Cyber warfare has been advanced a step by militants in Afghanistan, who have managed to intercept the unecrypted video feeds from UAVs orbiting overhead.

At the beginning of the year, I laid out some examples of what effective cyber warfare entails, including this:

Imagine compromising the enemy’s C4ISR infrastructure and not only knowing where all enemy assets are, but having the ability to provide false information (if at least a few times before being discovered).

Now, over at Danger Room, we see this:

If you think militants are going to be content to just observe spy drone feeds, it’s time to reconsider. “Folks are not merely going to listen/watch what we do when they intercept the feeds, but also start to conduct ‘battles of persuasion’; that is, hacking with the intent to disrupt or change the content, or even ‘persuade’ the system to do their own bidding,” Peter Singer, author of Wired for War, tells Danger Room.

The militants have managed to intercept drone feeds from a $4.5M piece of equipment with a $26 piece of software. That clearly demonstrates that deploying very sophisticated, very expensive technology in the battlefield does not negate the need for operational security, or OPSEC.

The next step may be a man-in-the-middle attack on those feeds, allowing the insurgents to inject fabricated feeds into the system. This could change how U.S. soldiers on the ground react to what they are seeing, maybe by unintentionally attacking a hospital instead of an insurgent safe-house, or maybe even attack fellow U.S. soldiers rather than an intended target.

In the grand scheme of things, this is nothing new. Signal intelligence, or SIGINT in military lingo, has been with us since we were tattooing secret messages onto shaved heads and waiting for the hair to grow back to conceal it. What is troubling is that the drones are a critical aspect of the AF-PAC theater. Their sole purpose is to provide video surveillance (using that intelligence to then deliver a missile is a secondary purpose). They are remotely piloted primarily using that video feed. Not protecting that signal’s confidentiality, integrity or availability potentially negates its usefulness altogether. If the enemy can either jam or alter that feed, they can simply crash the drone or dictate its mission and by extension dictate the mission of ground teams dependent on the feed.

In the opening paragraph I credited the militants with advancing cyber warfare, however now I’m inclined to credit the U.S. for having receded the art of OPSEC.

Once word hit our office of the upcoming Google Wave, we saw renewed interest in leveraging such collaboration tools, which means we have to again evaluate our stance against putting our intellectual property ‘in the cloud.’ (I really hate that term)

Putting information in the cloud means relinquishing control of that document to whatever provider is hosting the application as a service. Our business can basically be boiled down to “information provider” (I work for an architecture firm). A large chunk of what we sell is information in the form of computer-generated drawings, schematics, pictures, animated fly-throughs, etc.

Therefore our information, our intellectual property, is our life-blood. If we lose control of it and the competition gets it, we’re dead in the water. We can’t compete for jobs if the competition knows what we plan to propose and how much we plan to charge. A huge part of competing for a job in our architecture niche is being able to deliver something so unique that it blows away the competition. Therefore securing our information is very important to us.

The future of collaboration obviously lies in the cloud. We’ve been able to resist so far, but I don’t expect that to last.

So I’m posing a question to both readers of this blog

How do you deal with the risks of putting intellectual property in the cloud?

While this will be obvious to many, it still bears mentioning; Blackberries and other smart-phones can be carriers for worms and viruses when USB storage is enabled.

I ran into a case earlier this week. Our HIPS software was alerting to an auto-run virus on an IT staffer’s F drive, which usually indicates a USB drive. When asked about it, he indicated the only thing he used was his Blackberry. He had a micro SD card installed and used it to move pictures and movies between computers.

Explorer in Windows wouldn’t display the autorun.inf nor the virus executable so I plugged the Blackberry into my Mac, which showed both files. VirusTotal.com verified the executable as a virus and we manually removed it and he’s now going through all of his computers to find out which ones have the virus.

Our primary antivirus software didn’t detect the virus at all. Luckily the supplemental AV in our HIPS software triggered on the autorun.inf and prevented execution of the virus executable. We implemented strict rules regarding auto running anything from a USB drive after Conficker. Since then, the HIPS software does its own scan of the entire USB drive before permitting access to it, including access by the primary AV software. So far this has protected us significantly, because the primary AV rarely flags the autorun.inf files, but the supplemental does.

Another win for defense in depth.

The conficker/downadup worm has impacted the French Ministry of Defense, according to an article posted by The Telegraph. According to the article;

…aircraft were unable to download their flight plans after databases were infected by a Microsoft virus they had already been warned about several months beforehand.

At one point French naval staff were also instructed not to even open their computers.

Like the recent compromise of the British MoD, the compromise of the French MoD appears to have been isolated to the unclassified network called Intramar. Coincidentally it was the navy that has reportedly been compromised in both cases.

It’s still being questioned whether or not aircraft were grounded by the worm. However, the fact that the worm impacted the MoD is not in question and that illustrates the risk of having weapons systems interconnected with the Internet.

To my knowledge the botnet created by conficker/downadup hasn’t been put into action yet. However, the fact that it now has two major trophies; the French and the British Ministries of Defense is certainly worth pondering. The propagation methods this worm uses have proven to be very effective.