Tag Archives: GPS spoofing

Iran's new (amateur) surveillance drone unveiled

Updated Dec. 27 10.00 GMT

Since Dec. 4, I’ve been constantly monitoring Iranian media for pictures, news releases or statements about the U.S. RQ-170 Sentinel drone captured by Iran.

Even if the news of the once stealthy American drone are slightly fading, on Dec. 26, the Islamic Republic News Agency IRNA, published the images of an electric rone built by students of Islamic Azad University in the city of Heris, East Azarbaijan province.

Similar to a small-scale Learjet business jet (actually, almost identical to the Hondajet as suggested by its markings) sitting on a table, the ultra-light amateur drone is capable of flying 35-minute reconnaissance missions at night, with a maximum speed of 250 km/h and a minimum of 50 km/h. It can cover a distance of 10 km and operate at an altitude of 9,000 feet.

Powered by two electric engines and capable of flying on a single engine, the drone can scan the ground and dispatch the data to a ground station. As reported by the IRNA, according to the Head of the technical team involved in manufacturing the drone, Nasser Nazari Heris, it took only four months to design and manufacture the drone.

Although this drone will remain an amateur project with no military significance, it gives us once again the opportunity to notice that, since it has showed the first (and only) images of the “Beast of Kandahar”,  the regime is stepping up the propaganda war, with frequent statements about Iran’s capability to “hack” and take over remote control of U.S. drones (although the Sentinel may have crash-landed in Iran because of technical failure) or reverse engineer the RQ-170 to build its own drones.

In the meanwhile, on Dec. 24, Iran’s Navy launched the massive 10-day naval exercise “Velayat 90” in the area stretching from the east of the Strait of Hormuz in the Persian Gulf to the Gulf of Aden. Iranian submarines, warships, and other naval vessels with their accompanying helicopters are attending the drills. I’ve read no reports about drones taking part to the exercise. So far.

Image source: IRNA

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/

Size, position and orientation of the captured U.S. stealth drone in Iran: an architect's analysis

Many speculations and very few known facts surround the mysterious capture of the U.S. stealthy RQ-170 Sentinel drone in Iran. While the U.S. claim that the robot was lost as a consequence of a technical failure occurred during a spy mission from Afghanistan (the version that, backed by some local accounts, I consider now the most likely), Iran has always affirmed that the once secret UAS (Unmmanned Aerial System) was ambushed using a GPS-spoofing attack along with a complex cyber warfare operation that enabled its military to take over remote control of the Lockheed Martin robot.

Official statements aside, the only things we can be sure of are the images of the drone showcased in what looks like a gymnasium of a school, made available by Iran’s Revolutionary Guard website.

Whether you belong to the “party” of those who believe the drone is real or you think it is a fake, those pictures ,alongside the footage released by the State TV, are the only proof that the one in Iran is indeed the elusive ‘bot dubbed the “Beast of Kandahar”.

Many details can be discovered by analyzing the few available images that, at the same time, raise many more questions.

Bjørn Holst Jespersen is a Danish architect who has been following the developments of the saga of the Beast of Kandahar on this blog since the beginning. I’ve asked him to check if the gymnasium where the drone was showcased is compatible with the one pointed out a few days ago by a source as the location where the Sentinel was hidden.

Using perspective drawing techniques, by extending lines and establishing vanishing points to subdivide areas using diagonals, he has studied the photographs of the captured RQ-170 to determine both the building and drone size as well as the orientation of the gym.

Here is what he was able to ascertain from the images.

Size

It seems the gym-space is 36-meter long (6×6 meter sections) and about 20-meter wide. The building/drone size is calculated on the basis of markings on the floor. “The assumptions that I have based the reconstruction on are that the circle in the middle is a standard centre circle for basketball, and that there are markings (white lines) for volleyball”  Bjørn says.

“Markings correspond and point to a constructive section being 600 cm centre to centre (this is established by extending the lines until they hit the wall) corresponding with standard size Iranian brick that I googled. This together makes a strong case for the length of the building: the bricks can be larger than standard, but that would make the 300 cm markings for volleyball too wide and also make the 360 cm diameter basketball centre circle too large” the Danish architect explains.

“The width of the building was harder to get a handle on but based on the same assumptions I don’t see the gym-space being more than 20-meter wide. With walls and overhang this would be about 22 meters…unless the court is placed asymmetrically(!).

