ILLINOIS INSTITUTE OF TECHNOLOGY        PIRATING THE ULTIMATE KILLER APP:   HACKING MILITARY UNMANNED AERIAL VEHICLESITM 5...
McBride, 1                                                 Introduction        In late 2008, a U.S. Army commander in Iraq...
McBride, 2           Approximately one year after the Department of Defense (DOD) learned that enemyinsurgents possessed t...
McBride, 3                                            Development of UAVs        "The wars of the future will not be fough...
McBride, 4creation of the Air Force as a separate military branch, these pilots gained the decision-makingauthority to eff...
McBride, 5                                      Development of the Predator        "The elimination of pilot life support ...
McBride, 6the awarding of the Predator contract to its first use in combat was around two years: a gruelingdevelopment tim...
McBride, 7February 16, 2001, a specially-modified Predator drone successfully destroyed a target at atesting facility usin...
McBride, 8                                            Predator Vulnerability        “Global terrorism is extreme both in i...
McBride, 9        The vulnerability of the Predator platform lies in the fact that it does not encrypt itssurveillance vid...
McBride, 10seeking, what Defense Secretary Robert Gates called, “gold-plated” solutions to defenseprocurement, the Pentago...
McBride, 11actually considered the use of unencrypted video downlinks to be a feature of the Predatorsystem. For example, ...
McBride, 12                                Skygrabber Functionality and Exploit        Skygrabber is a piece of software d...
McBride, 13sniffer is running, Skygrabber downloads all files that pass through the satellite datalink meetingthe defined ...
McBride, 14                                             Military Response        On December 18, 2009, Admiral Mike Mullen...
McBride, 15roaring into [his] command post."46 In contrast with Russia and China, Afghan and Iraqiinsurgents were not even...
McBride, 16some time until these changes are fully completed.51 Certain military analysts have suggestedthat these technic...
McBride, 17Singer, a defense analyst at the Brookings Institution, notes, the Predators “are very much ModelT Fords. These...
McBride, 18                                       Works CitedAppel, Rich. “The Secret War of Lisa Simpson.” The Simpsons A...
McBride, 19Hoffman, Michael. “AF looks to automation to help monitor UAVs.” Air Force Times      (Published 27 August 2010...
McBride, 20       <http://www.wired.com/politics/security/commentary/securitymatters/2009/12/securitym       atters_1223>....
McBride, 21
McBride, 22
McBride, 23Figure 3: The Exponential Increase in Jet Fighter Development CostSource: Todd Sandler and Keith Hartley, ed., ...
McBride, 24Figure 4: The Precipitous Drop of Global Defense Spending Post Cold War                                        ...
McBride, 25Figure 5: Skygrabber Functionality
Upcoming SlideShare
Loading in …5
×

Pirating the Ultimate Killer App: Hacking Military Unmanned Aerial Vehicles

8,813 views
8,790 views

Published on

Published in: Technology
3 Comments
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total views
8,813
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
3
Likes
0
Embeds 0
No embeds

No notes for slide

Pirating the Ultimate Killer App: Hacking Military Unmanned Aerial Vehicles

  1. 1. ILLINOIS INSTITUTE OF TECHNOLOGY PIRATING THE ULTIMATE KILLER APP: HACKING MILITARY UNMANNED AERIAL VEHICLESITM 578: INFORMATION SYSTEMS SECURITY MANAGEMENT BONNIE A. GOINS BY SEAN P. MCBRIDE CHICAGO, IL 15 MARCH 2011 AD MAIOREM DEI GLORIAM
  2. 2. McBride, 1 Introduction In late 2008, a U.S. Army commander in Iraq planned and ordered a combat operationbased off intelligence that suggested the possible location of a known Shiite militant.1 To theassigned combat patrol, this action was a seemingly typical combat operation. As on most otherdays, the soldiers planned and rehearsed how they would storm the target location based on mapsand digital imagery intercepted from Predator drones. The patrol travelled to the suspectedlocation, stormed the building, and neutralized the target without significant resistance. After thesoldiers subdued, disarmed, and tied up the insurgent, they searched his person and immediatesurroundings for anything that could possibly yield actionable intelligence for future combatoperations. Among other things, the soldiers found and catalogued a laptop computer. The discovery of an enemy combatant’s laptop computer can often be extremely usefulfor coalition forces. Much like domestic police, the U.S. Army has trained experts in digitalforensics that are able to extract actionable intelligence from laptops and other captured enemyelectronics.2 Such actionable intelligence can include documents and digital communicationsbetween insurgent cells, which provides commanders and intelligence officers information onenemy personnel, weapons, and operational intent. When the Army digital forensics expertsanalyzed this laptop, they likely found many of these things. However, they also foundsomething seemingly impossible: files containing the very Predator drone video feeds used toplan missions and assaults against insurgent forces. In the following months, other coalitioncommanders in Iraq and Afghanistan discovered other laptops containing similar collections ofdrone footage, demonstrating that the Predator possessed a serious vulnerability.1 Siobhan Gorman et al., “Insurgents Hack U.S. Drones,” The Wall Street Journal, 17 December 2009, sec. A. p. 1.,available from <http://online.wsj.com/article/SB126102247889095011.html>; accessed 13 February 2011.2 Joseph Giordano and Chester Maciag, “Cyber Forensics: A Military Operations Perspective,” InternationalJournal of Digital Evidence 1, no. 2 (2002).
  3. 3. McBride, 2 Approximately one year after the Department of Defense (DOD) learned that enemyinsurgents possessed the ability to intercept drone footage, the Wall Street Journal published afront-page tell-all exposé based on a series of anonymous military tips.3 To the eyes of themedia and the public, this story raised grave concerns about military information security(INFOSEC) policy, particularly involving unmanned aerial vehicles (UAVs) like the Predator.Media reports that the Predator drone transmitted real-time reconnaissance footage over anunencrypted satellite datalink made the Pentagon appear foolish and short-sighted. With only aPC, a small satellite receiver, and a $26 piece of software called SkyGrabber, the enemy gainedthe MacGyver-like ability to access the exact same footage as coalition commanders.4 Watchingthe breaking news (perhaps on a satellite TV receiver), viewers likely wondered how a militaryreconnaissance drone could possibly possess less encryption than Direct T.V.? This paper seeks to examine the narrative of the Predator project in order to determinehow the Pentagon allowed this crucial INFOSEC vulnerability to develop, how insurgent forceslearned to exploit this vulnerability, and how the Pentagon has responded. In order to understandthe nature of this vulnerability, this paper will examine how drone pilots near Las Vegas launchmissiles at insurgents located thousands of miles away. This narrative will follow the Predatordrone through design, deployment to the Balkans, and to destructive use in Iraq, Afghanistan,and Pakistan. Next, this paper will analyze the hardware and software that allowed enemy forcesto intercept Predator drone feeds, including the theories for how insurgent cells received theirequipment and training. By examining these portions of the Predator narrative, this paper willthen be able to analyze the underlying security decisions that led to the 2008 Predator “hack” interms of INFOSEC threat analysis and risk management.3 Gorman et al., “Insurgents Hack U.S. Drones,” The Wall Street Journal, 17 December 2009, sec. A. p. 1.4 Ibid. Technical information for the Skygrabber program can be found at http://www.skygrabber.com/en/index.php
  4. 4. McBride, 3 Development of UAVs "The wars of the future will not be fought on the battlefield or at sea. They will be fought in space, or possibly on top of a very tall mountain. In either case, most of the actual fighting will be done by small robots. And as you go forth today remember always your duty is clear: To build and maintain those robots.” -The Simpsons.5 Despite recent attention by the media and military theorists, UAV technology dates backto 1896, when Dr. Samuel Pierpoint Langley launched the first unmanned aircraft over thePotomac River.6 Since this early date, UAVs have developed more-or-less alongside theirmanned counterparts. However, due to the elimination of risk to manned pilots, UAVs becameassociated with the most dull, dirty, and dangerous of missions. The earliest models of UAVswere so-called “aerial torpedoes,” flying bombs designed to explode on impact. Although theseprojects were ultimately scrapped before being fielded during WWI, they laid the technicalgroundwork for the cruise missile platform, including the infamous German Vergeltungswaffeused extensively in the London Blitz. By WWII, B-movie actor Lee Dugmore Denny, inspiredby his love of radio-controlled hobby aircraft, evangelized a new dangerous mission for UAVs:expendable aerial targets drones used to train American pilots in mock dogfights.7 As improved communication technology allowed for a more reliable datalink betweenUAV and remote operator, military theorists began to envision UAVs as the ideal platform forhigh-risk reconnaissance missions. However, many leaders within the defense establishmentstrongly resisted the idea that UAVs could replace small manned reconnaissance aircraft.8 Thestrongest resistance to the operational use of UAVs often came from pilots themselves, whoconsidered UAVs a threat to manned flight hours and benefits such as flight pay. Following the5 Rich Appel, “The Secret War of Lisa Simpson,” The Simpsons Archive, 18 May 1997, available from <http://www.snpp.com/episodes/4F21>; accessed 27 March 2011.6 Hugh McDavid and David Oliver, Smart Weapons: Top Secret History of Remote Controlled Airborne Weapons(New York: Welcome Rain, 1997), 10.7 Hugh McDavid and David Oliver, Smart Weapons, 14.8 Bill Yenne, Attack of the Drones: A History of Unmanned Aerial Combat (Saint Paul: Zenith Press, 2004), 12.
  5. 5. McBride, 4creation of the Air Force as a separate military branch, these pilots gained the decision-makingauthority to effectively sideline the development and use of UAV technologies. The exception tothis was the BQM-34 Frisbee, which successfully flew more than 34,000 clandestine surveillancemissions over Cambodia and Laos due to political restrictions over manned flight in those areas.9Despite this aircraft’s tremendous track record, the Air Force terminated the Frisbee’s use as areconnaissance platform following the end of conflict in Vietnam, and further Americandevelopment in unmanned aerial technologies languished. In contrast to the U.S. Air Force, the armed forces of the newly-created state of Israelwere quite willing to experiment with new and untested military technologies. Due to Israel’ssevere sense of military insecurity brought about by close proximity to hostile neighbors, Israeliground commanders demanded a technology that would allow effective "over-the-horizon"reconnaissance.10 Drawing from the lessons learned of the BQM-34 Frisbee’s operations inVietnam, Israeli engineers created the Mastiff, a 139" wingspan UAV built out of fiberglass andequipped withTV cameras and infrared sensors to provide 360° surveillance.11 Over the next fewyears, the Mastiff demonstrated the tremendous capabilities of unmanned aircraft, allowing theIsraeli Air Force to spoof Egyptian air defenses into wasting their surface to air missiles prior tolaunching Israeli fighter-bombers during the Yom Kippur War,12 and enabling Israel to eliminateall radar systems in the Bekaa Valley in Lebanon without losing a single pilot.139 Hugh McDavid and David Oliver, Smart Weapons, 34.10 Bill Yenne, Attack of the Drones, 35.11 Hugh McDavid and David Oliver, Smart Weapons, 50.12 Bill Yenne, Attack of the Drones, 19.13 Bill Yenne, Attack of the Drones, 21.
