly impacted the Pacific Ocean along its planned flight path for safety reasons.
As the analysis of the test flights suggests, something wrong happens nine minutes into the flight causing it to end prematurely, as if the vehicle reaches temperatures and aerodynamic conditions that are still difficult to manage: something that reminds that virtual “sound barrier” jet planes had to break to reach Mach 1 in the ’40s.
Anyway, “the result of these findings is a profound advancement in understanding the areas we need to focus on to advance aerothermal structures for future hypersonic vehicles. Only actual flight data could have revealed this to us” DARPA said.
Nevertheless no more test flights are expected for the HTV-2.
The hypersonic strike vehicle the Pentagon dreams of, capable to fly from New York City and Los Angeles in less than 12 minutes, is still far from becoming a reality.
B-2 stealth bomber to get 2 billion dollar upgrades. Including a new email system. April 4, 2012
Posted by Richard Clements in Military Aviation.Tags: Air Force, B-2, BAe Systems, Military Aviation, Northrop Grumman, Northrop Grumman B-2 Spirit, Pentagon, United States Air Force, US Air Force, whiteman afb missouri, Whiteman Air Force Base
2 comments
It was announced recently that the U.S. Air Force is to move forward with a ten year +2 billion USD upgrade to the fleet of 21 B-2s; an upgrade of the communications systems.
The B-2 started rolling off Northrop Grumman’s production line during the ’80s and some of the systems are now getting rather long in the tooth with parts becoming rather hard to come by.
In an Air Force Times article Col. Rob Spalding of the 509th Bomb Wing based at Whiteman Air Force Base, Missouri, said “It’s the biggest and most complex update of the B-2 in its history.”
Spalding himself said that parts are becoming scarcely available and that technicians at Whiteman have come up with their own upgrades and goes on to describe a system called AP2 which allows ground based commanders the ability to send email to the crew. The older system relied on a laptop perched on a swivelling stand between the pilots; the new system, which holds the screens at the pilots shoulder, is upgradable as new technologies come along.
In another sign of the need to upgrade the B-2 Northrop Grumman announced it has awarded a contract to BAE Systems to replace all of the analogue systems with digital systems, although the size of the contract and what is actually being upgraded was understandably withheld.
The surprising statistic is that the oldest air frame has only 5,000 flight hours, not bad when the fact that the B-2 has been involved in every conflict since the NATO bombing of Serbia in the 1999 Kosovo war.
It is a sign of the high regard the B-2 enjoys within the higher ranks of the Air Force and the Pentagon, that in these times of budget cuts and other force reductions, this rather unique weapons system is being upgraded.
Or a sign that the Spirit must get a new email system prior to be involved in a war against Iran.
Richard Clements for TheAviationist.com
Image credit: U.S. Air Force
Related articles
- USAF to get upgraded Bunker Buster (while developing new tactics to reach buried nuke sites) (theaviationist.com)
Like this:
Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry February 21, 2012
Posted by Paolo Passeri in Information Security.Tags: Boeing 787 Dreamliner, China, Creech Air Force Base, Cyber Attacks Timeline, Cyberwar, Cyberwarfare, drone, F-35 Joint Strike Fighter, F-35 Lightning II, Hacking, Information Security, Iran, Jaxa, Joint Strike Fighter, JSF, L-3, L-3 Communications, Lockheed Martin, Lockheed Martin RQ-170 Sentinel, Malware, McAfee, Mitsubishi Heavy Industries, Northrop Grumman, Pentagon, RQ-170, RSA, SecurID, Sophos, Trend Micro, Virus
add a comment
2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).
But, if Information Security professionals are quite familiar with the idea that military contractors are primary and preferred targets of the current Cyberwar as the following infographic shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting the multirole Joint Strike Fighter is still something hard to accept.
However, things are about change dramatically. And quickly.
The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.
For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.
Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.
As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.
Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.
While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.
Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.
Global Hawk: Northrop Grumman launches campaign to save program. On Twitter. January 29, 2012
Posted by Richard Clements in Drones, Military Aviation.Tags: Aviation, Global Hawk, Military avaition news, Northrop Grumman, Northrop Grumman RQ-4 Global Hawk, Pentagon, Rq-4
add a comment
The Aviationist wrote a post the other day relating to the fact that industry insiders had leaked that the Pentagon was planning on cancelling the whole Global Hawk program not only not buying any further aircraft but to retire the fleet they already have.
This would actually appear to be true going by some of the unusual tweets posted by Northrop Grumman itself. In one, the company announced that they had been loaning parts for the U-2 program surveillance sensors to keep those aircraft in the air. They have also tweeted a link to a website urging visitors to lobby their member of congress, even having a box for the visitor to fill in their zip code so they could work out who that person is. If you would like to take a look at this website please look here.
