Category Archives: Information Warfare

Cybersecurity In The Sky: Internet of Things Capabilities Making Aircraft More Exposed To Cyber Threats Than Ever Before

The rise of IoT (Internet Of Things) could become a security nightmare for aviation. We spoke with an expert about the dangers associated with bringing military and civil aircraft “online”.

The Internet of things (IoT) is the inter-networking of physical devices equipped with electronics, software, sensors, actuators, and network connectivity which enable these objects (referred to as “connected things”) to collect and exchange data.

Almost every device that is able to connect to the Internet can be considered as a “connected thing”: smartphones,  wearables, personal computers, refrigerators, smart meters, cars, buildings and, why not, aircraft can be considered IoT devices that communicate with one another. Smart homes are enabled by IoT devices. Just think to this scenario: a user arrives home and his car autonomously communicates with the garage to open the door. The thermostat is already adjusted to his preferred temperature, due to sensing his proximity. He walks through his door as it unlocks in response to his smart phone or RFID implant. The home’s lighting is adjusted to lower intensity and his chosen color for relaxing, as his pacemaker data indicates that it’s been a stressful day.

Based on some recent estimates, there will be about 30 Billion devices connected to the IoT by 2020.

What is somehow worrisome about the proliferation of IoT devices is the fact that most of these are poorly protected and hackable. Between September and October 2016, a botnet made of hundreds thousands under-secured IoT devices (mainly CCTV cameras) was used to perform one of the largest distributed denial of service (DDoS) attacks ever: a malware dubbed “Mirai” identified vulnerable IoT devices and turned these networked devices into remotely controlled “bots” that could be used as part of a botnet in large-scale network attacks. On Oct. 21, the so-called “Mirai IoT botnet” remotely instructed 100,000 devices to target the DNS services of DNS service provider Dyn. As a result much of America’s internet was brought down by the cyber-attack, because it prevent the accessibility of several high-profile websites.

Now, imagine for a moment, that these attacks involved or were aimed at connected airplanes.

“Soon, thousands of sensors will be embedded in each aircraft, allowing data to be streamed down to the ground in real-time. And who knows, in time, this could drive the ubiquitous black box to become simply a backup device!” said Aviation Week in an article last year.

Indeed, an aircraft can leverage IoT capabilities to proactively identify maintenance issues and place orders for replacement parts and ground maintenance crew while cruising, so that, when it lands, everything is already in place and ready to be fixed, without affecting the optempo. This is, for instance, what the F-35’s ALIS (Autonomic Logistics Information System) does: ALIS (pronounced “Alice”) uses sensors embedded throughout the aircraft to detect performance, compare to parameters, use sophisticated analytics to predict maintenance needs, and then communicate with maintenance staff so that the right parts are ready when needed. ALIS serves as the information infrastructure for the F-35, transmitting aircraft health and maintenance action information to the appropriate users on a globally-distributed network to technicians worldwide. In this respect the F-35 is said to be on the IoT’s cutting edge.

Maintenance information aside, the F-35 is surely the largest data collection and sharing platform ever produced, or the Number #1 IoT Device that can collect intelligence and battlefield data from several sensors and share it in real time with other assets as well as commanders.

The F-35 is an example of the extent of interconnection 5th Gen. warplanes feature. To complete missions in denied airspace, pilots need a way to share information securely, without revealing their location to enemy forces. The F-35 has incorporated Northrop Grumman’s MADL into its missions systems to provide pilots with the ability to connect with other planes and automatically share situational awareness data between fighter aircraft. The MADL is a high-data-rate, directional communications link that allows for the secure transmission of coordinated tactics and engagement for 5th Generation aircraft operating in high-threat environments. The MADL is one of 27 different waveforms in the F-35’s communication, navigation and identification (CNI) suite.

With IoT capabilities becoming pivotal to the world of military and civil aviation, connected aircraft could soon become the next target for cyber criminals or cyber enemies.

We have asked a couple of questions about the risk the IoT poses to aviation to Tom Hardin, research lead at G2 Crowd, a peer-to-peer, business software review platform.

Q) What’s the relation between IoT and Aviation?

