A new report highlights the risks of ADS-B transponders. But it focuses on technology rather than operation security.
We have been writing about this topic since 2011. As most of our readers already know by now, Flightradar24 and PlaneFinder are two famous Web-based services that let anyone who has an Internet access on their computer, laptop or smartphone, track flights in real-time.
Aviation enthusiasts and geeks, journalists but also curious people use these portals to get details about civil and military flights all around the world.
The ADS-B system uses a special transponder that autonomously broadcasts data from the aircraft’s on-board navigation systems about its GPS-calculated position, altitude and flight path. This information is transmitted on 1090 MHz frequency: ground stations, other nearby aircraft as well as commercial off-the-shelf receivers available on the market as well as home-built ones, tuned on the same frequency, can receive and process this data.
Flightradar24 and PlaneFinder rely on a network of several hundred (if not thousand) feeders who receive and share Automatic Dependent Surveillance-Broadcast (ADS-B) transponders data and contribute growing the network and cover most of the planet.
Obviously, only ADS-B equipped aircraft flying within the coverage area of the network are visible.
Actually, in those areas where coverage is provided by several different ground stations, the position can be calculated also for those planes that do not broadcast their ADS-B data by means of Multilateration (MLAT). MLAT uses Time Difference of Arrival (TDOA): by measuring the difference in time to receive the signal from four different receivers, the aircraft can be geolocated and tracked even if it does not transmit ADS-B data.
Although the majority of the aircraft you’ll be able to track using a browser (or smartphone’s app) using the above mentioned Web-based tracking services are civil airliners and business jets, military aircraft are also equipped with Mode-S ADS-B-capable transponders: a 2010 Federal Aviation Administration rule requires all military aircraft to be equipped with ADS-B transponders by Jan. 1, 2020, as part of its program to modernize the air transportation system.
RQ-4 Global Hawk tracked during its mission near Crimea and over Ukraine on Jul. 20, 2017. The U.S. Air Force Global Hawk UAS are among the assets that can be regularly tracked online. (Screenshot from Flightradar24.com)
But, these are *usually* turned off during real war ops. Usually, not always.
In fact, during opening stages of the Libya Air War in 2011 some of the combat aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net. And despite pilots all around the world know the above mentioned flight tracking websites very well, transponders remain turned on during real operations, making their aircraft clearly visible to anyone with a browser and an Internet connection. As a consequence, we have been highlighting the the risk of Internet-based flight tracking of aircraft flying war missions for years. In 2014 we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circled over the Ghazni Province. Back then we explained that the only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations. US Air Force C-32Bs (a military version of the Boeing 757 operated by the Department of Homeland Security and US Foreign Emergency Support Team to deploy US teams and special forces in response to terrorist attacks), American and Russian “doomsday planes”, tanker aircraft and even the Air Force One, along with several other combat planes can be tracked every now and then on both FR24.com and PF.net.
A U.S. Air Force F-22 Raptor departs after receiving fuel from a KC-135 Stratotanker, assigned to the 340th Expeditionary Air Refueling Squadron, during a mission in support of Operation Inherent Resolve Aug. 22, 2017. According to GAO, ADS-B poses a threat to the Raptor stealthiness as it may expose the aircraft presence. (U.S. Air Force photo by Staff Sgt. Michael Battles)
Today, military planes belonging to different air forces as well as contractor and special operations planes can be regularly tracked while flying over Iraq, Afghanistan, Tunia, Egypt and many other “hot spots”.
A Government Accountability Office report released last month highlighted the risks of ADS-B. According to the watchdog agency neither the Department of Defense nor the FAA have taken significant steps to mitigate security risks associated with openly transmitting flight data from military aircraft (highlight mine):
Information broadcasted from ADS-B transponders poses an operations security risk for military aircraft. For example, a 2015 assessment that RAND conducted on behalf of the U.S. Air Force stated that the broadcasting of detailed and unencrypted position data for fighter aircraft, in particular for a stealth aircraft such as the F-22, may present an operations security risk. The report noted that information about the F-22’s precise position is classified Secret, which means that unauthorized disclosure of this information could reasonably be expected to cause serious damage to the national security.