All very unusual actvities, suggesting that this isn’t the last we have heard of this.
Northrop Grumman did release the following media statement on the Jan.26:
“The Pentagon announced today that it is planning to cancel the Global Hawk Block 30 program and plans to perform this mission with the U-2 aircraft. Northrop Grumman is disappointed with the Pentagon’s decision, and plans to work with the Pentagon to assess alternatives to program termination.
“The Global Hawk program has demonstrated its utility in U.S. military operations in Iraq, Afghanistan and Libya, as well as its utility in humanitarian operations in Japan and Haiti. Just a few months ago, the Pentagon published an acquisition decision memorandum regarding Global Hawk Block 30 that stated: ‘The continuation of the program is essential to the national security… there are no alternatives to the program which will provide acceptable capability to meet the joint military requirement at less cost.’
“Global Hawk is the modern solution to providing surveillance. It provides long duration persistent surveillance, and collects information using multiple sensors on the platform. In contrast, the aging U-2 program, first introduced in the 1950s, places pilots in danger, has limited flight duration, and provides limited sensor capacity. Extending the U-2′s service life also represents additional investment requirements for that program.
“Northrop Grumman is committed to working with our customers to provide the best solutions for our country and our allies. We are pleased with the continuing support for the Global Hawk Block 40 system, as well as for the Navy’s Broad Area Maritime Surveillance system and our other unmanned systems.”
It’s looking like North Grumman is going to fight this tooth and nail to try and reverse this decision.
Richard Clements for TheAviationist.com
RQ-4 Global Hawk in shock cancellation news: old planes better than new? January 27, 2012
Posted by Richard Clements in Drones, Military Aviation.Tags: Airbus, Airbus 380, Aviation, Dragon Lady, drone, Global Hawk, Military Aviation, Northrop Grumman, Northrop Grumman RQ-4 Global Hawk, Pentagon, U-2, United States Air Force, US Air Force
1 comment so far
Is new better than old?
It would seem not. Industry insiders have leaked that the Pentagon is to cancel the RQ-4 Global Hawk program not just stopping buying new aircraft but to retire the Air Force active fleet, in favor of keeping the U-2 flying into 2020.
Air force times writer Dave Majumdar wrote: “The Air Force had been planning to buy 42 Block 30 aircraft. According to 2011 budget documents, the cost of each aircraft was around $215 million. It was not immediately clear how many Global Hawks the Air Force has.”
The aircraft is being killed off due to its high cost to buy and to maintain; also the program hasn’t lived up to its early promise. A knowledgeable industry insider confirmed the project cancellation and said “Yes, this is accurate — been a lot of discussion on the possibility of this a long while,” said the source, who was not authorized to speak to the media. “There is a high probability it will come to pass now unless Congress takes a major exception.”
The industry source also said “I don’t think that’s likely in the economic environment of this year’s DoD budget, and there are no real ‘hawks’ in Congress from California,” he said. The aircraft is both built and based in the Golden State.
Majumdar said that Northrop Grumman declined to comment whilst Air Force officials would neither deny nor confirm the reports.
Oddly the US Navy is going to keep its version of the aircraft therefore keeping the option open that it could, if needed, be used by the air force.
Surely, Global Hawk has not enjoyed the best of safety records with three prototypes lost and a failure rate much higher than many manned planes facing lethal threats in combat.
However, the U.S. RQ-4Bs belonging to the 9th Operations Group/Detachment 4th of the U.S. Air Force, based at NAS Sigonella, in Sicily, the base of the NATO AGS (Air Ground Surveillance) Global Hawk program were the first drones to operate in the Libyan airspace where they performed high altitude Battle Damage Assessment sorties.
Anyway, all of this is good news for the U-2, a 50 year old program that has ironed out all its techncal issues many years ago.
Affectionately known as “Dragon Lady”, the U-2 entered service in 1957. Since then, it has undergone many upgrades and has become a relatively cheap viable platform during these harsh economic times. In what would normally be the types twilight years, a breath of fresh air has been breathed over the majestic old ‘Lady’ which will see the type in service for more years to come.
Actually, it has been a bad week for other new or recent aircraft types too.
Another rather embarrasing news (this time for Airbus) is that further cracks have been found in the wings of its much lauded A380 “Superjumbo”, after the famous uncontained engine failure of Nov. 4, 2010. Airbus did tweet “For those following reports on A380 wing rib findings we confirm inspection & repair process underway and aircraft are safe to fly”: a damage limitation message by the company’s PR rather than a reassuring statement.
