Posted by Tim Trueman on December 16, 2009 at 10:30pm
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.http://online.wsj.com/article/SB126102247889095011.html
I think IraqiGeek is most realistic. I'll bet most likely someone over there simply found the video by accident. Then word spread quickly. The Govt and security people like to imagine it's a big well thought out hack to CYA without making them look dumb. If they enemy was just a bit smarter you don't look so dumb. Vs their complete stupidity was found out by accident and exploited on purpose.
I agree; it was far more irresponsible to use unencrypted data feeds than to let two random-yet-searched individuals into the whitehouse - which means congress should drop the superfluous and hold a hearing with Boeing & Lockheed to see if they are in the 21st century - internet-wise. Based on their cellphone superstitions though, I'd say I know the answer... ring memory anyone?
I'm a security penetration tester. While I am not surprised that this has happened due to poor security architecture, I am very surprised this flaw was not far more widely known. When you combine geeky engineering types (like us!) with an irresistible, testosterone laden subject matter (those cool drones) and easily accessible software, one would expect there would already have been an iphone app created years ago!
Come to think of it - anyone want to write an iPhone App ;-)
The only surprising bit in the article for me is that "the Pentagon assumed local adversaries wouldn't know how to exploit it". Seriously?!
They operated satellite links that cost loads of money per minute to operate but don't bother to spend a few extra dollars to encrypt them?!!!!!!
People have used programs like skygrabber since the summer 2003 as a means to get a sort of "free net access" as those programs capture all the downlink traffic on a given transponder. People who were/are into this sort of thing tend to move their satellite antennae to just about any satellite that is known to provide internet services in the hope of capturing "useful" traffic data. Given how widespread this practice is overthere, and teh fact the links where unencrypted, I'd hardly call this a "hack"
Comments
Come to think of it - anyone want to write an iPhone App ;-)
They operated satellite links that cost loads of money per minute to operate but don't bother to spend a few extra dollars to encrypt them?!!!!!!
People have used programs like skygrabber since the summer 2003 as a means to get a sort of "free net access" as those programs capture all the downlink traffic on a given transponder. People who were/are into this sort of thing tend to move their satellite antennae to just about any satellite that is known to provide internet services in the hope of capturing "useful" traffic data. Given how widespread this practice is overthere, and teh fact the links where unencrypted, I'd hardly call this a "hack"