Analysts wary of Iran's spy drone hacking claims

Attack is possible, but analysts are dubious that it happened, suggest other scenarios

Reports that Iranian electronic warfare experts may have succeeded in intercepting and capturing a sophisticated U.S. spy drone were received with some skepticism by security analysts.

While it is certainly possible that the drone was electronically ambushed as reported, more details are needed to know what exactly might have happened to the RQ-170 Sentinel drone, they said.

A story in the Christian Science Monitor this week reported that the recent U.S. spy drone captured by Iran may have been intercepted and tricked into landing in that country by Iranian electronic warfare experts.

The story quoted an unnamed Iranian engineer as saying that Iran was able to cut off the communications links to the Lockheed-Martin-made drone and reconfigure its GPS coordinates to trick it into landing in Iran.

The engineer was quoted as saying that Iranian engineers developed the attack by reverse-engineering U.S. drones that had been previously captured or shot down, and by taking advantage of the weak GPS navigation system.

John Pescatore, an analyst with market research firm Gartner, and a former analyst with the National Security Agency (NSA), said the supposed attack, while possible, was not plausible.

He noted that the Air Force in October had said that some of its drones had been hit with a virus. "If a virus could get in, then targeted malware surely could," Pescatore said.

However, to pull off the attack, the Iranians would have needed to have detailed knowledge of the drone's software, and it's doubtful they did, he said.

Two more likely scenarios are that the drone was simply lost, as a result of a command and control failure, or it's possible that some kind of jamming disrupted command and control, and that fail-safe mechanisms that should have kicked in did not, he said.

James Lewis, director and senior fellow at the Center for Strategic and International Studies in Washington, said that it's possible the Iranians got help from the Russians. "They've recently said they're worried about electronic warfare," said Lewis, who led a team that prepared a set of national cybersecurity recommendations for President Obama in 2008.

According to Lewis, Russia has been focused on beating GPS security at least since the Bosnian War in the 1990s. "They monitor our telephone and computer networks and probably radio in the Air Force," he said. "So [they] could have heard DOD blabbing about any problems [related to its drone]," he said. "[Russia] helped the Iranian nuke program, so why not electronic warfare?" he asked. Lewis said the U.S. is ahead in the GPS race with Russia.

China also cannot be ruled out as playing a role, although China appears to have fewer capabilities than the Russians in this arena, he said.

Lewis added that he'd be more inclined to believe Iran's version of what happened if government officials had been willing to show the bottom half of the drone. All photos and videos of the downed drone released by the Iranian government so far have shown the drone with its bottom half covered.

According to the Monitor story, the craft did suffer minor damage when it was tricked into landing in Iran.

"If it was minor, why the drop cloths?" Lewis asked. "The bottom is where the sensors are located. I'd be more convinced if they had shown the bottom half of the craft."

Ira Winkler, author of Spies Among Us, and a Computerworld columnist, said the Iranian drone incident is reminiscent of a previous incident in which attackers intercepted live video feeds from U.S. Predator drones operating in Afghanistan and Iraq.

In that case, the attacks were enabled via the use of a $26 off-the-shelf software product called SkyGrabber made by a Russian company.

In the most recent instance, it is likely that the drone's capture was not the result of a direct hacking of the drone.

"For example, if you know where a drone is, and you can beam a stronger GPS signal at the drone than it would get from a satellite, it would pick up the fake signal and think it is somewhere else," he said. "If signals aren't encrypted, the people with the strongest transmitter win."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies