In the same hours in which I was publishing my post on Cyber Weapons, news agencies all around the world have begun to release (few) details about a new alleged Cyber Attack targeting the Iranian Oil Ministry, the National Iranian Oil Company and several other state-owned businesses.
Of course Iran is not new to Cyber Attacks targeting Critical Infrastructures (do you remember Stuxnet and the possible hoax of Duqu Stars?), in any case it is too soon to draw any connection with Stuxnet or any other kind of State-Sponsored Attack, even because, according to the scant information available, only a server providing public information has been harmed.
Probably this malware has nothing to deal with cyber weapons but, just for fun, I cannot help but notice that this alleged Cyber Attack came in the same day in which, among many doubts, Iran has announced to have reverse-engineered the U.S. stealthy RQ-170 Sentinel drone captured by Iran in December 2011.
The revenge of the reverse-engineered drone?
A new Cyber Attack to #Iran Oil Facilities… WTF! The #Stuxnet 2 malware inside the reverse-engineered drone was successful…
More or less one year ago, we were observing an increasing activity of U.S., British, French and Italian military spy planes perfoming information gathering missions along the northern border of the Tripoli FIR (Flight Information Region).
Quite silently, those SIGINT (SIGnal INTelligence) platforms flew in the Maltese airspace to eavesdrop into Libyan communications and signals and to collect the information needed to build up the so-called EOB (Electronic Order of Battle) of the Libyan forces, that would be used to have a better understanding of the situation in Libya, to know where forces were located and to build up a priority target list for the subsequent air campaign.
Presumed to remain (almost) secret, those flights were actually “advertised” by LiveATC.net, whose Maltese feeder (shut down during the war) made the radio communications between Malta Area Control Center and the various EP-3s, RC-135 Rivet Joint, C-160G, British Nimrods R1s etc. transiting the local airspace before operating in “due regard”, public.
Although nowadays we can’t listen to the radio comms of the military traffic in that area as we did in February 2011 and we don’t have the same “evidences” we had one year ago, we can be quite confident that similar activities are being conducted in or around Syria from bases in Italy, Turkey or Cyprus (RAF Akrotiri airbase).
Along with the satellite image released by the US Embassy in Damascus some American defense officials told the NBC that “A good number of American drones are operating in the skies of Syria, monitoring the Syrian military’s attacks against opposition forces and innocent civilians alike”.
The Pentagon was quick to point out that these drones were providing surveillance not for a future military intervention but to gain evidence from both a visual and communications perspective to “make a case for a widespread international response”.
However, the confirmation that U.S. robots are flying inside the Syrian territory does pose the question: what type of drone are being used?
Most media outlets are using stock images of Predator or Reaper drones, but those unstealthy ‘bots would be vulnerable to the Syria SAM (Surface to Air Missile) network, believed to be among Middle East’s most robust ones. Both MQ-1 and 9 are Medium Altitude drones that could be operating in Syria only if flying outside the range of active SAM rings.
Even if Sigonella in Sicily, hosts the U.S. RQ-4Bs belonging to the 9th Operations Group/Detachment 4th, Incirlik in southern Turkey, being next to the border, seems to be more suitable for spy missions in Syria. Missions that these days could be aimed at assessing the type of activities conducted by the destroyer Shahid Qandi and the supply vessel Kharg, the two Iranian warships that have docked at the Syrian port of Tartus after passing through the Suez canal.
In fact Egyptian sources as well as members of the Syrian opposition claimed that the two vessels have been jamming satellite telephone communications of the Syrian opposition forces.
According to the same Egyptian sources, Assad’s forces have been finding it more difficult to monitor the oppositors’ communication due to their encrypted nature and someone believes that the Iranian Navy is helping him disrupting these encrypted communications.
A bit far fetched, considered that a land based systems would be less visible than two closely watched warships, but not completely impossible.
2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).
But, if Information Security professionals are quite familiar with the idea that military contractors are primary and preferred targets of the current Cyberwar as the following infographic shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting the multirole Joint Strike Fighter is still something hard to accept.
However, things are about change dramatically. And quickly.
The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.
For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.
Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.
As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.
Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.
While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.
Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.
As has been widely reported it is no secret that China is trying to acquire stealth technology for use in their indigenous aircraft program. It was only last year that photo’s and video of the J-20 started to appear on the internet. It was clear that China had made advances into the dark art of stealth technology, although first radar evading tech dates back to about 40 years ago. What was interesting was that the J-20 did not posses the angular lines of the Nighthawk but the more rounded curves of the B-2 or Raptor, it was clear a lot of work had been done behind closed doors for the Chinese scientists.
Another area that Chinese designers have made advances in is that of UAV’s (unmanned aerial vehicles) or UAS (unmanned aerial systems). Rumours started in 2007 when, during the Paris Air show, China displayed the ‘Dark Sword’ concept.
The Dark Sword clearly had a very low RCS (Radar Cross Section) and showed the way Chinese designers were going in their work. It has appeared several times since then, indicating that this might not just be a concept but could be something that becomes reality in the future.
At the end of 2011 photos started emerging from China of a new Stealth UCAV/UAV dubbed the “Wind Blade” that features a blended wing design with long slim wings with “Sharklets” and an engine intake at the front and above the wing-like body. The overall design would lean towards a high altitude surveillance platform and going by reports it was designed by students from the Shenyang University which happens to be connected to one of China’s largest aircraft producers. Although the aircraft in the photo is a scale model it’s not clear how old the photo is, so it could be conceivable that there is now a full-scale version.
China does have several non stealthy UAVs too.
There is the SOAR Dragon which looks very similar to the Global Hawk although it has swept wings and the tail plane joins with the main wing and from the photo’s below appears to have radar absorbing paint. What is interesting in these photo’s is that the aircraft is in an advanced state of completion and looks to be being painted.
There are videos of a hybrid Predator – Global Hawk look-alike doing fast taxis down an unknown runway. The drone seems to be in an advanced state of testing meaning this could now be in a flyable position.
Analysts are divided as to where Chinese scientists are with UAV development. Based on the designs that are being displayed, the designers could have mastered stealthy shapes and the complexities of controlling the UAV. There are even reports that the Chinese are testing small-scale UAV’s for automated carrier landings.
Where most analysts agree is that China does not have the infrastructure to have a UAV reach outside of Chinese airspace and even within Chinese borders the signals are unreliable.
Maybe some of the radio/satellite link equipment, as well as internal memories, circuitry, lenses, and sensors contained in the RQ-170 Sentinel captured by Iran could be somehow helpful cause they can be evaluated, tested and copied. And, maybe, improved.
China is still a fair few years away from having a true global UAV reach which will require a lot of space systems investment to be able to achieve this. However there is one thing for sure, it will happen at some point in the future.
Today, what I’ve found on the IRG website is not a photoshopped image, or a video whose authenticity is debatable, but some really interesting and genuine (at least at first glance) photographs of the Sayyad-2 anti-aircraft missile system at work.
The Sayyad-2 is an improved (and probably outwardly much similar, if not identical) version of the Sayyad-1 missile, an Iranian indigenized system of a Chinese development of the Russian S-75 (SA-2 “Guideline” in NATO designation – yes, the SAM system that brought down Francis Gary Powers and his U-2 in 1960).
The existence of this surface-to-air missile system, that according to the most authoritative sources also integrates North Korean technology, was made public in April 2011, but the one just published are, to my knowledge, the first images of the Sayyad 2 being test-fired available on the web.
According to the IRG website, the photographs were taken during “Great Prophet 6”, an exercise that took place at the end of April, and included the test launching of the Shahab-1, Shahab-2 and Shahab-3 and Zelzal missiles.
Since then, the Sayyad has been deployed in all air-defense units across Iran. Hence, it is one of the SAM systems any U.S. or Israeli plane (either stealth or not) will have to face in case of future attack (provided that some sort of covert war on Tehran nuclear program has not started yet).
As said, the latest Iranian SAM system is a modified version of the Sayyad-1, a two-staged air defense missile capable to destroy targets with a low Radar Cross Section (RCS) flying at low, medium and very high altitude (with a claimed ceiling of 80,000 feet).
According to the data contained in a FARS news agency article published last year, the Sayyad-2 travels at 3,600 km/h (2,500 mph), has a range of 80-100 km, includes ECCM (Electronic Counter-Counter Measures) equipment and carries a 200-kilogram warhead.
And, as images show, it is colored in light-blue, a bit flashy/naive for a SAM missile that should try to remain unvisible for as long as possible.
By the way, according to the EXIF data, pictures were taken on Apr. 15 and Jun. 6, 2011.
Image source: sepahnews.com
The Aviationist patch
Send me an email if you want to support this site buying the original TheAviationist.com patch, only available through this website!