Cyber warfare has been advanced a step by militants in Afghanistan, who have managed to intercept the unecrypted video feeds from UAVs orbiting overhead.
At the beginning of the year, I laid out some examples of what effective cyber warfare entails, including this:
Imagine compromising the enemy’s C4ISR infrastructure and not only knowing where all enemy assets are, but having the ability to provide false information (if at least a few times before being discovered).
Now, over at Danger Room, we see this:
If you think militants are going to be content to just observe spy drone feeds, it’s time to reconsider. “Folks are not merely going to listen/watch what we do when they intercept the feeds, but also start to conduct ‘battles of persuasion’; that is, hacking with the intent to disrupt or change the content, or even ‘persuade’ the system to do their own bidding,” Peter Singer, author of Wired for War, tells Danger Room.
The militants have managed to intercept drone feeds from a $4.5M piece of equipment with a $26 piece of software. That clearly demonstrates that deploying very sophisticated, very expensive technology in the battlefield does not negate the need for operational security, or OPSEC.
The next step may be a man-in-the-middle attack on those feeds, allowing the insurgents to inject fabricated feeds into the system. This could change how U.S. soldiers on the ground react to what they are seeing, maybe by unintentionally attacking a hospital instead of an insurgent safe-house, or maybe even attack fellow U.S. soldiers rather than an intended target.
In the grand scheme of things, this is nothing new. Signal intelligence, or SIGINT in military lingo, has been with us since we were tattooing secret messages onto shaved heads and waiting for the hair to grow back to conceal it. What is troubling is that the drones are a critical aspect of the AF-PAC theater. Their sole purpose is to provide video surveillance (using that intelligence to then deliver a missile is a secondary purpose). They are remotely piloted primarily using that video feed. Not protecting that signal’s confidentiality, integrity or availability potentially negates its usefulness altogether. If the enemy can either jam or alter that feed, they can simply crash the drone or dictate its mission and by extension dictate the mission of ground teams dependent on the feed.
In the opening paragraph I credited the militants with advancing cyber warfare, however now I’m inclined to credit the U.S. for having receded the art of OPSEC.