Such risks have been highlighted since 2008 according to GAO:
In DOD’s 2008 comments about FAA’s draft rule requiring ADS-B Out technology, the department informed FAA that DOD aircraft could be identified conducting special flights for sensitive missions in the United States and potentially compromised due to ADS-B technology. Such sensitive missions could
include low-observable surveillance, combat air patrol, counter-drug, counter-terrorism, and key personnel transport. While some military aircraft are currently equipped with Mode S transponders that provide individuals who have tracking technology the altitude of the aircraft, ADS-B poses an increased risk.
Moreover, there are concerns since the ADS-B technology is vulnerable to jamming and cyber attacks. GAO:
For example, a 2015 Institute of Electrical and Electronics Engineers article about ADS-B stated that ADS-B is vulnerable to an electronic-warfare attack — such as a jamming attack — whereby an adversary can effectively disable the sending and receiving of messages between an ADS-B transmitter and receiver by transmitting a higher power signal on the ADS-B frequencies. The article notes that while jamming is a problem common to all wireless communication, the effect is severe in aviation due to the system’s inherently wide-open spaces, which are impossible to control, as well as to the importance and criticality of the transmitted data. As a stand-alone method, jamming could create problems within the national airspace. Jamming can also be used to initiate a cyber-attack on aircraft or ADS-B systems. According to the article in the 2015 Institute of Electrical and Electronics Engineers publication, adversaries could use a cyber-attack to inject false ADS-B messages (that is, create “ghost” aircraft on the ground or air); delete ADS-B messages (that is,make an aircraft disappear from the air traffic controller screens); and modify messages (that is, change the reported path of the aircraft). The article states that jamming attacks against ADS-B systems would be simple, and that ADS-B data do not include verification measures to filter out false messages, such as those used in spoofing attacks.
Lack of solutions:
Although DOD, FAA, and other organizations have identified risks to military security and missions since 2008, DOD and FAA have not approved any solutions to address these risks. This is because DOD and FAA have focused on equipping military aircraft with ADS-B technology and have not focused on solving or mitigating security risks from ADS-B. The approach being taken by FAA and DOD will not address key security risks that have been identified, and delays in producing an interagency agreement have significantly reduced the time available to implement any agreed-upon solutions before January 1, 2020, when the full deployment of ADS-B Out is required.
So, GAO urges DoD and FAA to approve solutions that can address operations, physical, cyber-attack, and electronic warfare security risks; and risks associated with divesting secondary-surveillance radars (since the idea is to divest legacy radars and replace them with ADS-B only). However, based on our experience, proper procedures should be adopted (provided they are not there yet) in order to prevent big OPSEC failures. Indeed, whilst securing ADS-B is a must, it’s probably more important to turn off the Mode-S and ADS-B transponders when conducting missions that need to remain invisible (at least to public flight tracking websites and commercial off the shelf receivers). Unless the transponder is turned on for a specific purpose: to let the world know they are there. In fact, as reported several times here, it’s difficult to say whether some aircraft that can be tracked online broadcast their position for everyone to see by accident or on purpose: increasingly, RC-135s and other strategic ISR platforms, including the Global Hawks, operate over highly sensitive regions, such as Ukraine or the Korean Peninsula, with the ADS-B and Mode-S turned on, so that even commercial off the shelf receivers (or public tracking websites) can monitor them. Is it a way to show the flag? Maybe.
1213z – PS156 on task over the Black Sea / South of Crimea at 27,000 feet
Summing up, FR24.com, PF.net, home-made kits etc. are extremely interesting and powerful tools to investigate and study civil and military aviation; until ADS-B is made more resilient and secure, air forces around the world have only to consider the risk of public flight tracking when executing combat missions in the same way other details, such as radio communications policies and EMCON (Emission Control) restrictions, are already taken into account.
Many thanks to @CivMilAir for helping preparing this article.
GPS Jamming is a New Story from Red Flag 18-1, But We Videotaped It at Nellis Last Year.
Despite the Jan. 27, 2018 accident with a Royal Australian Air Force EA-18G Growler, the massive tactical air training exercise Red Flag 18-1 continues from Nellis AFB outside Las Vegas, Nevada. The training exercise extends throughout the sprawling 7,700 square mile Nellis Military Operating Area (MOA) ranges.
Aviation authority and journalist Tyler Rogoway broke the story of the U.S. Air Force jamming GPS signals on a large scale for training purposes during Red Flag 18-1 in an article for The War Zone last week. But earlier in 2017 we went inside Nellis AFB to get a firsthand demonstration of how easy and how quickly the U.S. Air Force can jam GPS signals for training purposes.
In our demonstration, members of the 527th Space Aggressor Squadron (527th SAS) at Nellis AFB showed us how they can use off-the-shelf equipment to conduct tactical short-range jamming of the GPS signal on a local level. The 527th Space Aggressor Squadron was at Nellis AFB for the 2017 Aviation Nation Air and Space Expo. Our reporters got a firsthand look at GPS jamming on media day. In only a few seconds members of the 527th SAS used off-the-shelf equipment available to the public to jam local GPS reception. As you can see in the video, the signal bars on our test receiver, a typical consumer GPS, disappeared entirely as thought GPS simply didn’t exist anymore.
The 527th Space Aggressor Squadron’s mission is not active combat jamming of GPS, but to provide these and other electronic warfare capabilities for training purposes in exercises like Red Flag 18-1. The unit is based at Schriever AFB in Colorado but is attached to the 57th Wing at Nellis. According to the U.S. Air Force, the 57th Wing, “is the most diverse wing in the Air Force and provides advanced, realistic and multi-domain training focused on ensuring dominance through air, space and cyberspace.”
The 527th Space Aggressor Squadron personnel showed enthusiasm for their mission and reminded us that cyber and electronic warfare is the most dynamic and fastest growing battlespace in modern combat.
The unique insignia worn by members of the elite 527th Space Aggressor Squadron. Notice one version worn by the unit is in Russian. (Photo: TheAviationist.com)
In an operational environment jamming GPS signals represents both a threat and an important capability. In addition to serving an important purpose in navigation on land, sea and in the air GPS also provides targeting capability for precision weapons along with many other tactical and strategic purposes.
For instance, among the various theories surrouding the capture of the U.S. RQ-170 Sentinel drone by Iran in 2011, one mentioned a GPS hack. This is what The Aviationist’s David Cenciotti wrote back then:
Eventually there is an explanation for the mysterious capture of the U.S. stealth drone by Iran. In an exclusive interview to the Christian Science Monitor, an Iranian engineer (on condition of anonymity) working to reverse engineer the RQ-170 Sentinel hacked while it was flying over the northeastern Iranian city of Kashmar, some 225 kilometers (140 miles) away from the Afghan border, says they were able to exploit a known vulnerability of the GPS.
They jammed the SATCOM link and then forced the drone into autopilot reconfiguring the waypoint of the lost-link procedure to make it land where they wanted.
Although we don’t know what really happened to the Sentinel drone during its clandestine mission (in the above article our own Cenciotti was skeptical about the version mentioned by the anonymous Iranian engineer), it’s pretty obvious that dominating the GPS “domain” is crucial to win. That’s why during Red Flag 18-1 the widespread jamming of GPS for training purposes enables warfighters to operate in an environment where electronic and cyber-attacks may disable GPS capability. This compels the players to develop new tactics for fighting “GPS blind” and to revisit existing capabilities perfected in the era prior to widespread use of GPS in a warfighting role.
The 527th SAS displayed press clippings about GPS jamming incidents around the world at Nellis AFB. (Photo: TheAviationist.com)
The Social Media Battlefield: Fighting a Confusing War on Twitter, Youtube and Facebook.
It is the new battlefield, the great equalizer, delivered at the speed of light and impervious to bullets, missiles and armor. It is social media. Increasingly social media is being used as a weapons delivery platform in the information war. It is an equalizer between conventional militaries and insurgent forces, providing a sometimes-terrifying mouthpiece for guerillas and freedom fighters.
Weaponized Social Media (WSM for short) is also a source of misinformation and deception, one wielded effectively whether you are showing video of a U.S. Air Force B-2 stealth bomber strike, or an ISIL insurgent IED suicide attack. Every combatant on the YouTube battlefield is the same size, 800 x 600. For only a few thousand dollars an insurgency can terrorize the world via YouTube. It is the textbook manifestation of Sun Tzu’s axiom on terrorism in his masterwork, “The Art of War”. Sun Tzu wrote, “Kill one, terrorize a thousand”. The damage radius is limited only by the speed of your internet connection and the size of your monitor.