A) The combination of IoT and aviation is intriguing on a variety of levels. As ‘things’ have become more connected, from wearables to self-driving cars, we now have access to massive amounts of new data points. All of this data can not only help us understand consumers better, but can potentially provide actionable intelligence on the business operations side. An example is tracking the movement of a product throughout a particular supply chain, storing data on production, delivery, and maintenance, that ultimately leads to more predictive and intelligent workflows.

Connecting IoT to commercial aviation, the concept of massive data storage capabilities leading to better analytics, maintenance, and the operation of aircraft could potentially offer significant benefits. Having real-time access to all data points during a flight, such as engine performance, weather analysis, pilot monitoring, etc., could help mechanical engineers create more efficient engines, allow operators to provide more accurate weather forecasts, and aid pilots’ health (and the safety of passengers).

In terms of military aviation, IoT would provide the same potential benefits experienced by commercial airlines, but applied more directly to combat strategies and tactical support. With all of the data gathered through an IoT-connected military aircraft, weapons system, or ground vehicle, missions could be planned with a greater level of intelligence and more effective strategy. Machine learning also plays a role here, as a system can be trained to make real-time decisions, helping collect intelligence faster and identify key threats quicker. For example, sensors on a military aircraft could potentially pick-up a mission-critical piece of information, and instead on that data point being missed or slowly relayed to troops on the ground, it is analyzed and communicated in real-time, allowing for a tactical shift that could increase the mission’s odds of success (and save more lives).

Q) What kind of risks do the above scenarios imply? Are there signs an aircraft or an airport will soon become a battlefield for cyberterrorism or cyberwar?

A) Although there are clear benefits to using IoT for military purposes, there are also serious dangers. Possibly the biggest threat of all is dealing with cyber criminals and hacking. With IoT connected military planes compiling sensitive data, hackers could potentially gain access to strategic information such as the location of troops or detailed mission plans. Even more frightening is the prospect that a hacker could gain access to an aircraft’s control system and weaponry, similar to drone hacks, and use it against the enemy. This type of breach could lead to acts of remote terrorism, which is truly a terrifying thought.

In terms of establishing a timeline on when all of this would be possible, it’s difficult to speculate. My feeling is that it is closer than most of us think. And with DDoS attacks continuing to be an issue, IoT security across industries needs to address the potential for massive data breaches or hostile takeovers.

With all of the potential benefits and security issues with IoT, aviation is something we need to keep an eye on. With the amount of terrorist attacks involving airplanes and airports in recent memory, the threat of a cyberterrorist attack involving a connected aircraft, especially if it is equipped with military-grade weaponry, could be catastrophic. And though hacking into the control system of a plane is likely incredibly complex, security concerns over IoT remain, leaving us to ponder the state if our increasingly connected world.

Hackers have already been targeting modern aircraft made of millions lines of code (with the F-35, the world’s most advanced, “software-based” aircraft at the top of the target list), for years now. IoT capabilities will simply expand the attack surface making next generation aircraft possibly more exposed to hacking than ever before.

Disclaimer: the F-35 is extensively mentioned in this article just because it is most interconnected combat aircraft to date and its Condition-Based Maintenance is considered a clear example of IoT Application in the military.

Salva

Salva

Salva

Salva

Salva

Can The U.S. Actively Disrupt North Korean Missile Tests?

North Korean Missile Test Failure Raises Theories, But Expert Disagrees.

The recent failure of the Sunday, April 17 North Korean submarine launched ballistic missile test raises an interesting question: Could the United States be responsible for the failure of North Korean missile tests? While the theory is alluring and some political sources are quoted as it being possible, one noted expert says he has seen nothing to suggest the U.S. intervened in the North Korean test failure.

Reports from the US Pacific Command at Camp H.M. Smith in Aiea, Hawaii under Chief of Staff Major General Kevin B. Schneider, USAF, say the U.S. detected a North Korean missile launch at 5:21 p.m. Eastern U.S. time zone on Saturday. The launches were seen at 11:21 AM Hawaiian time (21:21 GMT) said US Navy Commander Dave Benham, spokesman for United States Pacific Command.

Surveillance indicated the missile failed almost immediately.

