Friday, December 18, 2009

Who's watching the watchers? The Insurgents.

The Wall Street Journal broke the story. It turns out that high tech comes pretty cheap. Insurgents in Iraq are monitoring some of the data feeds from the U.S. Predator drones using satellite dishes and the $25.95 "Skygrabber" software. Skygrabber was designed to access satellite signals and download data - supposedly legally. Turns out it does a pretty good job of stealing Predator drone data feeds, too.

What confuses me is that the drone feeds are not encrypted. I know military intelligence is supposed to be an oxymoron, but even if interception is unlikely you have to expect it to happen and take steps to either prevent it or make the intercepted data worthless. By strong encryption, for example. So this statement boggles my mind:
The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.


Ok. You've known about this for more than 10 years, but assumed that the local yokels could not, and would never be able to figure out how to capture your streaming data. Now that's "military intelligence."

To be fair, adding encryption isn't like installing some software, and there are concerns that encryption might cause difficulties in rapid interpretation of the feed data, and in sharing data between services. And that's enough fairness. They've known about the vulnerability for 10+ years, and not only have you not fixed it in the current drone model, it's still part of the design in the new model that is about to go into production. I can see the difficulties of modifying the current design, but to not put encryption on the new model boggles the mind. Hopefully, now that we know people are accessing the drone feeds the new drones will be updated to have encryption.