GMA News Online

Hack led to US drone capture, says report

December 16, 2011 10:51pm
A hack led to the recent capture of a United States RQ-170 Sentinel drone by Iran, a science-oriented tech site reported.
The Christian Science Monitor interviewed an Iranian engineer who said they exploited a vulnerability in the drone's system to fool it into landing in Iran.
“The GPS navigation is the weakest point. By putting noise (jamming) on the communications, you force the bird into autopilot. This is where the bird loses its brain,” the Iranian engineer said.
Using this vulnerability, which the engineer said the US had long known, Iran guided the CIA’s “lost” stealth drone to an intact landing.
Also, the engineers used knowledge from previous downed American drones to reconfigure the drone’s GPS coordinates.
The technique made the drone land in Iran at what the drone thought was its actual home base in Afghanistan.
While the CS Monitor did not name the engineer, it described him as working for one of many Iranian military and civilian teams trying to unravel the drone’s stealth and intelligence secrets.
The engineer said the “spoofing” technique, which considered precise landing altitudes, as well as latitudinal and longitudinal data, made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.
The CS Monitor said this suggests Iran has found a way to hit back at the US, after reverse-engineering several less sophisticated American drones captured in recent years.
“We all feel drunk [with happiness] now,” said the Iranian engineer, who likened their latest conquest to having the excitement of having a new laptop "multiplied many-fold.”
He added that when the Revolutionary Guard first recovered the drone, they were aware it might be rigged to self-destruct, but they “were so excited they could not stay away.”
GPS spoofing
CS Monitor quoted western military experts and a number of published papers on GPS spoofing as saying the scenario described by the Iranian engineer is plausible.
“Even modern combat-grade GPS [is] very susceptible” to manipulation, said former US Navy electronic warfare specialist Robert Densmore.
Densmore added it is “certainly possible” to recalibrate the GPS on a drone so that it flies on a different course.
“I wouldn’t say it’s easy, but the technology is there,” he said.
In 2009, Iran-backed Shiite militants in Iraq were found to have downloaded live, unencrypted video streams from American Predator drones with off-the-shelf software.
In 2003, a “Vulnerability Assessment Team” at Los Alamos National Laboratory published research explaining how weak GPS signals were easily overwhelmed with a stronger local signal.
“A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not,” said the Los Alamos report.
It added that in a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position.
The vulnerability remains unresolved to date, the CS Monitor said.
To cope with hostile electronic attacks, the US Air Force awarded two $47 million contracts in late September to develop a “navigation warfare” system to replace GPS on aircraft and missiles.
Drone-watching project
The engineer said Iran’s drone-watching project began in 2007, and stepped up and became public in 2009 – the same year that the RQ-170 was first deployed in Afghanistan.
In January, Iran said it had shot down two conventional drones, and in July, Iran showed Russian experts several US drones – including one that had been watching over the underground uranium enrichment facility at Fordo, near the holy city of Qom.
Electronic warfare
Iran asserted its ability to do this in September, as pressure mounted over its nuclear program.
Gen. Moharam Gholizadeh, deputy for electronic warfare at the air defense headquarters of the Islamic Revolutionary Guard Corps (IRGC), had described how Iran could alter the path of a GPS-guided missile.
Gholizadeh said that with the technique, “we can define our own desired information for it so the path of the missile would change to our desired destination.”
While US officials blame a malfunction, so far they cannot explain how Iran acquired the drone intact.
But the CS Monitor quoted a European intelligence source who said Iran shocked Western intelligence agencies in a previously unreported incident that took place sometime in the past two years, when it managed to “blind” a CIA spy satellite by “aiming a laser burst quite accurately.”
Google hack
More recently, Iran was able to hack Google security certificates, said the engineer.
In September, the Google accounts of 300,000 Iranians were made accessible by hackers. The targeted company said “circumstantial evidence” pointed to a “state-driven attack” coming from Iran, meant to snoop on users.
Cracking the protected GPS coordinates on the Sentinel drone was no more difficult, claimed the engineer.
In 2009, US officials said they were working to encrypt all drone data streams in Iraq, Pakistan, and Afghanistan.
This was after they found militant laptops loaded with days’ worth of data in Iraq, and acknowledged that they were “subject to listening and exploitation.”
Go to comments

We welcome healthy discussions and friendly debate! Please click Flag to alert us of a comment that may be abusive or threatening. Read our full comment policy here.
Comments Powered by Disqus