A similar North Korean missile test was conducted earlier on April 5, 2017 and also failed along with another Mar. 5 North Korean missile test failure. All of the missiles encountered terminal problems in flight. These conspicuous failures follow a powerful U.S. initiative to develop clandestine anti-missile capabilities under the Obama administration beginning in 2014.

While there is no published evidence to support the theory that the United States directly interfered with the North Korean missile test, network media including CNN and the BBC have published speculative reports about whether the capability to remotely interdict a missile launch exists and was used.

“There is a very strong belief that the US, through cyber methods, has been successful on several occasions in interrupting these sorts of tests and making them fail,” former British Foreign Secretary Malcolm Rifkind told the BBC World News.

The Aviationist.com spoke to Dr. Bruce Emerson Bechtol Jr., Professor at the Department of Security Studies at Angelo State University, San Angelo, Texas in the United States.

In addition to his Ph.D. in National Security Studies from The Union Institute in Cincinnati, Ohio Dr. Bechtol was the Distinguished Graduate of the U.S. Marine Corps Command and Staff College where he earned his pre-doctorate Masters Degree in Military Studies in 2001. Bechtol also owns a Master of Arts in International Affairs from Catholic University in Washington D.C. He is a noted authority on North Korean military capabilities. We asked Dr. Bechtol about the possibilities that the U.S. could have actively disrupted North Korean missile tests.

“There is nothing to support that.” Dr. Bechtol told us when we asked him about the plausibility of direct U.S. interdiction of the North Korean missile test. “I mean, it is certainly possible, but I have seen nothing to support that. All I have heard is conjecture. The media likes to talk about that.”

Noted expert on North Korean defense technology and doctrine Dr. Bruce E. Bechtol Jr. (credit: Committee for Human Rights in North Korea)

Dr. Bechtel told us that ballistic missile programs are inherently dependent on numbers. “It’s like the SCUD missile. Typically, of 600 of those fired, you get 150-200 duds. That’s normal, but the intention is to shower a target with missiles. And remember, if you are attacking Hawaii with a nuclear warhead, you don’t have to be that accurate, you just have to get one through.”

Another change in newer North Korean missiles noted by Dr. Bechtel was newer guidance fins. When asked what the guidance capabilities of the North Korean’s ballistic missiles are, Bechtel told us, “Well, I wish we knew. But one thing is for sure; the North Koreans are not noted for accuracy in their ballistic missiles. They don’t have to be.”

The failure may also have been a part of a historically difficult development program for North Korea’s missiles. But just as North Korea has had somewhat sporadic successes in their missile launch tests, the U.S. has also had at least sporadic success in testing systems to actively counter ballistic missiles. Even with Dr. Bechtel’s pragmatism there remains a remote chance that Sunday’s failure could have been a fortunate intersection of capabilities for the U.S. It also may have been continued North Korean bad luck. Among U.S. defense officials, the silence is deafening.

While Dr. Bechtel’s remarks suggest otherwise, a North Korean submarine launched missile test could theoretically be disrupted several ways. “I guess, you mean, something like Stuxnet is theoretically possible, but I haven’t seen any proof.” Stuxnet was a 2010 computer worm that disrupted Iran’s nuclear program. It is attributed to American-Israeli origin.

The least exotic method of passive missile interdiction is sabotage. This could occur at the missile assembly site or during transport of the missile or its components. Since North Korean missile programs are dependent on foreign technology they are highly vulnerable to sabotage throughout their development.

Current North Korean missile technology is derived from a combination of Chinese, Russian and Iranian technologies. Each of these foreign technology origins is “porous” to foreign espionage not only from the United States but also from Israel and the United Kingdom. It took China about 15 years to achieve its current level of development in ballistic missiles. North Korea has achieved a similar level of technology in only 123 days of advanced development, reinforcing the theory that most of the technology is imported, not indigenous. Given a seemingly new era of détente between the U.S. and China, including recent meetings between U.S. President Donald Trump and Chinese President Xi Jinping, it is possible that a two-way sharing of technology between the U.S. and China has been brokered. This may further facilitate U.S. efforts to sabotage North Korean missile capabilities.

