Computerworld — The disclosure that Iraqi insurgents were able to intercept live video feeds from U.S. drones has focused the spotlight on a familiar IT security issue: data encryption.

Insurgents Intercept Video Feeds from U.S. Drones Using $26 Software, Report says

In a story that's receiving widespread attention, the Wall Street Journal yesterday reported that Iranian-backed groups in Iraq and Afghanistan were tapping into live feeds from Predator drones using a $26 software tool called SkyGrabber from Russian company SkySoftware.

The hitherto largely unknown software product doesn't require Internet connectivity and is designed to intercept music, photos, video and TV satellite programming for free. Insurgents in Iraq, however, were able to use SkyGrabber to grab live video feeds from unmanned Predator drones because the transmissions were being sent unencrypted to ground control stations.

The fact that a sophisticated, multi-million-dollar aerial surveillance system could be compromised so easily because of a fundamental security oversight is stunning, several security analysts said.

"Frankly, this is shocking to me," said Ira Winkler, president of the Internet Security Advisors Group. (Winkler is also the author of Spies Among Us and a Computerworld columnist.) "You have one of the most critical weapon systems in the most critical regions transmitting intelligence data unencrypted," Winkler said.

While the intercepted data is likely to be of limited use to insurgents, it's still valuable, he said. "After all, one of the key attributes is, not knowing [that] a Predator is in the area," said Winkler. "Everyone involved should have known much better."

The apparent fact that the U.S. military knew of the vulnerability for a decade but assumed opponents wouldn't be sophisticated enough to exploit it is especially troubling, said James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS). "The theory is that we encrypt the uplinks so that people can't take over the drone, but that we don't need to encrypt the downlinks," he said.

"Those sorts of assumptions always get us in trouble," said Lewis, who earlier this year led a group that developed a set of cybersecurity recommendations for the White House. "You can be sure that the insurgents weren't the only folks watching the feeds," he said.

Alan Paller, director of research at SANS Institute, a Bethesda Mad.-based security training institute, said the incident highlights a "systemic problem" permeating most new weapons systems. "The designers see IP connectivity as a great capability enhancer and bring in designers to help them integrate the capability," Paller said. "But those architects and designers think security is a compliance activity for security professionals and not their job. They are incapable of protecting the systems they design and build."

Continue Reading