  6. 6. McBride, 5 Development of the Predator "The elimination of pilot life support systems and control interfaces allows for smaller, simpler aircraft [that] can be placed in flight ready storage for years, eliminating consumables, maintenance, and personnel requirements."14 -Rich Alldredge, Boeing Program Director. Due to Israel’s successful record at employing UAV technology during the Yom KippurWar, the U.S. military’s perception of UAVs began to shift. The excellent combat record of theIsraeli Mastiff demonstrated that UAVs offer force projection without risk to human pilots,allowing Air Force leaders to “breathe easier when making a combat decision."15 Furthermore,UAVs offered far more economical force projection than manned aircraft, which providedunmanned development considerable support in the austere post-Cold War era.16 Due to thesefactors, the U.S. military and the Central Intelligence Agency (CIA) began to fund AbrahamKarem, a former chief aircraft designer of the Israeli Air Force turned U.S. citizen, to create anew UAV for the United States. His creation was the Predator, a prototype UAV (officiallynamed the Gnat 750) that incorporated many of the lessons of the Israeli UAV program.17 After General Atomics won the contract to develop and manufacture Abraham Karem’sprototype in 1994, the testing and fielding of the Predator proceeded extremely quickly. Withina year, Predators took part in the 1995 Roving Sands exercise, impressing Air Force and Armyleaders as a capable reconnaissance platform. Within three months of Roving Sands, the AirForce formed and trained its first Predator squadron: the 11th Reconnaissance Squadron. By July1995, the pilots and UAVs of this squadron were deployed to the Balkans to provide aerialreconnaissance support for NATO operations.18 In total, this meant that the period of time from14 Bill Yenne, Attack of the Drones, 11.15 Ibid.16 William D. Siuru, Planes without Pilots: Advances in Unmanned Flight (Blue Ridge Summit: Tab/Aero Books,1991), 7.17 Hugh McDavid and David Oliver, Smart Weapons, 104.18 Bill Yenne, Attack of the Drones, 60.
  7. 7. McBride, 6the awarding of the Predator contract to its first use in combat was around two years: a gruelingdevelopment timeline that led to numerous technical and training shortcomings. Duringoperations in Bosnia, 19 of 68 deployed Predators were lost, mostly due to poor weatherconditions "including visible moisture such as rain, snow, ice, frost or fog" and operator errorassociated with the loss of “situational awareness that a normal pilot would have of where theground is and where the attitude of this aircraft is.”19 Despite these criticisms, the Predatorproved highly capable of providing battlefield intelligence, earning praise from Congress as oneof the major military success stories of FY1996.20 Furthermore, the high loss rate of UAVsattracted little media attention relative to the shooting down of Captain Scott OGrady, leadingMajor General Kenneth Israel to note that “when an F-16 pilot… was shot down, it was a crisis,but when a $2 million Predator UAV was shot down, it was a curiosity. Who is going to tell aparent that their child is not worth $2 million?”21 Based on these successes, the Air Force dramatically increased support for UAVs. Inaddition to beginning development on newer unmanned aircraft (including the Global Hawk andthe Reaper), the Air Force began a substantial upgrade program to install a larger turbochargedengine and deicing system to make the Predators more resilient in adverse weather conditions.While the Air Force undertook to improve the Predator as a reconnaissance platform, the CIAbegan development of a new offensive variant of the Predator that could be used to remotely firemunitions at enemy targets. Due to increased intelligence chatter, the CIA was particularlyinterested in using this weapon as a means to assassinate Osama Bin Laden, a man increasinglyviewed as a major terrorist threat following the failed 1993 bombing of the World Trade Center.Although it proved difficult to find a warhead that could work with this small aircraft, by19 Bill Yenne, Attack of the Drones, 66.20 Hugh McDavid and David Oliver, Smart Weapons, 112.21 William D. Siuru, Planes without Pilots, 1.
  8. 8. McBride, 7February 16, 2001, a specially-modified Predator drone successfully destroyed a target at atesting facility using an AGM-114 Hellfire missile. Ultimately, the CIA was unable to followthrough with its operational intent to assassinate Bin Laden, as the Predator was still undergoingtesting when Al Qaeda terrorists destroyed the World Trade Center on September 11, 2001. Shortly after the 9/11 attacks, President George W. Bush told the military that “the enemywho appeared on September 11 seeks to avoid our strengths and constantly searches for ourweaknesses... so America is required once again to change the way our military thinks andfights."22 Drawing on this exhortation, General John P. Jumper, the new Air Force Chief ofStaff, ordered immediate coordination with the CIA to arm all Predators. Unlike other generals,John P. Jumper was a serious supporter of the UAV program. After working with Predatordrones in Bosnia, he cooperated extensively with the CIA on the project to develop an offensiveUAV, believing that arming the Predator would allow it to strike "fleeting, perishable targets thatdont require a big warhead that we can just go ahead and take care of."23 After the start ofOperation Enduring Freedom, armed Predator drones were some of the very first deployedassets, scoring their first kill on November 4, 2002 100 miles east of the capital of Yemen byblowing up an SUV carrying Al-Harthi, the head of Al Qaeda in Yemen and the mastermindbehind the suicide attack on the USS Cole which killed 17 American sailors.24 Although 9/11disrupted CIA plans to use the Predator to preemptively assisinate Osama Bin Laden, theHellfire-equipped Predator quickly grew to become the quintessential weapon in the war againstal-Qaeda.22 Bill Yenne, Attack of the Drones, 85.23 Bill Yenne, Attack of the Drones, 86.24 Bill Yenne, Attack of the Drones, 8.
