Middle East Cyber War: Revenge Of The Drones April 23, 2012Posted by Paolo Passeri in : Information Security , 4comments
In the same hours in which I was publishing my post on Cyber Weapons, news agencies all around the world have begun to release (few) details about a new alleged Cyber Attack targeting the Iranian Oil Ministry, the National Iranian Oil Company and several other state-owned businesses.
The attack has been confirmed by a spokesman of the Iranian Oil Ministry, who also stressed that critical data have not been damaged or lost in the attack. Anyway, as a consequence of the Cyber Attack albeit as a precaution Internet access to several oil refineries has been cut off.
Of course Iran is not new to Cyber Attacks targeting Critical Infrastructures (do you remember Stuxnet and the possible hoax of
Duqu Stars?), in any case it is too soon to draw any connection with Stuxnet or any other kind of State-Sponsored Attack, even because, according to the scant information available, only a server providing public information has been harmed.
Probably this malware has nothing to deal with cyber weapons but, just for fun, I cannot help but notice that this alleged Cyber Attack came in the same day in which, among many doubts, Iran has announced to have reverse-engineered the U.S. stealthy RQ-170 Sentinel drone captured by Iran in December 2011.
The revenge of the reverse-engineered drone?
[tweet https://twitter.com/paulsparrows/status/194494174488313856 align='center']
Obviously it’s ironic, but what if the drone was actually a Trojan horse?
The mysterious hatch possibly housing a recovery chute. Image courtesy: Dave Krakow
- What is a Cyber Weapon? (theaviationist.com)
- Iran claims it has decoded the U.S. stealthy RQ-170 Drone Intel but provides unsubstantiated evidence to prove it. (theaviationist.com)
U.S. drones and spyplanes involved in information gathering missions over Syria. As in Libya one year ago. More or less… February 21, 2012Posted by David Cenciotti in : Drones, Syria , 1 comment so far
More or less one year ago, we were observing an increasing activity of U.S., British, French and Italian military spy planes perfoming information gathering missions along the northern border of the Tripoli FIR (Flight Information Region).
Quite silently, those SIGINT (SIGnal INTelligence) platforms flew in the Maltese airspace to eavesdrop into Libyan communications and signals and to collect the information needed to build up the so-called EOB (Electronic Order of Battle) of the Libyan forces, that would be used to have a better understanding of the situation in Libya, to know where forces were located and to build up a priority target list for the subsequent air campaign.
Presumed to remain (almost) secret, those flights were actually “advertised” by LiveATC.net, whose Maltese feeder (shut down during the war) made the radio communications between Malta Area Control Center and the various EP-3s, RC-135 Rivet Joint, C-160G, British Nimrods R1s etc. transiting the local airspace before operating in “due regard”, public.
Although nowadays we can’t listen to the radio comms of the military traffic in that area as we did in February 2011 and we don’t have the same “evidences” we had one year ago, we can be quite confident that similar activities are being conducted in or around Syria from bases in Italy, Turkey or Cyprus (RAF Akrotiri airbase).
Along with the satellite image released by the US Embassy in Damascus some American defense officials told the NBC that “A good number of American drones are operating in the skies of Syria, monitoring the Syrian military’s attacks against opposition forces and innocent civilians alike”.
The Pentagon was quick to point out that these drones were providing surveillance not for a future military intervention but to gain evidence from both a visual and communications perspective to “make a case for a widespread international response”.
However, the confirmation that U.S. robots are flying inside the Syrian territory does pose the question: what type of drone are being used?
Most media outlets are using stock images of Predator or Reaper drones, but those unstealthy ‘bots would be vulnerable to the Syria SAM (Surface to Air Missile) network, believed to be among Middle East’s most robust ones. Both MQ-1 and 9 are Medium Altitude drones that could be operating in Syria only if flying outside the range of active SAM rings.
Hence, its conceivable that most ISR (Intelligence Surveillance and Reconnaissance) missions in the area are being flown by High Altitude platforms, as Air Force’s Global Hawks or U-2s (or even stealthy RQ-170s, as the one captured in Iran).
Even if Sigonella in Sicily, hosts the U.S. RQ-4Bs belonging to the 9th Operations Group/Detachment 4th, Incirlik in southern Turkey, being next to the border, seems to be more suitable for spy missions in Syria. Missions that these days could be aimed at assessing the type of activities conducted by the destroyer Shahid Qandi and the supply vessel Kharg, the two Iranian warships that have docked at the Syrian port of Tartus after passing through the Suez canal.
In fact Egyptian sources as well as members of the Syrian opposition claimed that the two vessels have been jamming satellite telephone communications of the Syrian opposition forces.
According to the same Egyptian sources, Assad’s forces have been finding it more difficult to monitor the oppositors’ communication due to their encrypted nature and someone believes that the Iranian Navy is helping him disrupting these encrypted communications.
A bit far fetched, considered that a land based systems would be less visible than two closely watched warships, but not completely impossible.
Worth a mention: an Israeli drone was spotted overflying clashes in Homs.
Anyway, the scenario is similar to the Libya of the end of February 2011. With the only difference that one year ago, the spyplanes did not fly into the “enemy” airspace.
Richard Clements has contributed to this article.
Image credit: U.S. Air Force
- Top military aviation stories of 2011: drones up and downs, stealth projects exposed and Libya’s 7-month-long war. (theaviationist.com)
- Iranian Warships Dock in Syria, Spark Global Interest (newsy.com)
- Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry (theaviationist.com)
Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry February 21, 2012Posted by Paolo Passeri in : Information Security , add a comment
2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).