The apparent win of obsolete technology on newer, supposed to replace it, does pose the usual question: are modern aircraft too complex?
One thing is sure: you can’t compare new planes with older types. Even if there can be programs free from major problems during their whole lifetime and much troubled ones, facing myriad issues since their birth, generally speaking, those that have survived for 3, 4 or 5 decades and are still flying today, were probably properly designed, maintained, fixed and upgraded during their career. So they are today much more reliable than those integrating cutting edge experimental technologies.
Written with The Aviationist’s Editor David Cenciotti
Above image: U.S. Air Force
F-35: flying on phased out fuel or programmed by a videogame freak? January 23, 2012
Posted by David Cenciotti in F-35.Tags: Air BP, Glass cockpit, Joint Strike Fighter, JP-4, JP-8, Lockheed Martin, Lockheed Martin F-35 Lightning II, Military Aviation, Pentagon
1 comment so far
Soon after publishing the article about the “F-35 from the Cockpit” I’ve received some emails and comments about an interesting thing readers have noticed in one of the webminar slides used to show the Joint Strike Fighter glass cockpit’s symbology.
As the following image seems to suggest, the most advanced 5th generation combat plane, integrating the best stealth technologies, full sensor fusion and a futuristic X-ray-like capable helmet, flies on JP-4 fuel, a dangerous kind of propellant, quick to ignite and explode, that was largely used from 1951 to 1996, when it was phased out and replaced by the safer, kerosene-based, JP-8.
Image: Lockeed Martin (highlight mine)
As explained in the website of Air BP (“the specialised aviation division of BP, providing fuels, lubricants & services to our customers in over 50 countries worldwide”):
although JP-8 has replaced JP-4 in most every case, the potential need for JP-4 under emergency situations necessitates maintaining this grade in specifications MIL-DTL-5624 and Defence Standard 91-88.
However, unless the JP-4 was/is used for testing purposes, it is quite strange that while some combat planes are beginning to perform test flights on eco-friendly biofuel or synthetic fuel, the F-35 is flying on a type of jet propellant presumed to be phased-out or used only in emergency situations.
Unless, the F-35′s glass cockpit symbology, so “user friendly” to remind some early flight simulator games, was not only designed for a “videogame freak” as test pilots said during the webminar, but also by someone who used to play with arcade games with some simulation elements (as F/A-18 Interceptor or F-19 Stealth Fighter) in the ’90s, when the JP-4 was still in use :)
F-35B Finally on track? January 22, 2012
Posted by Richard Clements in F-35, Military Aviation.Tags: Aviation News, F-35, Lockheed Martin F-35 Lightning II, Panetta, Pentagon, STOVL, United States Secretary of Defense
add a comment
Defense Secretary Leon E. Panetta visited NAS Patuxent River on Jan. 20 and announced the STOVL (Short Take Off Vertical Landing) version of the F-35 Joint Strike Fighter has been taken off probation.
“We need to make sure we are on the cutting edge” said Panetta when describing the Pentagon’s next generation war fighting technology which is to include the F-35 program.
The sigh of relief must have been palpable from the offices of Lockheed Martin after several tough dark years in which it looked in all probability that the STOVL (Short take off vertical landing) version was going to be scrapped after technical issue after technical issue along with massive cost over runs put the version at risk. The F-35B is a monumentally complex aircraft due to its remit of being stealthy and being able to operate from the back of a ship or from rough airstrips, but as Panetta himself stated that the F-35 was “absolutely vital to maintaining our air superiority,” but cautioned that it was important “to get this right.”
After hearing Panetta’s announcement Gen. James F. Amos, the Marine Corps commandant, made a statement in which he stated ““I welcome the secretary of defense’s announcement removing the F-35B Lightning II from ‘probation’ and granting it full status commensurate with the other two variants of the Joint Strike Fighter,” General Amos said. “I continue to be encouraged by the strong and steady progress that the F-35B team has made over the past year.”
With the survival of the STOVL variant the USMC can keep up with their plan to equip with a fixed wing aircraft their LHA (Landing Helicopter Assault) and LHD (Landing Helicopter Dock) to support a MEU (Marine Expeditionary Unit) in regional crisis. Moreover, the F-35B is expected to replace also the service’s F/A-18s to cover the full spectrum of modern warfare scenarios with their own resources.
Other program partners may have welcome the news that the F-35B was lifted from probation. Among them, the Italian Navy that needs the STOVL variant for the Cavour aircraft carrier. According to the original plan, 20 are supposed to be delivered to the Marina Militare as Harrier replacement, whereas the Italian Air Force was interested in some B planes to replace the AMX light bomber.