But there are at least two sides to every story, and often many more. During the last 24 hours, a fascinating textbook example of using Weaponized Social Media surfaced on Facebook, YouTube, Twitter and Instagram.
The country of Turkey is in conflict with the covertly U.S.-backed Kurdish People Protection Units, known as the “YPG”. There is also spill-over tacit U.S. support for the Syrian Democratic Forces, the free-Syrians not under Bashar al-Assad. Bashar al-Assad, as you know, is the Syrian President backed by Russia. As with most relationships played out on social media, it’s complicated.
The gray-area support from the U.S. government of the Kurdish People Protection Units (YPG) started during the administration of former President Barack Obama, and continues under President Donald Trump. Trump is a rough-talking gangster of a politician to Obama’s polished attorney voice.
Under Trump’s administration the SDF forces are now 50,000 strong according to reports- they fight Assad’s regular army Syrian units for control and in combat with their common enemy, ISIL. The authoritative publication “Foreign Policy” described the Syrian Democratic Forces (SDF) and their same-side alliance with the Kurdish People Protection Units (YPG) as, “The most capable anti-Islamic State force in northern Syria.” While Russia may not agree with that assessment, there is no doubt the SDF and YPG guerilla forces amount to more than a series of acronyms formed by a Scrabble game gone wrong.
Get out your notebook because it gets more complicated. Enter the Kurdistan Worker’s Party (PKK), listed as a terrorist organization by several states and organizations including NATO. The short story is, SDF and YPG are aligned with the PKK in the fight against ISIL, but not liked by the TAF, the Turkish Armed Forces. You can also call the TAF the “Türk Silahlı Kuvvetleri, or “TSK” if you prefer. The TAF, or TSK if you prefer, are the military forces of the Republic of Turkey. So, the PKK, the SDF and the YPG, backed by the USA, are at odds with the TAF, or TSK if you like.
Before you ask, “WTF?”, just think of it this way for our purposes; The guys in the Blackhawk helicopter in these photos and videos are fighting the guys who launch the rocket at them from the bottom of the mountain.
One video shows the rocket launch from the perspective of the guys firing it. It seems to weave and bob the way rockets do, on its way to the top of the ridge, where a Turkish S-70A helicopter appears. The Turkish Blackhawk dips below the ridge just as the PKK ATGM explodes. The inference is that the guys firing the ATGM hit the Blackhawk.
Click over to the video of the guys up on the ridge with the Blackhawk, being resupplied, it would appear. The wire-guided missile fired from the bottom of the ridge by the first guys videoing, explodes over the heads of the guys on top of the ridge, also videoing. An instant after the rocket explodes the Blackhawk successfully escapes. The point? The one video from the bottom of the ridge suggests the S-70A was hit, a huge victory for those lads. The other video shows the Turkish helicopter flying away, “proof” that it is not a victory, just a near miss and one for the highlight reel on YouTube.
Same attack from a soldier’s camera.
Aynı saldırı, bu sefer de bir askerimizin kamerasından..
One of the few EC-130H Compass Call aircraft, capable to find and hit the enemy forces with denial of service (and possibly cyber) attacks on their communication networks, has been deployed to Osan Air Base, South Korea.
The EC-130H Compass Call is a modified Hercules tasked with various types of signals surveillance, interdiction and disruption. According to the U.S. Air Force official fact sheets: “The Compass Call system employs offensive counter-information and electronic attack (or EA) capabilities in support of U.S. and Coalition tactical air, surface, and special operations forces.”
The USAF EC-130H overall force is quite small, consisting of only 14 aircraft, based at Davis-Monthan AFB (DMAFB), in Tucson, Arizona and belonging to the 55th Electronic Combat Group (ECG) and its two squadrons: the 41st and 43rd Electronic Combat Squadrons (ECS). Also based at DMAFB and serving as the type training unit is the 42nd ECS that operates a lone TC-130H trainer along with some available EC-130Hs made available by the other front-line squadrons.
An EC-130H Compass Call travels along the taxiway at an undisclosed location in Southwest Asia, June 27, 2017. Compass Call is an airborne tactical weapon system that uses noise jamming to disrupt enemy command and control communications and deny time-critical adversary coordination essential for enemy force management. (U.S. Air Force photo by Tech. Sgt. Jonathan Hehnly)
The role of the Compass Call is to disrupt the enemy’s ability to command and control their forces by finding, prioritizing and targeting the enemy communications. This means that the aircraft is able to detect the signals emitted by the enemy’s communication and control gear and jam them so that the communication is denied. The original mission of the EC-130H was SEAD (Suppression of Enemy Air Defenses): the Compass Call were to jam the enemy’s IADS (Integrated Air Defense Systems) and to prevent interceptors from talking with the radar controllers on the ground (or aboard an Airborne Early Warning aircraft). Throughout the years, the role has evolved, making the aircraft a platform capable of targeting also the signals between UAVs (Unmanned Aerial Vehicles) and their control stations.
According to the official data:
The EC-130H fleet is composed of a mix of Baseline 1 and 2 aircraft. The 55th ECG recently eclipsed 10,900 combat sorties and 66,500 flight hours as they provided U.S. and Coalition forces and Joint Commanders a flexible advantage across the spectrum of conflict. COMPASS CALL’s adaptability is directly attributed to its spiral upgrade acquisition strategy guided by the Big Safari Program office and Air Force Material Command’s 661st Aeronautical Systems Squadron based in Waco, Texas. Combined efforts between these agencies ensure the EC-130H can counter new, emergent communication technology.
The Block 35 Baseline 1 EC-130H provides the Air Force with additional capabilities to jam communication, Early Warning/Acquisition radar and navigation systems through higher effective radiated power, extended frequency range and insertion of digital signal processing versus earlier EC-130Hs. Baseline 1 aircraft have the flexibility to keep pace with adversary use of emerging technology. It is highly reconfigurable and permits incorporation of clip-ins with less crew impact. It promotes enhanced crew proficiency, maintenance and sustainment with a common fleet configuration, new operator interface, increased reliability and better fault detection.
Baseline 2 has a number of upgrades to ease operator workload and improve effectiveness. Clip-in capabilities are now integrated into the operating system and, utilizing automated resource management, are able to be employed seamlessly with legacy capabilities. Improved external communications allow Compass Call crews to maintain situational awareness and connectivity in dynamic operational and tactical environments.
Delivery of Baseline-2 provides the DoD with the equivalent of a “fifth generation electronic attack capability.” A majority of the improvements found in the EC-130H Compass Call Baseline-2 are classified modifications to the mission system that enhance precision and increase attack capacity. Additionally, the system was re-designed to expand the “plug-and-play” quick reaction capability aspect, which has historically allowed the program to counter unique “one-off” high profile threats. Aircraft communication capabilities are improved with expansion of satellite communications connectivity compatible with emerging DoD architectures, increased multi-asset coordination nets and upgraded data-link terminals. Furthermore, modifications to the airframe in Baseline-2 provide improved aircraft performance and survivability.
Although it’s not clear whether this ability has already been translated into an operational capability, in 2015, a USAF EC-130H Compass Call aircraft has also been involved in demos where it attacked networks from the air: a kind of in-flight hacking capability that could be particularly useful to conduct cyberwarfare missions where the Electronic Attack aircraft injects malware by air-gapping closed networks.
With about one-third of the fleet operating in support of Operation Inherent Resolve (indeed, four EC-130Hs, teaming up with the RC-135 Rivet Joint and other EA assets, are operating over Iraq and Syria to deny the Islamic State the ability to communicate), the fact that a single EC-130H (73-1590 “Axis 43”) was recently deployed from Davis Monthan AFB to Osan Air Base, South Korea, where it arrived via Yokota, on Jan. 4, 2018, it’s pretty intriguing.
Airborne from Yokota AB, Japan routing to Osan AB, South Korea
Update: some of our sources have suggested that the aircraft was deployed to perform anti-IED (Improvised Electronic Device) tasks during the Winter Olympics, kicking off on Feb. 9, 2018 in PyeongChang County, South Korea.
“We always found ourselves ‘on their tails’ as the pilots say, which means victory in a dogfight.” Just the latest chapter of Russia’s hybrid warfare in Syria?
Close encounters between Russian and U.S. aircraft over Syria are nothing new. What’s new is the way this close-quarter Russian/U.S. shadow boxing incidents are reported from both sides: two incidents, one on November 23 and another one on December 13, made headlines in Russia and the U.S. with differing accounts of the nearly identical incidents and the reasons they happened.
For instance, dealing with the first one, according to the Russian version, a Sukhoi Su-35S was scrambled after a U.S. F-22 interfered with two Su-25s that were bombing an Islamic State target and chased the Raptor away. The Russian account was denied by the U.S. Central Command, that in an email to The Aviationist explained that there was no truth in the allegation:
“According to our flight logs for Nov 23, 2017, this alleged incident did not take place, nor has there been any instance where a Coalition aircraft crossed the river without first deconflicting with the Russians via the deconfliction phone line set up for this purpose. Of note, on Nov 23, 2017, there were approximately nine instances where Russian fighter aircraft crossed to the east side of the Euphrates River into Coalition airspace without first using the deconfliction phone. This random and unprofessional activity placed Coalition and Russian aircrew at risk, as well as jeopardizing Coalition ability to support partner ground forces in the area.”
Dealing with the second incident, U.S. officials told Fox News that a USAF F-22 Raptor stealth fighter flew in front of a pair of Russian Air Force Su-25 Frogfoot attack jets near Al Mayadin, Syria, “an area off-limits to Russian jets based on a long-standing mutual agreement”. In an attempt to force the Russian aircraft to change course, the American stealth jet cut across the front of the Russian jets, and released flares (a tactic known as ‘head-butting,’ meant to send a strong warning to an opposing warplane).
A Russian Flanker flying at MAKS 2017 (Jacek Siminski)
Needless to say, this time it was the Russians to deny the version of events: according to the Russian MoD the Su-25s were escorting a humanitarian convoy on the western side of the Eurphrates and it was the U.S. aircraft that crossed the deconfliction line. “A Russian Su-35 fighter jet, performing an air cover mission at an altitude of 10,000 meters, swiftly approached the F-22 from the rear, forcing the American aircraft to leave the area.”
“We saw anywhere from six to eight incidents daily in late November, where Russian or Syrian aircraft crossed into our airspace on the east side of the Euphrates River,” Lt. Col. Damien Pickart of the U.S. Air Forces Central Command told U.S. news outlet CNN recently. “It’s become increasingly tough for our pilots to discern whether Russian pilots are deliberately testing or baiting us into reacting, or if these are just honest mistakes.”
On Dec. 29, the state-run RT media outlet reported:
Russian pilots always managed to get behind US-led coalition fighter jets they encountered in the skies over Syria, a Russian ace said after receiving a state award from President Putin at the Kremlin.
When meeting our partners from the Western coalition in the air, we always found ourselves ‘on their tails’ as the pilots say, which means victory in a dogfight,” Russian Airspace Forces major, Maksim Makolin, said.
The so-called ‘lag pursuit’ when the nose of an attacking plane points at the tail of the opponent’s aircraft is considered the optimum location in an aerial fight. It allows the plane at the back a range of options, from increasing or maintaining range without overshooting to freely attacking, all the while remaining concealed in the blind spot behind the defending aircraft.
Makolin became one of the 14,000 Russian servicemen who received state decorations for their courage and professionalism during the two-year-long Russian campaign in Syria.
We have already discussed these close encounters, the tactical value of supermaneuverability vs stealthiness, the ROE, etc. In this case it’s only worth noticing there is no attempt to ease tensions, quite the contrary, as if certain statements were part of a hybrid warfare made of actual aircraft, as well as cyber warfare, proxy forces and propaganda. In this respect, if you are willing to learn more about “Russia’s campaign to mislead the public and undermine democratic institutions around the world,” I suggest you reading this report here. “It reveals how the Russian government is conducting a major multi-pronged propaganda campaign to spread false information… […]”
Image credit: Dmitry Terekhov from Odintsovo, Russian Federation/Wiki
Socials
Categories
The Aviationist patch
Send me an email if you want to support this site buying the original TheAviationist.com patch, only available through this website!