Interestingly, an Iranian ballistic missile test on Jan. 25, 2017 also failed shortly after launch. According to a US official speaking on condition of anonymity, the Iranian medium-range ballistic missile exploded in flight. But Dr. Bechtel continued to temper speculation with fact, “There were four SCUDs recently tested by North Korea that were successful. These recent failures don’t’ lesson the threat.”

The failed North Korean missile test on Sunday was possibly a version of the Pukguksong-1 submarine launched ballistic missile (SLBM). This missile is boosted to the ocean surface from a submerged launch platform using either compressed air or a booster motor. Once it clears the surface the missile’s solid fuel motor ignites and it begins its flight.

North Korea has launched SLBM’s from both submerged test barges and from submarines. Part of the reason some tests were conducted from submerged barges is that launching missiles from a submerged vehicle is inherently dangerous. Reports indicate at least one North Korean submarine was seriously damaged during a missile launch test, suggesting a reason for why early tests were launched from a submerged barge instead of a submarine.

North Korea displayed new versions of the Pukguksong-2 submarine launched ballistic missiles this week but their most recent test launched failed. (credit: Official North Korean News Agency)

A more exotic theory about how the U.S. could disrupt a North Korean ballistic missile in flight is some type of active intervention during the test, as opposed to sabotage prior to the test.

Active interdiction of missile tests may include somewhat plausible methods such as electronic disruption of the missile’s guidance systems causing it to fly out of control and disintegrate, or more exotically, some type of focused energy weapon. Both of these technologies have been tested to greater and lesser degrees of published success. A key thing to consider when evaluating any of these theories is that advanced active jamming and destructive methods remain most effective when they are still secret. As long as these technologies remain covert it is more difficult- or impossible- for North Korea to engineer around them.

Some media outlets have suggested that North Korean systems are vulnerable to “hacking” or a cyber attack. While possible, cyber attacks depend on a “delivery vehicle” to implant malicious programming code into microchips or insertion via a virus. The Stuxnet weaponized code was inserted via a USB flashdrive.

China has devoted significant military and intelligence resources to cyber warfare but has little motive to employ those resources against neighboring North Korea- except to build leverage with the United States.

The U.S. also has highly developed cyber combat resources in addition to the early Stuxnet. These may include what is referred to as “left of launch” attacks. Some of these may even be interdiction of a ballistic missile while it is still underwater. One published technical report about electromagnetic propagation mentions the “Wireless, through-hull transfer of power and data”. This transfer is “highly focused” and ranges in excess of 1 km are discussed in unclassified reports dating as long ago as 2008 from submarine industry news source Hydro International. It is reasonable to suggest significant advances have been made in all of these technologies during the past 9 years, especially given the focus during the previous U.S. President’s adminstration.

Regardless of theories about possible test interdiction from the U.S., the North Korean weapons tests and their accelerated preparation have become increasingly ominous. Both media and political rhetoric has shifted from “if” there will be a military confrontation with North Korea, to “when” it will actually begin.

Top image: (computer generated) image of a North Korean SLBM (Rodong Sinmun via NK News)

 

The brand new RAF Rivet Joint aircraft “fried” Daesh communications with massive jamming attack in Libya

A British Special Operation led by a “brand new” RC-135 Rivet Joint aircraft of the Royal Air Force has shut down ISIS comms in Libya recently.

UK special forces have recently carried out “black ops” attacks against Daesh stronghold of Sirte, on the Mediterranean coast, using Electronic Warfare to shut down ISIS communication network in Libya.

The “highly sophisticated” jamming strikes were led by a RAF RC-135W “Airseeker,” one of the three ex-USAF KC-135 tanker converted starting back in 2011 by L-3IS in Greenville, Texas, at a cost of around 650 million GBP (950M USD).

Indeed, the operators aboard the British Rivet Joint first tuned into the militants preferred frequencies and then used the high-powered transmitters to broadcast interference on the same wavelengths, drowning out the enemy’s conversations on the battlefield, according to a source who talked to the Daily Mail.

Whilst the RC-135 jammed the Daesh frequencies from off the Libyan coasts, aboard HMS Enterprise, a GCHQ (Government Communications Headquarters which is the centre for UK’s Signal Intelligence – SIGINT – activities) cyber-warfare team gauged the response to last week’s jamming strike by monitoring exchanges online between IS leaders – who are believed to be in command of up to 6,000 jihadists in Libya.

