Pentagon says U.S. fixed drones hacked by Iraqi insurgents
Iraqi insurgents, using a $25.95 off-the-shelf commercial application, were able to intercept communication between U.S. surveillance UAVs and the UAVs’ command center; the hacking was discovered when the U.S. military found files of intercepted drone video feeds on laptops of captured militants; U.S. soldiers discovered “days and days and hours and hours of proof,” one U.S. officer said; the same hacking technique is known to have been employed in Afghanistan; the U.S. government has known about the UAV communication flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it.
The U.S. military has fixed a problem that allowed Iraqi militants to use cheap software to intercept the video feeds of U.S.-operated drones, a defense official said on Thursday. “This is an old issue that’s been addressed,” the official, who spoke on condition of anonymity, told reporters. The problem has been “taken care of,” he said.
AFP reports that the official spoke after the Wall Street Journalwrote that Iranian-backed Shiite insurgents had used software programs such as SkyGrabber — available online for $25.95 dollars — to capture live video footage from drones. The official confirmed the report was accurate but would not discuss details of efforts to encrypt the link between drones and operators on the ground.
The case raised questions about the security of the U.S.’s highly valued drones that are central to U.S. military operations in Iraq and Afghanistan as well as CIA manhunts against al-Qaeda figures in Pakistan. Secretary of Defense Robert Gates has put a priority on devoting more drones to Afghanistan and on expanding and improving the drone fleet, which include Predator and Reaper aircraft armed with precision-guided bombs and Hellfire missiles.
James Clapper, the undersecretary of defense for intelligence, reviewed the problem on orders from Gates and concluded the hacking by Iraqi insurgents revealed a flaw in the security of the drone fleet. The practice was uncovered in July 2009, when the U.S. military found files of intercepted drone video feeds on the laptop of a captured militant, intelligence and defense officials told the Journal. They discovered “days and days and hours and hours of proof,” an unnamed source told the Journal. “It is part of their kits now.”
Some of the most detailed examples of drone intercepts have been uncovered in Iraq, but the same technique is known to have been employed in Afghanistan and could easily be used in other areas where U.S. drones operate.
The U.S. government has known about the flaw since the 1990s, but assumed its adversaries would not be able to take advantage of it, the Journal said. There was no evidence that militants could control the drones or otherwise interfere with their flights, but the vulnerability would allow the unmanned craft to be monitored and tracked.
Adding encryption to a decade-old system requires upgrading several components of the system linking drones to ground control. One of the developers of SkyGrabber, which is made by Russian company SkySoftware, told the Journal he had no idea the program could be used to intercept drone feeds. “It was developed to intercept music, photos, video, programs and other content that other users download from the Internet — no military data or other commercial data, only free legal content,” Andrew Solonikov told the Journal.