However, the initial plan will have to be revised as a consequence of the Defense budget review that the new Monti technocratic cabinet is about to lauch. Even if some political forces are urging the new Defense Minister Di Paola to quit the program and to renounce to the planned 131 examples, a cut is a more plausible hypothesis.
Although the final outcome of the Defense budget review is unpredictable a likely scenario sees the Italian Air Force receiving about 80 F-35s (A and B variants) and the Navy 20 F-35B STOVL (Short Take Off Vertical Landing) combat planes.
Anyway, it now looks like Lockheed Martin has finally turned a corner with regards to this very challenging project. As The Aviationist has already reported the other day following the Lockheed Martin F-35 webminar, the arrestor hook issue suffered by the ‘C’ variant was a minor problem and has been fixed and LM is awaiting the opportunity to test the new design out.
Historically the F-35 isn’t on its own with teething problems, the S-3 Viking springs to mind with its ejector seat issues for rear cabin aircrew that went on to a long and distinguished Naval career, the F-35 Lightning II will follow in its footsteps.
Written with The Aviationist’s Editor David Cenciotti
Related articles
- F-35 targeted in potential military cuts. If Italy quits, will the stealth plane ever be affordable? (theaviationist.com)
- Joint Strike Fighter Test Report Shows Heightened Problems with F-35B and Risks of Excessive Concurrency (pogoblog.typepad.com)
- KC-130J: a tactical gas station in the sky. Serving fighters, bombers, choppers. And maybe even F-35s sometime in the future. (theaviationist.com)
Lockheed’s SecurID Breach Also Threatens Online Banking June 16, 2011
Posted by David Cenciotti in Information Security, Information Warfare.Tags: AES cypher, Cyber War, EMC Corporation, F-35, Homeland Security, Information Security, Information Warfare, Joint Strike Fighter, JSF, L-3, One Time Password, OTP, Pentagon, pin code, RSA, RSA Breach, SecurID
add a comment
The same type of attack used recently to get around security measures at Lockheed Martin, and possibly other defense contractors as well, could also be used to hack international banking services, security experts say.
That’s because both the defense and banking industries rely heavily on RSA’s SecurID tokens, 40 million of which are in use around the world.
Small businesses and private users use SecurID tokens to access online banking services, while large corporations use them to authenticate employees who need to remotely or locally access internal networks and resources.
SecurID devices are small, tamper-resistant tokens that generate numeric codes every 30 or 60 seconds. The complex cryptographic algorithm combines three inputs: the token’s serial number, the internal seed (a secret key hard-coded in the token) and absolute computer time (which counts seconds from January 1, 1970 and never repeats).
The same computation is performed by the authentication server, which compares its code with the one provided by the user. If they correspond, the user is granted access.
The seemingly random sequences of numbers generated by SecurID tokens are technically called OTPs (One Time Passwords) — they can be used only once and expire even if never used.
An OTP can’t be modified, changed or altered, and a SecurID token can’t be fixed, opened or reprogrammed. If it’s compromised, a SecurID token must be replaced.
These tokens can also exist as software applications installed on a PC or a smartphone to perform the same function.
Theoretically, the physical possession of the token, PC or smartphone ensures the security of the authentication mechanism. The only circumstance under which an attacker could clone the token (and it would take some time) would be if seeds and token serial numbers had been stolen.
Unfortunately, that’s exactly what seems to have happened.
“On March 17, 2011, RSA, the security division of EMC Corporation, one of the most important players in the IT security market, publicly announced that information that could be used to reduce the effectiveness of their SecurID authentication implementation was compromised,” explained Paolo Passeri, an ICT (Information and Communication Technology) Security expert based in Rome, Italy.
Passeri was among the first to understand that the RSA security breach could be used to attack EMC Security Division’s corporate clients using SecurID tokens.
Two months later, Lockheed Martin, one of the world’s largest suppliers of military hardware to the U.S. and other countries, announced it had suffered a network intrusion. Lockheed Martin disabled all remote access to its internal networks and said it would replace every one of its RSA SecurID tokens – and that RSA would pay the replacement costs.
“Since the information stolen from RSA, alone, could not be used to successfully clone the tokens, in order to perpetrate the attacks, the hackers must have used keylogger malware and phishing campaigns to get the missing pieces of the puzzle (usernames and PINs — personal identification numbers),” Passeri surmised.
In fact, RSA has not publicly disclosed what was taken from its servers in March (it will tell only existing clients who sign a non-disclosure agreement), and Lockheed Martin has not said if or how its attackers had usernames or passwords.
But the problems for defense contractors may have just begun.
….
[Read the rest of my article on Tech News Daily]