The defense source told the Daily Mail that the IS fighters “were very angry and couldn’t understand what had gone wrong. We jammed the frequencies for 40 minutes – long enough to prove the capability, but not so long that IS realized what was happening.”

The RC-135W is an intelligence gathering plane that usually monitors communications: the aircraft is equipped with all sorts of antennae and sensors, to eavesdrop enemy signals, transmissions, detect frequencies used by radio and radars and pinpoint sites of interest, mobile stations, SAM batteries, etc.

But, according to the source it also features active EW capabilities and the aircrews “occasionally use jamming strikes to spread confusion among their ranks at vital times.”

ZZ664_RC-135W_RAF_Mildenhall_2016_1

The United Kingdom are the only Rivet Joint operator in the world outside the United States.

The first of three Boeing KC-135R Stratotankers (64-14833) scheduled to be converted to RC-135W configuration for the Royal Air Force arrived at prime contractor L-3 Communications’ facility at Majors Field, Greenville, Texas in December 2010.

British pilots, navigators, electronic warfare officers, intelligence operators and airborne maintenance technicians from No. 51 Squadron all began training at Offutt Air Force Base, Nebraska, in January 2011 undertaking around 2000 sorties and around 35,000 flying hours.

In March 2011 the remaining two Nimrod R.1s that provided electronic intelligence with No.51 Squadron at RAF Waddington were retired from service leaving a three-year gap of having nothing in the UK’s ISR mission until the UK received their first RC-135W ZZ664 in December 2013. ZZ664 was deployed to the middle East in April 2015 and it was expected it would be deployed for around 6 months.

The Second RC-135W Airseeker ZZ665 (ex-USAF/64-14838) was delivered direct from L-3 Communications’ facility in Texas to RAF Mildenhall as ‘SAME 40’ on September 13th 2015. Both RC-135Ws would normally be based at RAF Waddington, Lincolnshire but due to continued runway work there the unit is currently flying from RAF Mildenhall when not deployed on operations.

The third and final RC-135W Airseeker (ZZ666) is currently being converted from KC-135R (64-14840) to RC-135W configuration and is due to be delivered to the RAF by 2018.”

The images in this post were taken by photographer Ashley Wallace. They depict RC-135W ZZ664 from No.51 Squadron taxiing to runway 29 at RAF Mildenhall for departure using the callsign ‘DRAGNET 41” on a training mission on Feb. 19, 2016, wearing special tail markings to celebrate the 100th anniversary of No. 51 Squadron.

ZZ664_RC-135W_RAF_Mildenhall_2016

All images by Ashley Wallace (who has also contributed to this post)

Update: we investigated the Rivet Joint (RJ) jamming capability claimed by the English tabloid’s source with the help of Robert Hopkins, III, a former RC-135 aircraft commander who flew the S, U, V, W, and X models in the 1980s and 1990s, and author of a book on the type.

Here’s his answer:

“After speaking with several of my contacts in the RC community, I think you may wish to consider the story of the Airseeker as a jammer to be, as the TV show Mythbusters says: BUSTED.

Jamming requires massive amounts of power and power requires massive amounts space and weight, which is just not available on the RJ. Buzzing the spectrum hinders simultaneous collection, even on adjacent frequencies, so it doesn’t make sense for both the target and the buzzer to be blind during the process. Part of the reason the RCs have operated with minimal fuss in airspace adjacent to Russia and China is that they are only receiving, not broadcasting. Remember the canard they were equipped with SLAR in the cheeks? Yeah, never happened but every magazine reported it as such for years—was the ASD-1 and later AEELS. If the RJ had a jamming feature the Russians and Chinese would be all over that and they would go public and ugly early.

 

My best guess, in the absence of the MoD official owning up, is that the Airseeker located the desired frequencies and some other source (air, ground, no matter) did the jamming while the Airseeker listened to the chaos.”

Salva

Salva

While its aircraft can be tracked online, the U.S. Air Force only worries about Tweets….

Bad OPSEC (Operations Security) exposed by Air War on ISIS?

