Predator drone download by Iraqi insurgents wasn't 'hacking'
A Wall Street Journal story on the apparent ability of Iraqi insurgents to intercept video surveillance taken by the US military's $4 million predator drones has attracted intense interest. But the vulnerability of the transmissions has long been understood, and the intercepts weren't really "hacks."
The Wall Street Journal story on Thursday morning that revealed insurgents in Iraq had been intercepting video transmissions from US Predator drones had a very catchy headline: "Insurgents Hack US Drones: $26 software is used to breach key weapons in Iraq; Iranian backing suspected."
Those words "hack," "breach" and "Iranian" were enough to set off frightening flights of fancy: Iraqi fighters had found a way to commandeer the $4 million Predators and their Hellfire missiles. If they'd managed to wrest control away from their US pilots (who are often sitting in air-conditioned offices in Arizona while gathering intelligence over Mosul or planning strikes on insurgent leaders in Baquba), could turning them on our own forces be far behind?
But the full story revealed that there really wasn't any hacking going on, and certainly no prospect of seizing control of the drones. Instead, what was happening was the passive downloading of US video transmissions, which were later discovered on captured insurgents laptops.
Since the video streams that the Predators send back to bases across the world aren't encrypted, no security effort was being "breached." And while a number of Shiite insurgent groups in Iraq like the Mahdi Army have received explosives and financial support from the Iranians over the years, no evidence has even been presented that they've received advanced weaponry.
Insurgents used $26 software meant for downloading soccer matches
Advanced Iranian support would certainly not have been needed to target and download what amount to free-to-air transmissions by US Predators, since all it acquired was the $26 Russian software package SkyGrabber, a computer, and a satellite dish. SkyGrabber, along with most types of commercial software, is freely available in Baghdad, where it's popular for its designed purpose: illegally downloading European soccer matches and movie channels without paying hefty satellite subscription fees.
The software is also available for download, including a free version, from the company's website.
The existence of this and other software packages have long infuriated movie and satellite-television agencies, which argue that since they enable viewing of copyrighted broadcasts for free, their use should also be illegal.
To its credit, the Journal did point out that what enabled insurgent access to the videos was a security flaw that the US has known about since the moment the Predator's went into service over the Balkans 15 years ago.
"The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control," the Journal wrote in the 14th paragraph of the story. "The US government has known about the flaw since the US campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said."
That final sentence is a bit worrying, and reflects a common pitfall within the US and many other "sophisticated" armed forces: Officers and war-planners often make the mistake of assuming their enemies are dumb, and not particularly adaptable.
Iraqi insurgents have proved they adapt quickly
If the Iraq and Afghanistan wars have taught anything, it's that insurgents are mighty good at adapting. Those who aren't good at adapting are killed and captured quickly. The smarter ones survive longer and get tactically smarter and more nimble as they go.
That's why the crude improvised explosive devices (IEDS) that bedeviled US troops at the start of the Iraq war evolved into the explosively formed penetrators that could throw slugs of metal through the armored Humvees that were rushed to Iraq to deal with the earlier problem. It's why insurgents switched from using remote-controlled radio detonators (garage-door openers were popular) to detonate these bombs in the early days after the US started deploying jamming equipment. Instead, they started burying detonation wires. And it's why, with few exceptions (the battle for Fallujah, for example), insurgents never massed to fight US forces head on – something that allowed superior US training and aerial supremacy to wipe them out in large numbers
TV stations take more precautions
What's particularly odd about this is that the US military is generally obsessive about keeping its secrets. "Operational security," or "op-sec" is often given as a reason why Marines calling home from Iraq aren't allowed to say what Iraqi province they're in, or when they might be coming home. On more than one occasion I walked into briefing rooms on US bases that sent soldiers on duty scrambling to turn white-boards with mission planning information or local intelligence on them towards the wall.
But as Nate Anderson, writing on the Arstechnica website, points out, fewer measures were taken to thwart interception of the sensitive intelligence provided by drones – which the US military has increasingly come to rely on – than commercial television stations and DVD manufacturers take.
"Operating system vendors have built entire "protected path" setups to guard audio and video all the way through the device chain. TVs and monitors now routinely use HDCP copy protection to secure their links over HDMI cable,'' he writes. "But US drones, which spy on militants and rain down death from a distance, have none. The mind boggles."