  9. 9. McBride, 8 Predator Vulnerability “Global terrorism is extreme both in its lack of realistic goals and in its cynical exploitation of the vulnerability of complex systems.” -Jürgen Habermas.25 The Predator UAV relies on highly-complex datalinks to connect with operators and endusers throughout the world. These datalinks occurs over two distinct wireless mediums. If theUAV is in line-of-site proximity to its operator, it can transmit directly to its control van usingthe C-band, which then re-transmits the live surveillance video feed onto the military networkthrough numerous other network technologies (See Figure 2). However, this line-of-sightdatalink is rarely used anymore, as drone pilots typically fly deployed UAVs remotely frommilitary bases in the United States. In this case, where the operator and control equipment is outof theater, the UAV instead sends and receives all data over a satellite datalink on the Ku band.26These satellites, such as the INTELSAT 602, serve to simultaneously provide the UAV withthree important connections (See Figure 1): 1. A link to the remote UAV control station that allows the drone pilot to fly the UAV from the United States. 2. A link to a communications station that rebroadcasts the data over the secure U.S. military network. 3. A link to Trojan Spirit communications terminals (or equivalent) in theater for immediate dissemination of the video feed to American and coalition commanders.27 Through these communications methods, a UAV has a duplex connection with its pilotand two distinct simplex connections: one to commanders in theater and one a to network bridgeconnected to the secure military network. The two simplex connections serve as the primarydistribution methods for Predator surveillance video data.25 Jürgen Habermas et al, Philosophy in a Time of Terror (Chicago, University of Chicago Press: 2003), 34.26 Declan McCullagh, “U.S. was Warned of Predator Drone Hacking,” CBSNews.com, 17 December 2009; availablefrom <http://www.cbsnews.com/8301-504383_162-5988978-504383.html?tag=mncol%3btxt>; accessed 22 March2011.27 Hugh McDavid and David Oliver, Smart Weapons, 113.
  10. 10. McBride, 9 The vulnerability of the Predator platform lies in the fact that it does not encrypt itssurveillance video data as it does with its command and control (C2) data prior to transmissionover the C or Ku bands. This means that secure video communications depends on the networkencryption of the specific datalink used. In the case of line-of-site communications, this data isprotected by encryption built into the military’s C-band transmission equipment, but when thePredator uses the satellite-based Ku datalink, the surveillance video data is completelyunprotected and widely vulnerable to interception.28 In practical terms, this means that any Ku-band compatible satellite dish within the broadcast area of the Predator’s geosynchronoussatellite can intercept the Predator’s surveillance video downlink. Additionally, such a satellitedish can also access the Predator Joint Broadcast System, which is essentially a CNN-likebroadcast that switches between various live video feeds designed to provide coalition troops inAfghanistan and Iraq simultaneous access to a “common picture of the battlefield.”29 A key factor behind this INFOSEC vulnerability is the speed with which the Predatordrone was initially fielded. Throughout the Cold War, the arms race to develop the mostsophisticated weapons systems, such as fighter jets, led the real unit production cost of combataircraft to double around every seven years (See Figure 3).30 As previously mentioned, one ofthe key reasons the DOD supported the development of the Predator UAV was because it offeredforce projection without the exponential cost increase of developing a new manned aircraft. Inthe years following the end of the Cold War, defense budgets fell precipitously throughout theworld (See Figure 4). Given that the U.S. defense budget halved during the 1990s, the DODbegan to rethink its operational requirements and weapons procurement model. Rather than28 Hugh McDavid and David Oliver, Smart Weapons, 112.29 Hugh McDavid and David Oliver, Smart Weapons, 115.30 Todd Sandler and Keith Hartley, ed., Handbook of Defense Economics: Volume 2 Defense in a Globalized World(London: Elsevier, 2007), 1153.
  11. 11. McBride, 10seeking, what Defense Secretary Robert Gates called, “gold-plated” solutions to defenseprocurement, the Pentagon began to look for ways to pursue “75 percent solutions over a periodof months.”31 Predator procurement during the 1990s fit this model of producing rapidlyscalable battlefield solutions within months and at minimal cost using as much commercial off-the-shelf (COTS) technology as possible, causing the Predator platform to exist, in the words ofthe Air Force director of UAV systems, “on the ragged edge… [seeking] to do just the absoluteminimum needed to sustain the fight now, and accept the risks, while making fixes as you goalong.”32 Because of this procurement posture, the Pentagon judged the risk exposure associatedwith the myriad issues that could develop during the operational lifespan of the Predator to beless than the added utility of rushing the Predator into operational use, largely due to theelimination of risk to the pilot in the calculation of risk exposure. Of particular interest to this case study was the Pentagon’s decision to lower costs byusing COTS satellite technology based on the Ku band for the military datalink of the Predatordrones. As the Predator was undergoing development in 1996, the Undersecretary of Defensefor Acquisition and Technology stated that "Hughes is the primary provider of direct (satellite)TV that you can buy in the United States, and thats the technology were leveraging off of."33By basing their datalink on a television model, the Joint Broadcast System that displayedmilitary reconnaissance footage developed as a sort of CNN for military reconnaissance videos.American and coalition commanders with the proper Trojan Spirit communications terminalscould “tune” into the UAV “channel,” which greatly simplified data distribution by forgoing theneed to share U.S. encryption codes with allies and coalition partners. Many Air Force leaders31 Christopher Drew, “Drones Are Weapons of Choice in Fighting Al Qaeda,” The New York Times, 17 March 2009;available from < http://www.nytimes.com/2009/03/17/business/17uav.html >; accessed 13 February 2011.32 Christopher Drew, “Drones Are Weapons of Choice in Fighting Al Qaeda,” The New York Times, 17 March 2009.33 Declan McCullagh, “U.S. was Warned of Predator Drone Hacking,” CBSNews.com, 17 December 2009.