“Loose Tweets Destroy Fleets” is the slogan (based on the U.S. Navy’s WWII slogan “Loose Lips Sink Ships”) that the U.S. Air Force Central Command used a couple of weeks ago for an article aimed at raising airmen awareness about the risk of sharing sensitive information on social media.

Indeed, the AFCENT article speaks directly to the threat posed by Islamic State supporters who, according to Stripes, on at least two occasions have acquired and posted online personal data of military personnel, urging sympathizers, “lone wolves,” to attack Americans in the States and overseas in retaliation for the air strikes.

The article highlights the importance of proper OPSEC to keep sensitive information away from the enemy and to prevent leakage of information that could put missions, resources and members at risk,  “and be detrimental to national strategic and foreign policies.”

Interestingly, the article only focuses on the smart use of social media. Ok, however, there are other possible OPSEC violations that the U.S. Air Force (as well as many other air arms currently supporting Operation Inherent Resolve, in Iraq and Syria, or Enduring Freedom, in Afghanistan) should be concerned of.

In October 2014 we highlighted the risk of Internet-based flight tracking of aircraft flying war missions after we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circles over the Ghazni Province.

The only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations.

Although such risk was already exposed during opening stages of the Libya Air War, when some of the aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net and despite pilots all around the world know the above mentioned websites very well, transponders remain turned on during real operations making the aircraft clearly visible to anyone with a browser and an Internet connection.

Magma 13

USAF C-146A Wolfhound of the 524th Special Operations Squadron

During the last few months many readers have sent us screenshots they took on FR24.com or PF.net (that only collect ADS-B broadcast by aircraft in the clear) showing military planes belonging to different air forces over Iraq or Afghanistan: mainly tankers and some special operations planes.

Hoser 15

Canadian tanker

We have informed the U.S. Air Force and other air forces that their planes could be tracked online, live, several times, but our Tweets (and those of our Tweeps who retweeted us) or emails have not had any effect as little has changed. Maybe they don’t consider their tankers’ racetrack position or the area of operations of an MC-12 ISR (Intelligence Surveillance Reconnaissance) aircraft a sensitive information…

A330 over Iraq

RAF A330 tanker over Iraq

Image credit: screenshots from Flightradar24.com

 

A U.S. Air Force Intel team turned a comment on social media into an airstrike on ISIS building

A comment on a social media can attract three JDAMs (Joint Direct Attack Munitions).

It looks like the imprudent use of social media cost ISIS an air strike and three JDAMs dropped by U.S. attack planes on one of their buildings.

According to Air Force Gen. Hawk Carlisle, head of Air Combat Command, airmen belonging to the 361st Intelligence, Surveillance and Reconnaissance Group, at Hurlburt Field, Florida, were able to geo-locate an ISIS headquarters building thanks to a comment posted on social media by a militant.

As Carlisle explained to Defense Tech:

“The guys that were working down out of Hurlburt, they’re combing through social media and they see some moron standing at this command. And in some social media, open forum, bragging about the command and control capabilities for Daesh, ISIL. And these guys go: ‘We got an in.’ So they do some work, long story short, about 22 hours later through that very building, three [Joint Direct Attack Munitions] take that entire building out.”

Although the U.S. Air Force did not release any further information about the location of the headquarters or the aircraft that carried out the attack, the story is quite interesting as it proves that not only are social media used by ISIS for propaganda and recruiting purposes, they are also used by U.S. intel team to identify ground targets, supplementing ISR (Intelligence Surveillance Reconnaissance) activities conducted with the “usual” platforms, like satellites, spyplanes and UAVs (Unmanned Aerial Vehicles).

U.S. and NATO soldiers are always made aware of the risk of using social media and, generally speaking, digital technologies which embed information that can be exploited by the adversaries in various ways. Still OPSEC (Operations Security) breaches occur.

In 2007 four Apache helicopters were lost in Iraq because of smartphone geotagging: insurgents were able to determine the exact location of the AH-64s and successfully attack them because some soldiers had taken pictures on the flightline and uploaded them (including geotagging data) to the Internet.

Now even IS militants have experienced how dangerous an incautious use of social media can be.

Image credit: U.S. Air Force