Orientation

By establishing the vertical sun-angle the solar-time (using this calculator) can be determined. This gives the compass-direction to the sun. By establishing the horizontal angle of the entering sun, the orientation of the building can be ascertained, giving an AM and a PM value.

“The drawing explains “which ray” I calculate. Since the lengths of the sides of the horizontal triangle is calculated from counting bricks, the brick size becomes irrelevant, but the counting could be wrong as could the estimated “entrance point” of the ray. Furthermore, the calculation is based on the end-wall leaving no gap behind the last steel frame. The further back the wall is, the more the horizontal angle will fit the building pointed out by the source.”

“The vertical solar angle is possibly lower than I have assumed due to 3 layer of bricks being 18 cm instead of 20 as I have used (have done some more googling since). This will set the time of day to 09.33 AM or 02.27 PM. If this is the case (and the horizontal angle is correct) the building pointed out by the source will be only 5 degrees off” Bjørn says.

Conclusion

According to Google Maps/Google Earth the size of the building identified by the source as the one where the drone is/was hidden is significantly bigger than that the architect has found (about 5 meters longer and some meters wider too).

However, as Bjørn says:  “I cannot entirely exclude that I have made some error or – less likely – that the building is larger than the gym-space. I cannot even say how precise the measuring on Google Maps is. But if the building only has the gym-space, and the measuring on Google Maps is precise I’m close to excluding it as the right location. The ratio of length vs width looks about right.

Dealing with the orientation of the tiped off building: “compared to my the sun-angle study it seems to be about 5 degrees off at AM. This is more than I would like to accept as a margin, but realistically, it is still quite possible. (PM is impossible unless photos are mirrored).”

The two reference figures inserted in the satellite images at the bottom are not exact in size, only in orientation. The tiped off location is still within the margin of error – even though close to falling outside. Both because of the orientation, but mainly because of the size which seem too big.

So, if the U.S. were studying a raid on this gymnasium near Kashmar to free their drone, maybe it’s better they reconsider it…. :-)

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/

Captured U.S. stealthy drone in Iran: the simplest solution solves the mystery

The solution to the mystery of the capture of the U.S. (once) most secret drone could be much simpler than everyone has speculated so far.

Today’s post on the topic will in fact provide some new theories emerged during the last days and a quite simple one that could explain various oddities of the story of the Lockheed Martin RQ-170 Sentinel captured by Iran on Dec. 4, 2011.

Let’s start from the latter.

It comes from the Iranian physician, blogger and political activist Dr Mehdi Khazali, who is also one of the strongest critics of the government of Tehran.

As pointed out by some visitors of the site, he has deleted a report he had published in the aftermath of the “downing” of the drone, in which he explained that the U.S. drone crash landed unnoticed by anyone in the desert and was spotted some days later by sheep-keepers who were afraid to get closer so they reported the airplane’s presence to the police that reported it to the Revolutionary Guard.

Obviously, upon arrival on the scene, the IRG seized all mobile phones from people who had recorded films of the American spy-robot.

He has deleted his report from his website but the original post is still available on Google cache and answering to viewers’ questions about deleting the post about the U.S. drone, he said that he has been pushed to delete them because of Iran National Security Issues.

Summing up: the stealth drone, undetected by any radar crash lands in an uninhabited area in the Iranian desert. The cause of the crash could have been an unknown failure that the U.S. are unable to determine because the drone has crashed in an unknown location making a recovery or destruction mission impossible.

At the beginning, the U.S. decide not to disclose the information because the robot may have crashed in the mountains, where no one will ever find it, or have suffered extensive damage that will make it useless in the hands of the Iranian analysts. And, by giving the news, they would admit they have undertaken spy missions in the Iranian airspace, thus confirming they have joined Israel in the covert war on the Iranian nuclear program.

However, a shepherd finds it almost intact and the news spreads, forcing the U.S. to admit the loss. Iran has the great opportunity to show it and to make some propaganda “advertising” some of their (most probably existing) capabilities in the Electronic and Cyber Warfare fields.

In conclusion: the CIA has lost its most secret drone behind the enemy lines and it has survived the crash landing; Iran has been given an unexpected gift that can be used to study and reverse engineer the U.S. technology.