  12. 12. McBride, 11actually considered the use of unencrypted video downlinks to be a feature of the Predatorsystem. For example, General David McKeirnan named this unencrypted datalink as animportant factor in "tripartite" co-operation between Pakistan, Afghanistan and the InternationalSecurity Assistance Force, allowing them to better “coordinate[] at various levels [by]exchange[ing] frequencies,… intelligence, [and]… Predator feed[s].”34 In 2002, a British satellite enthusiast named John Locker stumbled upon militaryreconnaissance footage from Kosovo when he accidently tuned into the Joint Broadcast System.Locker was shocked at the discovery that such footage was being transmitted over an opencommercial satellite channel, leading him to contact the military with the concern that the ease ofpotential signal interception “may be compromising the troops on the ground, and, for thatreason… we should either get it encrypted or get it switched off.” Ultimately, the U.S. militaryignored Locker’s warnings with the explanation that:1. The images need to remain unencrypted to allow NATO allies that lack proper decrypting equipment to see them.2. The surveillance footage would be of no real value if intercepted by a potential adversary due to the absence of any meaningful operational context.Media coverage of this event largely questioned this explanation, suggesting that enemy forcescould systematically study intercepted surveillance footage to learn U.S. operational prioritiesand objectives. In an ironic premonition of things to come, a CBS reporter wrapped up this storywith the comment that “even Al Qaeda reported terrorists are known to be in the area.”3534 Nathan Hodge, “U.S. Sharing Predator Video with Afghanistan, Pakistan,” Wired.com, 19 November 2008;available from <http://www.wired.com/dangerroom/2008/11/in-a-presentati/>; accessed 22 March 2011.35 Mark Phillips, “Military Surveillance Hack Warning,” 60 Minutes, 17 December 2009 (original broadcast in2002); available from <http://www.cbsnews.com/video/watch/?id=5990213n>; accessed 10 April 2011.
  13. 13. McBride, 12 Skygrabber Functionality and Exploit Skygrabber is a piece of software designed to intercept unencrypted satellite data throughthe use of a digital satellite TV tuner card attached to a computer. In technical terms, Skygrabberis most accurately described as a sniffer for digital communications over a satellite datalink. Thismakes the design, functionality, and usage of Skygrabber extremely similar to Kismet, an 802.11sniffer that allows for the capture of data packets using NIC cards. Like Kismet and othersniffers, Skygrabber listens for packets passed over the datalink, intercepts them, and thenreassembles them as files on a local machine. 36 In Russia (where Skygrabber was developed),this offered users that otherwise could not afford an expensive satellite internet connection theopportunity to gain limited access to digital media, including “new movie, best music, and funnypictures for free” [sic].37 By running the Skygrabber sniffer on a PC attached to a digital satellite TV tuner card, auser effectively piggybacks on the unencrypted downlink of legitimate satellite internet users(See Figure 5). The software configures the TV tuner card to listen for and intercept differenttypes of packets, which the PC then reassembles into usable files. This method only allows theuser to tap into someone else’s downlink due to the inability to transmit from a TV tuner cardand the increased levels of authentication required for satellite uplink. This means that theSkygrabber user is at the mercy of the tastes of legitimate users, merely able to intercept all filesthat pass through the common satellite downlink. Nonetheless, Skygrabber users can exerciselimited control over the files they intercept and download by applying software filters. While the36 Siobhan Gorman et al, “Insurgents Hack U.S. Drones: $26 Software is used to Breach Key Weapons in Iraq;Iranian Backing Suspected,” The Wall Street Journal, 17 December 2009, sec. A. p. 1.37 “Official Site for… Skygrabber”; available from <http://www.skygrabber.com/en/index.php>; accessed 10 April2011.
  14. 14. McBride, 13sniffer is running, Skygrabber downloads all files that pass through the satellite datalink meetingthe defined filter criteria.38 Given the known Iranian affiliation of the Kata’ib Hezbollah militia originally caughtpossessing laptops filled with Predator intercepts, it is highly likely that Iranian Quds agentstaught enemy combatants how to use SkyGrabber to intercept drone footage.39 The Iranian Qudsagents themselves likely learned this system based off equipment seized from Iranian activists, asSkyGrabber is often used by dissidents to circumvent restrictions on information, such as thosecaused by the Iranian Firewall. 40 By reverse engineering the Skygrabber software, Iranianexperts were likely able to apply their previous experience tapping into the video downlink ofgeosynchronous satellites used by American drones in Iraq and Afghanistan to turn theSkygrabber package into a easy and user-friendly means of signal interception for Shiite militiasin Iraq and Afghanistan. The ease with which the Skygrabber software could be modified tointercept drone footage reflects very poorly on the Pentagon’s decision to base its surveillancefootage datalink on COTS technology without additional encryption or securitycountermeasures. The common datalink between the military’s Joint Broadcast System and theCNN network greatly aided low-cost signal interception techniques by ensuring that thetechniques used to intercept satellite TV and internet data could be easily reconfigured formilitary feeds, thereby enabling Quds agents to configure Skygrabber to emulate the technicalsettings of the Trojan Spirit communications terminals used by American and coalition forces toview Predator feeds.38 For a complete video tutorial of how to operate SkyGrabber, please visit the developer’s official website athttp://www.skygrabber.com/en/video_tutorials/main/skygrabber_how_to_work.php.39 Michael Hoffman, “Fixes on the way for nonsecure UAV links,” Air Force Times, 18 December 2009, availablefrom <http://www.airforcetimes.com/news/2009/12/airforce_uav_hack_121809w/ >; accessed 13 February 2011.40 Siobhan Gorman et al, “Insurgents Hack U.S. Drones: $26 Software is used to Breach Key Weapons in Iraq;Iranian Backing Suspected,” The Wall Street Journal, 17 December 2009, sec. A. p. 1.
