Wednesday, December 23, 2009

The Problem with Predators

The news this week was littered with reports of insurgents capturing the video from our UAVs and other aircraft.  Then I read the "Howto"on Wikileaks and found out that the drones are just broadcasting a direct MPEG II stream with embedded meta-data including the exact coordinates of the aircraft!  Not only the drones do this but many of our other warplanes!  Inconceivable!   This is the same technology used by direct broadcast satellite providers like Dish Network, DirectTV, and probably your local cable provider - only they use some (lame) encryption to make it at least difficult to steal programming.   It makes me want to personally hunt down and cockpunch the officials involved.   In this case simply broadcasting analog tv signals would have resulted in less damage because location data could not have been included with the signal.

All you need is a C band (the big old kind) satellite dish and software or hardware capable of playing mpeg II streams.  Save the $25.99. You could do it with windows media player and the correct hardware...

Encrypting this signal was no doubt considered but I bet it was thrown out by someone with stars on their collar or the title of congressman because they were worried about the keys or technology falling into enemy hands.  Nothing like the 3rd grade concept of encryption that the movies have led the public to believe. 

Simply setting up an off the shelf VPN with a reasonable encryption algorithm like AES and identity certificates from a central (DOD) CA would have solved all issues.  The encryption tech is openly available and unbreakable with good automatic keys and hashes.  Hardware to do this is available at Wall Mart for $49 in the guise of home network routers.

The identity of the drone and anyone receiving the connection could be verified by the certificates or a one time password system.  The certificates could be granted only for the duration of the mission at hand and revoked at any time.  Problem solved.  With off the shelf tech.  This could even be done for free using open source software.  And it would be completely secure.  Not even Hugh Jackman could break this encryption (with a gun to his head while getting a blowjob).

Instead I bet we are paying billions in pork to some senator's, son in law's company to develop a system any 13 yr old can crack by saying "It's Unix, I know this" and guessing three passwords... 

The real predator drones are at work right now.  In upper levels of our government.  Feeding off our tax dollars.

Update: One of my security heroes, Bruce Schneier has a post on is blog about this very subject. While he and I seem to initially disagree, his conclusion is much the same as mine. Commercial grade encryption is the solution. He is much less hard on "the man" than I, and definitely in a much more informed position in general. I'm still angry. My reasoning still stands. Based mostly on a fact I'm not sure he is aware of. Look at the analysis available on Wikileaks and you will see that there is actual position data in the MPEG stream. The exact location of the drone is part of the video. Assuming interception - this totally mitigates the reason for the drone. Why did we spend the money?

He speaks to the difficulty of providing keys. I find this disturbing coming from Mr. Schneier. A simple certificate based PKI hosted at "drone control" combined with a one time password system (like Safeword for example) on the ground would allow finite control from a central location. At worst you would need to upload new certificates while the drone was being ground serviced. With the existing real time control link it should be possible to upload or revoke even during a mission. At this date it would require a re-tool of the electronics in the drone, new gear on the ground and creation of branch of command and control to issue access. The point is - this should have existed from the get-go.

I know next to nothing about the capabilities of Land Warrior, but assuming (always a dumb thing) that it has basic encryption and a secure satellite link - maybe the simplest method would be to just turn off the direct downlink from the drones and provide the video feeds via this system.

I know - crazy talk. That would make sense and save money. Never fly.

No comments: