Category Archives: Information Warfare

The brand new RAF Rivet Joint aircraft “fried” Daesh communications with massive jamming attack in Libya

A British Special Operation led by a “brand new” RC-135 Rivet Joint aircraft of the Royal Air Force has shut down ISIS comms in Libya recently.

UK special forces have recently carried out “black ops” attacks against Daesh stronghold of Sirte, on the Mediterranean coast, using Electronic Warfare to shut down ISIS communication network in Libya.

The “highly sophisticated” jamming strikes were led by a RAF RC-135W “Airseeker,” one of the three ex-USAF KC-135 tanker converted starting back in 2011 by L-3IS in Greenville, Texas, at a cost of around 650 million GBP (950M USD).

Indeed, the operators aboard the British Rivet Joint first tuned into the militants preferred frequencies and then used the high-powered transmitters to broadcast interference on the same wavelengths, drowning out the enemy’s conversations on the battlefield, according to a source who talked to the Daily Mail.

Whilst the RC-135 jammed the Daesh frequencies from off the Libyan coasts, aboard HMS Enterprise, a GCHQ (Government Communications Headquarters which is the centre for UK’s Signal Intelligence – SIGINT – activities) cyber-warfare team gauged the response to last week’s jamming strike by monitoring exchanges online between IS leaders – who are believed to be in command of up to 6,000 jihadists in Libya.

The defense source told the Daily Mail that the IS fighters “were very angry and couldn’t understand what had gone wrong. We jammed the frequencies for 40 minutes – long enough to prove the capability, but not so long that IS realized what was happening.”

The RC-135W is an intelligence gathering plane that usually monitors communications: the aircraft is equipped with all sorts of antennae and sensors, to eavesdrop enemy signals, transmissions, detect frequencies used by radio and radars and pinpoint sites of interest, mobile stations, SAM batteries, etc.

But, according to the source it also features active EW capabilities and the aircrews “occasionally use jamming strikes to spread confusion among their ranks at vital times.”

ZZ664_RC-135W_RAF_Mildenhall_2016_1

The United Kingdom are the only Rivet Joint operator in the world outside the United States.

The first of three Boeing KC-135R Stratotankers (64-14833) scheduled to be converted to RC-135W configuration for the Royal Air Force arrived at prime contractor L-3 Communications’ facility at Majors Field, Greenville, Texas in December 2010.

British pilots, navigators, electronic warfare officers, intelligence operators and airborne maintenance technicians from No. 51 Squadron all began training at Offutt Air Force Base, Nebraska, in January 2011 undertaking around 2000 sorties and around 35,000 flying hours.

In March 2011 the remaining two Nimrod R.1s that provided electronic intelligence with No.51 Squadron at RAF Waddington were retired from service leaving a three-year gap of having nothing in the UK’s ISR mission until the UK received their first RC-135W ZZ664 in December 2013. ZZ664 was deployed to the middle East in April 2015 and it was expected it would be deployed for around 6 months.

The Second RC-135W Airseeker ZZ665 (ex-USAF/64-14838) was delivered direct from L-3 Communications’ facility in Texas to RAF Mildenhall as ‘SAME 40’ on September 13th 2015. Both RC-135Ws would normally be based at RAF Waddington, Lincolnshire but due to continued runway work there the unit is currently flying from RAF Mildenhall when not deployed on operations.

The third and final RC-135W Airseeker (ZZ666) is currently being converted from KC-135R (64-14840) to RC-135W configuration and is due to be delivered to the RAF by 2018.”

The images in this post were taken by photographer Ashley Wallace. They depict RC-135W ZZ664 from No.51 Squadron taxiing to runway 29 at RAF Mildenhall for departure using the callsign ‘DRAGNET 41” on a training mission on Feb. 19, 2016, wearing special tail markings to celebrate the 100th anniversary of No. 51 Squadron.

ZZ664_RC-135W_RAF_Mildenhall_2016

All images by Ashley Wallace (who has also contributed to this post)

Update: we investigated the Rivet Joint (RJ) jamming capability claimed by the English tabloid’s source with the help of Robert Hopkins, III, a former RC-135 aircraft commander who flew the S, U, V, W, and X models in the 1980s and 1990s, and author of a book on the type.

Here’s his answer:

“After speaking with several of my contacts in the RC community, I think you may wish to consider the story of the Airseeker as a jammer to be, as the TV show Mythbusters says: BUSTED.

Jamming requires massive amounts of power and power requires massive amounts space and weight, which is just not available on the RJ. Buzzing the spectrum hinders simultaneous collection, even on adjacent frequencies, so it doesn’t make sense for both the target and the buzzer to be blind during the process. Part of the reason the RCs have operated with minimal fuss in airspace adjacent to Russia and China is that they are only receiving, not broadcasting. Remember the canard they were equipped with SLAR in the cheeks? Yeah, never happened but every magazine reported it as such for years—was the ASD-1 and later AEELS. If the RJ had a jamming feature the Russians and Chinese would be all over that and they would go public and ugly early.
My best guess, in the absence of the MoD official owning up, is that the Airseeker located the desired frequencies and some other source (air, ground, no matter) did the jamming while the Airseeker listened to the chaos.”

Salva

While its aircraft can be tracked online, the U.S. Air Force only worries about Tweets….

Bad OPSEC (Operations Security) exposed by Air War on ISIS?

“Loose Tweets Destroy Fleets” is the slogan (based on the U.S. Navy’s WWII slogan “Loose Lips Sink Ships”) that the U.S. Air Force Central Command used a couple of weeks ago for an article aimed at raising airmen awareness about the risk of sharing sensitive information on social media.

Indeed, the AFCENT article speaks directly to the threat posed by Islamic State supporters who, according to Stripes, on at least two occasions have acquired and posted online personal data of military personnel, urging sympathizers, “lone wolves,” to attack Americans in the States and overseas in retaliation for the air strikes.

The article highlights the importance of proper OPSEC to keep sensitive information away from the enemy and to prevent leakage of information that could put missions, resources and members at risk,  “and be detrimental to national strategic and foreign policies.”

Interestingly, the article only focuses on the smart use of social media. Ok, however, there are other possible OPSEC violations that the U.S. Air Force (as well as many other air arms currently supporting Operation Inherent Resolve, in Iraq and Syria, or Enduring Freedom, in Afghanistan) should be concerned of.

In October 2014 we highlighted the risk of Internet-based flight tracking of aircraft flying war missions after we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circles over the Ghazni Province.

The only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations.

Although such risk was already exposed during opening stages of the Libya Air War, when some of the aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net and despite pilots all around the world know the above mentioned websites very well, transponders remain turned on during real operations making the aircraft clearly visible to anyone with a browser and an Internet connection.

Magma 13

USAF C-146A Wolfhound of the 524th Special Operations Squadron

During the last few months many readers have sent us screenshots they took on FR24.com or PF.net (that only collect ADS-B broadcast by aircraft in the clear) showing military planes belonging to different air forces over Iraq or Afghanistan: mainly tankers and some special operations planes.

Hoser 15

Canadian tanker

We have informed the U.S. Air Force and other air forces that their planes could be tracked online, live, several times, but our Tweets (and those of our Tweeps who retweeted us) or emails have not had any effect as little has changed. Maybe they don’t consider their tankers’ racetrack position or the area of operations of an MC-12 ISR (Intelligence Surveillance Reconnaissance) aircraft a sensitive information…

A330 over Iraq

RAF A330 tanker over Iraq

Image credit: screenshots from Flightradar24.com

 

A U.S. Air Force Intel team turned a comment on social media into an airstrike on ISIS building

A comment on a social media can attract three JDAMs (Joint Direct Attack Munitions).

It looks like the imprudent use of social media cost ISIS an air strike and three JDAMs dropped by U.S. attack planes on one of their buildings.

According to Air Force Gen. Hawk Carlisle, head of Air Combat Command, airmen belonging to the 361st Intelligence, Surveillance and Reconnaissance Group, at Hurlburt Field, Florida, were able to geo-locate an ISIS headquarters building thanks to a comment posted on social media by a militant.

As Carlisle explained to Defense Tech:

“The guys that were working down out of Hurlburt, they’re combing through social media and they see some moron standing at this command. And in some social media, open forum, bragging about the command and control capabilities for Daesh, ISIL. And these guys go: ‘We got an in.’ So they do some work, long story short, about 22 hours later through that very building, three [Joint Direct Attack Munitions] take that entire building out.”

Although the U.S. Air Force did not release any further information about the location of the headquarters or the aircraft that carried out the attack, the story is quite interesting as it proves that not only are social media used by ISIS for propaganda and recruiting purposes, they are also used by U.S. intel team to identify ground targets, supplementing ISR (Intelligence Surveillance Reconnaissance) activities conducted with the “usual” platforms, like satellites, spyplanes and UAVs (Unmanned Aerial Vehicles).

U.S. and NATO soldiers are always made aware of the risk of using social media and, generally speaking, digital technologies which embed information that can be exploited by the adversaries in various ways. Still OPSEC (Operations Security) breaches occur.

In 2007 four Apache helicopters were lost in Iraq because of smartphone geotagging: insurgents were able to determine the exact location of the AH-64s and successfully attack them because some soldiers had taken pictures on the flightline and uploaded them (including geotagging data) to the Internet.

Now even IS militants have experienced how dangerous an incautious use of social media can be.

Image credit: U.S. Air Force

 

How a Syrian nuclear facility was destroyed by the Israeli Air Force 7 years ago today

On Sept. 6, 2007 the Israeli Air Force (IAF) conducted a precision air strike, code-named Operation Orchard, against a Syrian nuclear installation.

Even if Israel has never publicly admitted that some of its aircraft destroyed the facility, some details about the mission have been either disclosed or leaked throughout the years.

Some of them are well described in the book The Sword of David – The Israeli Air Force at War, written by Donald McCarthy.

According to McCarthy, who served in the U.S. Air Force from 1964 to 1968 before becoming a respected and well informed historian, the information for Operation Orchard is alleged to have come from Ali Reza Asgari, an Iranian general disappeared in February 2007, who may have been the source of the intelligence required by the Syrian nuclear site attack.

After gathering the required details, the Israelis planned a secret mission that was launched on Sept. 6 2007, at night.

At least a four F-16I Sufa (Storm) jets and another four F-15I Ra’am (Thunder) aircraft crossed the Syrian border, in bound to the nuclear plant located near the city of Dir A-Zur, in eastern Syria.

McCarthy points out the fact that Syria as well as other Arab countries were equipped with advanced Russian air defense systems, such as the Pantsir-S1 (SA-22 Greyhound as reported by NATO designation), claimed to be immune to electronic jamming. At the time of Operation Orchard, Syria operated twenty nine of these advanced air defense systems, so it remains unclear how the IAF aircraft flew undetected into the night sky out over the Mediterranean Sea, across the Euphrates River and along their route to the nuclear facility.

As explained by McCarthy, according to the most widely accepted theory the strike force included one or more Gulfstream G550 aircraft, equipped with the IAI Elta EL/W-2085 radar system.

Indeed, the success of the operation was largely attributed to effectiveness of the Israeli Electronic Warfare platforms that supported the air strike and made the Syrian radars blind: some sources believe that Operation Orchard saw the baptism of fire of the Suter airborne network system against Syrian radar systems.

This system, combined with the F-15Is electronic warfare capabilities, shut down Syrian air defense systems, providing the other airplanes the cover they needed to hit and destroy the Dir A-Zur nuclear plant.

F-15I Orchard

After the attack, the initial reports stated that the IAF aircraft had almost entirely destroyed the nuclear site, claims that were also confirmed by the comparison of pre and post-attack satellite imagery.

Even if the incident was shrouded in secrecy, Turkish media outlets reported that external fuel tanks were found on the ground not far away from the Syrian border: as reported by Shlomo Aloni & Zvi Avidror in their book Hammers Israel’s Long-Range Heavy Bomber Arm: The Story of 69 Squadron, these external fuel tanks were identified by foreign press as belonging to F-15 aircraft.

Operation Orchard showed the capabilities of the Israeli Air Force, capabilities that were most probably used to carry out an air strike on a weapons convoy and military complex near Damascus, at the beginning of 2013. As done in 2007, on the night between Jan. 29 and 30, 2013, Israeli bombers entered and egressed the Syrian airspace almost completely undetected by the Syrian air defenses: a sign that Syrian radars can do nothing against Israel’s Electronic Warfare systems, most probably further improved to embed the capability to inject malware from F-16s into enemy networks.

Image credit: IAF

 

You can track the first helium balloons of Google Project Loon’s aerial wireless network

Helium balloons of the future network that should give Internet to everyone in the world fortunately use ADS-B.

If you point your browser to Flightradar24.com and zoom off the coast of New Zealand, you’ll see 7 slow moving aircraft: these are actually helium balloons, part of Google’s Project Loon, broadcasting their position, speed, altitude etc. via Mode-S ADS-B.

Project Loon is a research and development project whose aim is to provide Internet access to everyone, even if they live in rural and remote areas. The project features high-altitude balloons, made from sheets of polyethiylene plastic and measuring 15×12 meters,  placed in the stratosphere at an altitude of about 20 mi (32 km) with the purpose of crating an aerial wireless network with up to 3G-like speeds.

The helium balloons are all “floating” around 1,000 feet to the southeast of New Zealand, and a probably involved in a testing campaign; after the trial (kicked off in June 2013) Google hopes to launch thousands of balloons around Earth to provide global Internet access.

In the wake of Snowden scandal, someone said that the purpose of the project may not be philantropic and the task of the network of balloons would be global communications monitoring. But this is another story.

Top: Flightradar24.com screenshot

Enhanced by Zemanta