  15. 15. McBride, 14 Military Response On December 18, 2009, Admiral Mike Mullen, the chairman of the Joint Chiefs of Staff,admitted that the Pentagon had been aware of the Predator’s datalink weakness since 2004.41 Infact, further investigations demonstrated that the military knew about this vulnerability muchearlier. As previously mentioned, John Locker contacted the Pentagon about Predator encryptionin 2002, but the military had received similar reports as early as the 1996 Bosnia deployment,when it was reportedly easier for Serbians to tap into military feeds than the Disney Channel.42Indeed, a 1996 Air Force document very bluntly analyzed electromagnetic spectrum threats tothe Predator platform as the following: “The Predator is designed to operate with unencrypted datalinks. Depending on the theater of operation and hostile electronic combat systems present, the threat to the UAVs could range from negligible with only a potential of signal intercept for detection purpose, to an active jamming effort made against an operating, unencrypted UAV. The link characteristics of the baseline Predator system could be vulnerable to corruption of downlink data or hostile data insertions.43This candid assessment demonstrates that military officials were quite aware of severalelectromagnetic threats associated with this datalink vulnerability, but chose not to mitigate themfor several reasons. The first reason was the belief at the Pentagon that enemy combatantslacked the technical sophistication to intercept these signals,44 making the subsequent fiasco akinto the military’s failure to anticipate sophisticated IEDs in their counterinsurgency strategy.45This is demonstrated by the fact that early Pentagon risk analyses focused on the threat of Russiaor China exploiting this unencrypted datalink to manipulate the surveillance feed such that “acommander looking on a feed, [would see] nothing, and then [have] an enemy tank brigade come41 “Commanders Discussed Drone Hacking in 2004,” CBSNews.com, 18 December 2009.42 Bill Yenne, Attack of the Drones, 66.43 U.S. Air Force, Air Combat Command Concept of Operations for Endurance Unmanned Aerial Vehicles (Version2), 3 December 1996; available from <http://www.fas.org/irp/doddir/usaf/conops_uav/part01.htm>; accessed 10April 2011.44 Siobhan Gorman et al, “Insurgents Hack U.S. Drones: $26 Software is used to breach Key Weapons in Iraq;Iranian Backing Suspected,” The Wall Street Journal, 17 December 2009, sec A. p. 1.45 “Commanders Discussed Drone Hacking in 2004,” CBSNews.com, 18 December 2009.
  16. 16. McBride, 15roaring into [his] command post."46 In contrast with Russia and China, Afghan and Iraqiinsurgents were not even considered threat-sources. The second reason for not mitigating wasthe Air Force’s view that this datalink vulnerability would eventually be fixed by phasing out thePredator platform and replacing it with DarkStar, a next-generation UAV platform designed withencryption and stealth characteristics. This argument, found in an Air Force officer’s thesis fromthe School of Advanced Airpower Studies, may have made sense when the military only owned167 drones in 2001,47 but in light of the 5,500 drones the military possessed in 2009 (nearly all ofwhich were unencrypted), it seems doubtful that thousands of these craft would actually beretired in the near-term.48 The third reason for not mitigating was the military’s insistence thatthe interception of UAV footage by enemy combatants did little damage. Ultimately, this isimpossible to judge, but it appears that intercepted drone footage assisted certain high-valueenemy combatants evade capture.49 The final reason for not mitigating was the military’sperception of the unencrypted datalink as a “feature” that helped the sharing of data with less-advanced coalition partners. Given the technical state of Iraqi and Afghan police and militaryunits, this view is logical, but in many ways this view created a lowest-common denominatorapproach to INFOSEC. Despite Admiral Mike Mullen’s assurances that the drone “hack” caused no damage, thePentagon promised to step up effects to prevent drone footage from falling into the wrong handsby upgrading all Predators to encrypt video data before transmission.50 However, due to the ageof the platform and its reliance on proprietary design, the military has warned that it may be quite46 “Commanders Discussed Drone Hacking in 2004,” CBSNews.com, 18 December 2009.47 Jeffrey L. Stephenson, The Air Refueling Receiver That Does Not Complain (Maxwell AFB: Air University Press,1999), 10.48 Christopher Drew, “Drones Are Weapons of Choice in Fighting Al Qaeda,” The New York Times, 17 March 2009.49 Mark Phillips, “Military Surveillance Hack Warning,” 60 Minutes, 17 December 2009 (original broadcast 2002).50 “Mullen: Drone Hack Caused no Damage,” CBSNews.com, 18 December 2009, available from<http://www.cbsnews.com/stories/2009/12/18/national/main5994775.shtml>; accessed 13 February 2011.
  17. 17. McBride, 16some time until these changes are fully completed.51 Certain military analysts have suggestedthat these technical modifications will likely not be completed until 2014, and even then, this fixwould not solve the larger problem of dependence on an unencrypted COTS satellite technologyfor the transmission of critical military data.52 Conclusion The overarching narrative of the history, design, use, vulnerability, and exploitation ofthe Predator UAV is important given the increasing military bullishness towards unmannedsystems. Leaders such as Major General Kenneth Israel state that UAVs “will play anincreasingly important role in many military missions beyond intelligence, surveillance andreconnaissance.”53 Indeed, military policy documents seem to reflect this view. An Air Forcestudy called the Unmanned Aircraft System Flight Plan envisions a future where unmannedaircraft carry out all types of aerial missions, including the hitherto sacrosanct areas of dogfighting and strategic bombing.54 Recent research and development is slowly making this areality. In response to the success of the Predator as an armed weapons platform, GeneralAtomics has been developing a new generation of UAVs: the MQ-9 Reaper. Unlike thePredator, the Reaper has been conceptually designed and built to optimize its performance as ahunter-killer, which allows it to carry 15 times the weapons payload and equips it to take overmany of the ground-support missions previously tasked to fighter jets.55 Because of similarcapabilities, full squadrons of F-16 pilots are being retrained to fly the MQ-9 Reaper. As P. W.51 Siobhan Gorman et al, “Insurgents Hack U.S. Drones: $26 Software is used to breach Key Weapons in Iraq;Iranian Backing Suspected,” The Wall Street Journal, 17 December 2009, sec A. p. 1.52 Nathan Hodge, “Fixing Drone Data: A Not-So-Modest Proposal,” Wired.com, 21 December 2009; available from<http://www.wired.com/dangerroom/2009/12/fixing-drone-data-a-not-so-modest-proposal/>; accessed 22 March 2011.53 Hugh McDavid and David Oliver, Smart Weapons, 9.54 David Axe, “Air Force Plans for All-Drone Future,” Wired, July 2009, available from<http://www.wired.com/dangerroom/2009/07/air-force-plans-for-all-drone-future/>.55 Siobhan Gorman et al, “Insurgents Hack U.S. Drones: $26 Software is used to breach Key Weapons in Iraq;Iranian Backing Suspected,” The Wall Street Journal, 17 December 2009, sec A. p. 1.
  18. 18. McBride, 17Singer, a defense analyst at the Brookings Institution, notes, the Predators “are very much ModelT Fords. These things will only get more advanced.”56 In light of the very strong possibility that unmanned aircraft may eventually become theUnited States’ primary vehicle for air power, it is important to consider the implications of theSkygrabber fiasco. Throughout the process of designing, testing, and fielding the Predator, theU.S. Air Force demonstrated a troubling tendency to view INFOSEC concerns as anafterthought, when, in fact, electronics warfare is becoming an ever more-important element ofmilitary power. In a military environment where pilots telecommute to UAV hunter-killers onthe other side of the world, it is absolutely crucial that the datalinks that carry UAV control dataare protected more than any other component of the aircraft. Initially, the Pentagon viewedUAV technologies as inherently less risky than manned aircraft due to the relative safety of thepilot, allowing UAV procurement to be “on the ragged edge,” but now that UAVs are offensiveweapons platforms, this can no longer be the case. If an enemy were to electronically penetratethe command and control channel of these Hunter-Killer UAVs, they could potentially useAmerican weapons against American soldiers. This is ultimately the biggest problem. Under thecurrent system, the development of UAVs is managed by aircraft program managers andpurchased by pilots.57 While these parties may understand airframes, they know little aboutnetworking and INFOSEC. Going forward, the Pentagon must drop its cavalier attitude towardsthe security of its datalinks and integrate communications engineering and networkingthroughout the UAV development cycle.56 Christopher Drew, “Drones Are Weapons of Choice in Fighting Al Qaeda,” The New York Times, 17 March 2009.57 Nathan Hodge, “Fixing Drone Data: A Not-So-Modest Proposal,” Wired.com, 21 December 2009
  19. 19. McBride, 18 Works CitedAppel, Rich. “The Secret War of Lisa Simpson.” The Simpsons Archive (Aired 18 May 1997). Available from < http://www.snpp.com/episodes/4F21>. Accessed 27 March 2011.Axe, David. “Air Force Plans for All-Drone Future.” Wired: Danger Room (Published 17 July 2009). Available from <http://www.wired.com/dangerroom/2009/07/air-force-plans-for- all-drone-future/>. Accessed 22 March 2011.“Commanders Discussed Drone Hacking in 2004.” CBSNews.com (Published 18 December 2009). Available from <http://www.cbsnews.com/stories/2009/12/18/world/main5993716.shtml>. Accessed 22 March 2011.Drew, Christopher. “Drones Are Weapons of Choice in Fighting Al Qaeda.” The New York Times (Published 17 March 2009). Available from < http://www.nytimes.com/2009/03/17/business/17uav.html >. Accessed 13 February 2011.Giordano, Joseph, and Chester Maciag. “Cyber Forensics: A Military Operations Perspective.” International Journal of Digital Evidence 1, no. 2 (2002).Gorman, Siobhan, Yochi J. Dreazen, and August Cole. “Insurgents Hack U.S. Drones: $26 Software is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected.” The Wall Street Journal, 17 December 2009, sec. A. p. 1. Available from <http://online.wsj.com/article/SB126102247889095011.html >. Accessed 13 February 2011.Habermas, Jürgen, Jacques Derrida, Giovanna Borradori. Philosophy in a Time of Terror: Dialogues with Jurgen Habermas and Jacques Derrida. Chicago: University of Chicago Press, 2003.Hodge, Nathan. “U.S. Sharing Predator Video with Afghanistan, Pakistan.” Wired.com (Published 19 November 2008). Available from <http://www.wired.com/dangerroom/2008/11/in-a-presentati/>. Accessed 22 March 2011.Hodge, Nathan. “Fixing Drone Data: A Not-So-Modest Proposal.” Wired.com (Published 21 December 2009). Available from <http://www.wired.com/dangerroom/2009/12/fixing- drone-data-a-not-so-modest-proposal/>. Accessed 22 March 2011.Hoffman, Michael. “Fixes on the way for nonsecure UAV links.” Air Force Times (Published 18 December 2009). Available from <http://www.airforcetimes.com/news/2009/12/airforce_uav_hack_121809w/ >. Accessed 13 February 2011.Hoffman, Michael. “Troops use archived UAV feed downrange.” Air Force Times (Published 27 February 2010). Available from <http://www.airforcetimes.com/news/2010/02/airforce_video_bank_022710w/>. Accessed 22 March 2011.