Needless to say, this is just one of many theories that have emerged since the drone’s first pictures appeared on Iran’s State TV as the “Beast of Kandahar” was showcased in a school’s gymnasium. Quite simple, not involving any jamming, GPS spoofing, satellite-link encryption breaking and control link spoofing. While acknowledging the skills and progress in these fields of the Iranians, and the vulnerabilities of the U.S. drones, some of them were a bit far fetched.

We should also not forget that any army capable to detect a drone, because it is using a Syntetic Aperture Radar, with Infrared, visually spotted, or because it always flies the same route, would probably try to down it first with an interceptor or a surface to air missile than dare to take over control of it.

Ok, now let’s get back to the last post about the mysterious hatch, that among other things (speculation on!) could have been used for a recovery chute.

According to Bernhard “b”, those lines along the access hatches could be tape.

“That would explain the not very straight lines and the “wheel grinder cut mark” which isn’t one. We do know that on the B-2 as well as on the F-22 radar absorbing tape is used to mask any gap at the seem of access hatches” he commented.

“In the original B-2 design, specially formulated tapes and caulks were used to cover gaps on the surface such as those near maintenance access panels. These materials have to be removed each time maintenance is performed, then reapplied and allowed to cure before the aircraft can be returned to service” he added mentioning the following website.

Another visitor, Jaime Maia, provided a possible explaination to the  wavering and other artifacts of the close up picture of the hatch: “if it was grabbed from a video, they would be produced by Discrete Cosine Transform of the image compression algorithm.”

That said, I still believe the drone is real and not fake. Maybe it was repaired or cleaned (and probably the hatch has nothing to do with a recovery chute) but I think it’s authentic. In addition President Obama has requested it to be returned.

However many experts, aviation enthusiasts and journos don’t agree with me.

Mark McGrath, a military aviation photographer, believes “the drone in Iran is a 1:1 scale fibreglass replica of an RQ-170, which is unpainted hence the colour difference. The Iranians say they have captured other US & Israeli drones – this may or may not be true, but the US may want to investigate how capable the Iranian EW is with a view to developing countermeasures & jamming for it. They build a replica drone that they know will be “lost” over Iran & fit it out with some sensors that relay the EW attack on it to a real drone over Afghanistan.”

A bit excessive, as Mark admits, but the secret operation in Pakistan involving special forces and a brand new stealthy chopper, has already proved that reality can be stranger than fiction.

Update Dec. 19 23.29GMT

I forgot to add a detail about the story recalled by Kazhali. He says that weapons were found on the drone. Since we know the RQ-170 is unarmed, unless we assume a sensor was reported by someone as a bomb, this detail seems to discredit the Iranian blogger’s story.

However, two new pictures published on Dec. 2011 issue of Combat Aircraft before the drone was “downed”, show a new kind of sensor under the fuselage and the evidence of a ventral weapons bay.
Now connect the dots: the recent mysterious blasts in nuclear sites in Iran and a bomb carried by a stealth drone… Intriguing but unlikely, since Iran would let the world see the PGM if the drone carried it.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/

Salva

Unknown hatch on captured U.S. stealth drone raises questions

The amout of contribution I receive each time I publish a blog post on the stealth drone now part of Iran’s asset is amazing. For instance, yesterday, few minutes after publishing the Infographic that I used to explain how the drone was captured (a theory based on the known facts to date), I got an email from Dave Krakow with an interesting drawing he sent me to show how the mysterious hatch on the top of the RQ-170 Sentinel, it’s not up to the typical American Aerospace standards. “The details are imprecise, nothing like Lockheed Martin products.”

Image courtesy: Dave Krakow

Dave believes the thing shown by Iranians was possibly constructed previously, for radar signature research, with details added in a hurry for cameras. “A lot of the commentary on the web regarding general accuracy assumes Iranian intelligence has only the same photos we have on the internet, and thus they could only know certain details if they had an original.  I don’t think this is a reasonable assumption” he wrote to me.

For sure, as highlighted in the above image, the mysterious “top hatch” (that I supposed could be used to deploy a recovery chute) features some oddities. Some of them in particular, raise questions. However the angle of the camera, the effect of the zoom, and many other contributing factors (lights, shadows, image compression etc) may have affected the quality of the footage shown on Iran State TV rendering, for example, fasteners seemingly randomly spaced.

Furthermore, there’s still a chance that Iranians worked on the Sentinel after they recovered it: maybe they tried to get access to the internal hardware, removed panels to inspect lenses, memories to look for interesting data or to disable any self-destruction mechanisms or Emergency Locator-like systems, in order to prevent the Americans from locating or destroying it.

Nevertheless, we can’t rule out the possibility that the one showcased in what looked like a school in Kashmar was actually obtained by melting pieces belonging to various wrecked Sentinels that Iran has downed in the past, even if this would imply that the U.S. have already lost two or more “Beast of Kandahar” robots in Iran! By the way, Iran has recently announced it will show the remains of three U.S. and four Israeli drones downed in the last years while spying on Iran’s nuclear program.

Someone argued that a deployed recovery chute would have confirmation only if hatch doors were opened but I’ve already given a possible explaination for the fact that they were closed.

Someone suggested the drone is too clean for a crash landing, however, if a recovery chute made its crash landing soft, I would expect a damaged belly, as the hidden bottom of the drone seems to confirm.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/

Infographic: how the U.S. top secret stealth drone was captured by Iran

Even if the story that the U.S. stealthy RQ-170 Sentinel drone captured by Iran was hijacked using a GPS spoofing attack is based on known facts and vulnerabilities highlighted in Air Force official documents, the “ambush”, as detailed by an Iranian Electronic Warfare engineer to the Christian Science Monitor, contains some controversial points.

First of all,  the lost-link procedure does not foresse the RQ-170 landing autonomously at his actual homebase (because of the many variables, such as wind and traffic) but orbiting until link is re-established or the drone runs out of fuel.

For instance, even under Remote Split Operations, landing is performed in Line Of Sight by the local ground control station: latency induced by the SATCOM link is not compatible with the last phases of the flight when immediate reactions of the robot’s control surfaces to the inputs given remotely by the pilot are required to safely bring the drone on the ground.

Furthermore, provided that the autolanding is used in the lost-link events, it is not that easy to land the drone on a different landing field than its homebase without causing major damages.

Finally, it seems quite weird that any insider so proud to have achieved a hack of the most secret U.S. unmanned aerial system (UAS) could be at the same time so uncautious to give the details of the entire operation to the public domain, with the first and most obvious consequence of not being able to repeat it in the future. Unless, the type of attack they have described is all but unexpected but very well known because highlighted in the above mentioned official documents.

So, I’ve asked once again my friend Ugo Crisponi to put on a nice infographic what I think may have happened on Dec. 4, 2011, when the drone was “downed”, based on all the details I was able to collect so far.

Here it is:

sentinel infographic

I think the drone’s link with Creech AFB was disrupted using jamming. How did the Iranians know the “Beast of Kandahar” was in the vicinity if they couldn’t see it on the radar? They may have intensified jamming around uranium enrichment sites.

Serbians were able to shot down the F-117 because during the Allied Force planners put the F117s on repetitive routings. Stealth planes are not invisible. They are extremely difficult to see, if you don’t know where they are and you are not close enough to track them. Maybe something similar happened in Iran.

I think that Iran played a role in the crash landing simply because they were able to recover it. If they hadn’t known where the drone had landed they would not have been able to get their hands on it.

Once the link was lost, as per procedure, the drone started an series of racetracks/orbits waiting for the signal to be re-established. In this phase, maybe the Iranians were able to spoof the onboard GPS and guide the drone in the wrong direction. Nevertheless this would mean that the most important American drone relies only on the GPS for navigational purposes and doesn’t use an INS (Inertial Navigation System) platform. Indeed even some GPS-guided bombs as the JDAM (Joint Direct Attack Munition) use anti-jamming and anti-GPS spoofing systems, some of those are based on simple inertial measurement units.

Then, when the Sentinel ran out of fuel, it crashed. Even though it was not mentioned before, there’s a possibility that the drone survived the impact because it was equipped with a safety chute. In fact, I’ve noticed a mysterious hatch on the top of the RQ-170, that, among other things could host the parachute used to safe the precious drone.

It’s obviously a speculation because such a chute could safe the airframe but could also preserve it for the enemy when the drone runs out of fuel during a mission behind the enemy lines. As happened in Iran.

Look at the following video.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/

Salva