But, if Information Security professionals are quite familiar with the idea that military contractors are primary and preferred targets of the current Cyberwar as the following infographic shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting the multirole Joint Strike Fighter is still something hard to accept.
However, things are about change dramatically. And quickly.
The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.
For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.
Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.
As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.
Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.
While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.
Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.China, Drones , add a comment
As has been widely reported it is no secret that China is trying to acquire stealth technology for use in their indigenous aircraft program. It was only last year that photo’s and video of the J-20 started to appear on the internet. It was clear that China had made advances into the dark art of stealth technology, although first radar evading tech dates back to about 40 years ago. What was interesting was that the J-20 did not posses the angular lines of the Nighthawk but the more rounded curves of the B-2 or Raptor, it was clear a lot of work had been done behind closed doors for the Chinese scientists.
Another area that Chinese designers have made advances in is that of UAV’s (unmanned aerial vehicles) or UAS (unmanned aerial systems). Rumours started in 2007 when, during the Paris Air show, China displayed the ‘Dark Sword’ concept.
The Dark Sword clearly had a very low RCS (Radar Cross Section) and showed the way Chinese designers were going in their work. It has appeared several times since then, indicating that this might not just be a concept but could be something that becomes reality in the future.
At the end of 2011 photos started emerging from China of a new Stealth UCAV/UAV dubbed the “Wind Blade” that features a blended wing design with long slim wings with “Sharklets” and an engine intake at the front and above the wing-like body. The overall design would lean towards a high altitude surveillance platform and going by reports it was designed by students from the Shenyang University which happens to be connected to one of China’s largest aircraft producers. Although the aircraft in the photo is a scale model it’s not clear how old the photo is, so it could be conceivable that there is now a full-scale version.
China does have several non stealthy UAVs too.
There is the SOAR Dragon which looks very similar to the Global Hawk although it has swept wings and the tail plane joins with the main wing and from the photo’s below appears to have radar absorbing paint. What is interesting in these photo’s is that the aircraft is in an advanced state of completion and looks to be being painted.
All images source: Chinese Internet
There are videos of a hybrid Predator – Global Hawk look-alike doing fast taxis down an unknown runway. The drone seems to be in an advanced state of testing meaning this could now be in a flyable position.
Analysts are divided as to where Chinese scientists are with UAV development. Based on the designs that are being displayed, the designers could have mastered stealthy shapes and the complexities of controlling the UAV. There are even reports that the Chinese are testing small-scale UAV’s for automated carrier landings.
Where most analysts agree is that China does not have the infrastructure to have a UAV reach outside of Chinese airspace and even within Chinese borders the signals are unreliable.
Maybe some of the radio/satellite link equipment, as well as internal memories, circuitry, lenses, and sensors contained in the RQ-170 Sentinel captured by Iran could be somehow helpful cause they can be evaluated, tested and copied. And, maybe, improved.
China is still a fair few years away from having a true global UAV reach which will require a lot of space systems investment to be able to achieve this. However there is one thing for sure, it will happen at some point in the future.
Richard Clements for TheAviationist.com
Never seen before pictures: Iran's (blue-colored) Sayyad-2 anti-aircraft missile exposed January 4, 2012Posted by David Cenciotti in : Iran, Military Aviation , 6comments
Since a U.S. RQ-170 Sentinel drone was captured in Iran on Dec. 4, 2011, I’ve been a frequent visitor of Iranian news agencies, State TV and newspapers websites.
This semi-official sources have provided an interesting variety of images and videos about Iran’s military. Not only the famous photographs of the “Beast of Kandahar” and the doctored video allegedly showing the American drone landing at an Iranian airbase, but also the footage of the U.S. aircraft carrier Stennis cruising near the Strait of Hormuz, and a funny model of a Hondajet plane advertised as Tehran’s new surveillance drone.
Today, what I’ve found on the IRG website is not a photoshopped image, or a video whose authenticity is debatable, but some really interesting and genuine (at least at first glance) photographs of the Sayyad-2 anti-aircraft missile system at work.
The Sayyad-2 is an improved (and probably outwardly much similar, if not identical) version of the Sayyad-1 missile, an Iranian indigenized system of a Chinese development of the Russian S-75 (SA-2 “Guideline” in NATO designation – yes, the SAM system that brought down Francis Gary Powers and his U-2 in 1960).
The existence of this surface-to-air missile system, that according to the most authoritative sources also integrates North Korean technology, was made public in April 2011, but the one just published are, to my knowledge, the first images of the Sayyad 2 being test-fired available on the web.
According to the IRG website, the photographs were taken during “Great Prophet 6″, an exercise that took place at the end of April, and included the test launching of the Shahab-1, Shahab-2 and Shahab-3 and Zelzal missiles.
Since then, the Sayyad has been deployed in all air-defense units across Iran. Hence, it is one of the SAM systems any U.S. or Israeli plane (either stealth or not) will have to face in case of future attack (provided that some sort of covert war on Tehran nuclear program has not started yet).
As said, the latest Iranian SAM system is a modified version of the Sayyad-1, a two-staged air defense missile capable to destroy targets with a low Radar Cross Section (RCS) flying at low, medium and very high altitude (with a claimed ceiling of 80,000 feet).
According to the data contained in a FARS news agency article published last year, the Sayyad-2 travels at 3,600 km/h (2,500 mph), has a range of 80-100 km, includes ECCM (Electronic Counter-Counter Measures) equipment and carries a 200-kilogram warhead.
And, as images show, it is colored in light-blue, a bit flashy/naive for a SAM missile that should try to remain unvisible for as long as possible.
By the way, according to the EXIF data, pictures were taken on Apr. 15 and Jun. 6, 2011.
Image source: sepahnews.com