  20. 20. McBride, 19Hoffman, Michael. “AF looks to automation to help monitor UAVs.” Air Force Times (Published 27 August 2010). Available from <http://www.airforcetimes.com/news/2010/08/air-force-automation-uav-082710/>. Accessed 22 March 2011.“Iraq Rebels ‘hack into video feeds from US drones’.” BBC News (Published 17 December 2009). Available from < http://news.bbc.co.uk/2/hi/8419147.stm>. Accessed 13 February 2011.Jelinek, Pauline. “Pentagon: Insurgents intercepted UAV videos.” Air Force Times (Published 17 December 2009). Available from <http://www.airforcetimes.com/news/2009/12/ap_uav_insurgents_hacked_121709/>. Accessed 13 February 2011.Martin, Matt J. Predator: The Remote-Control Air War over Iraq and Afghanistan: A Pilots Story. Grand Rapids: Zenith Press, 2010.McCullagh, Declan. “U.S. was Warned of Predator Drone Hacking.” CBSNews.com (Published 17 December 2009). Available from <http://www.cbsnews.com/8301-504383_162- 5988978-504383.html?tag=mncol%3btxt>. Accessed 22 March 2011.McDavid, Hugh, and David Oliver. Smart Weapons: Top Secret History of Remote Controlled Airborne Weapons. New York: Welcome Rain, 1997.Mount, Mike, and Elaine Quijano. “Iraqi insurgents hacked Predator drone feeds, U.S. official indicates.” CNN.com (Published 17 December 2009). Available from <http://articles.cnn.com/2009-12-17/us/drone.video.hacked_1_uav-systems-encryption- feeds?_s=PM:US >. Accessed 13 February 2011.“Mullen: Drone Hack Caused no Damage.” CBSNews.com (Published 18 December 2009). Available from <http://www.cbsnews.com/stories/2009/12/18/national/main5994775.shtml>. Accessed 13 February 2011.“Official site for programs SkyGrabber (accepting free to air satellite data by digital satellite TV tuner card (DVB-S/DVB-S2)), LanGrabber (save YouTube video), Tuner4PC (software for satellite internet).” Available from <http://www.skygrabber.com/en/index.php>. Accessed 10 April 2011.Phillips, Mark. “Military Surveillance Hack Warning.” 60 Minutes (Posted on 17 December 2009, but originally broadcast in 2002). Available from <http://www.cbsnews.com/video/watch/?id=5990213n>. Accessed 10 April 2011.Rolfsen, Bruce. “Unmanned a misnomer when it comes to UAVs.” Air Force Times (Published 11 June 2010). Available from <http://www.airforcetimes.com/news/2010/06/airforce_uav_personnel_061110w/>. Accessed 22 March 2011.Sandler, Todd and Keith Hartley, ed. Handbook of Defense Economics: Volume 2 Defense in a Globalized World. London: Elsevier, 2007.Schneier, Bruce. “Insurgents Intercepting Predator Video? No Problem.” Wired.com (Published 23 December 2009). Available from
  21. 21. McBride, 20 <http://www.wired.com/politics/security/commentary/securitymatters/2009/12/securitym atters_1223>. Accessed 22 March 2011.Shachtman, Noah. “Military Faces Bandwidth Crunch.” Wired.com (Published 31 January 2003). Available from <http://www.wired.com/techbiz/it/news/2003/01/57420>. Accessed 22 March 2011.Shachtman, Noah. “Not Just Drones: Militants Can Snoop on Most U.S. Warplanes.” Wired.com (Published 17 December 2009). Available from < http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can-snoop-on- most-us-warplanes/>. Accessed 22 March 2011.Siuru, William D. Planes without Pilots: Advances in Unmanned Flight. Blue Ridge Summit: Tab/Aero Books, 1991.“SkyGrabber and the Curse of Encryption.” Strategypage.com (Published 19 December 2009). Available from <http://www.strategypage.com/htmw/htairfo/articles/20080811.aspx>. Accessed 13 February 2011.Spoth, Tom. “GAO: UAV surge leaves many shortfalls.” Air Force Times (Published 16 April 2010). Available from <http://www.airforcetimes.com/news/2010/04/airforce_gao_uavs_041610w/>. Accessed 22 March 2011.Stephenson, Jeffrey L. The Air Refueling Receiver That Does Not Complain. Maxwell AFB: Air University Press, 1999.Taylor, John W.R., and Kenneth Munson. Jane’s Pocket Book of Remotely Piloted Vehicles: Robot Aircraft Today. New York: Collier Books, 1977.U.S. Air Force. Air Combat Command Concept of Operations for Endurance Unmanned Aerial Vehicles (Version 2) (Published 3 December 1996). Available from <http://www.fas.org/irp/doddir/usaf/conops_uav/part01.htm>. Accessed 10 April 2011.U.S. Air Force. Unmanned Aircraft Systems Flight Plan 2009-2047. Washington DC: HSDL, 2009. Available from <http://www.scribd.com/doc/17312080/United-States-Air-Force- Unmanned-Aircraft-Systems-Flight-Plan-20092047-Unclassified>. Accessed 22 March 2011.U.S. House of Representatives, Committee on Oversight and Government Reform, Subcommittee on National Security and Foreign Affairs. Rise of the Drones: Unmanned Systems and the Future of War. Washington, DC: HSDL, 2010.Yenne, Bill. Attack of the Drones: A History of Unmanned Aerial Combat. Saint Paul: Zenith Press, 2004.“Warplanes: The Rise of the Droids.” Strategypage.com (Published 11 August 2008). Available from <http://www.strategypage.com/htmw/htairfo/articles/20080811.aspx>. Accessed 13 February 2011.
  22. 22. McBride, 21
  23. 23. McBride, 22
  24. 24. McBride, 23Figure 3: The Exponential Increase in Jet Fighter Development CostSource: Todd Sandler and Keith Hartley, ed., Handbook of Defense Economics: Volume 2Defense in a Globalized World (London: Elsevier, 2007), 1153.
  25. 25. McBride, 24Figure 4: The Precipitous Drop of Global Defense Spending Post Cold War Defense Spending as a share of GDP 6 5 4 Share of GDP (%) USA Germany 3 France UK 2 Italy 1 0 88 90 92 94 96 98 00 02 04 06 19 19 19 19 19 19 20 20 20 20 YearSource: SIPRI (1990, 2007).
  26. 26. McBride, 25Figure 5: Skygrabber Functionality

×