Slashdot Mirror
Cracking Military Devices
Kenneth Ng was one of the folks who wrote to us about
an article CNN is running, courtesy of Federal Computer Weekly. The piece talks about scenarios that have caused the Army some consternation -- namely, crackers being able to take the wheel of remote-controlled military weapons systems like tanks, ships and planes. I dunno -- I kinda like the idea of being able to play Grand Theft Auto [?] with an M-1 Abrams tank.
I agree with an earlier poster that if you don't want the ability for people to do it remotely, don't put it in there in the first place. This can't be done in all circumstances, of course, but read on.
I hope to God that the arming circuitry requires some kind of hardwire interface at least for the last stage of final go-ahead for launch.
I would have though that with military tech. being, what, 5 years or more in advance of what we civilians get they would be using multiple signal, spread spectrum, 2GB encryption keys and a slew of other technologies that make it at least infeasable to try and crack. And yes I do mean for navigation and indeed all subsystems of any kind of military device or even civillian device which has the possibility for far-reaching or deadly effects if such a system were to be compromised.
<sigh> I guess that's what they mean by "military intelligence".
B. one could give false image info for targets beyond local range (e.g. fake data from an AWACS).
This ability can be extremely useful to a country undergoing bombardment.
One of the main reasons the V-1 and V-2's of WW2 did so little real damage is that the British controlled the german spies in England. They would report slightly altered impact coordinates back to the German launch teams. The end result was that, as the incorrect reports were worked into the targeting, the missile aim points would slowly move away from the city itself and into the surrounding farmland. The British could even tell when the launch crews moved to new sites, as the impact points would snap back to the center of London...
I've been playing Janes Lonbow a lot lately ;-)
No, lets play Thermonuclear Warfare
WHAT SIDE DO YOU WANT TO PLAY?
1) LINUX ZEALOTS
2) BSD ZEALOTS
3) TROLLS
---> 3
VERY WELL THEN, I WILL PLAY 1) LINUX ZEALOTS
FIRST POST!!!!!
BSD SUCKS!!!!!
LINUX RULZE!
MICRO$~FT SUCKS!
FIRST POST!!!!!
BSD SUCKS!!!!!
LINUX RULZE!
MICRO$~FT SUCKS!
FIRST POST!!!!!
BSD SUCKS!!!!!
LINUX RULZE!
MICRO$~FT SUCKS!
this is my sig.
"The problem for the enemy is that computer security vulnerabilities will almost certainly prove fleeting and unpredictable," said Pike, adding that such tactics would be nearly impossible to employ beyond the random harassment level.
Most security problems that I know of are not fleeting, but are resident in the system. So you have a systematic bug in stead of a fleeting and unpredictable. This problem is real and might be a problem, but that is not what i think is meant here.
So I think that we shouldn't look at the error inside the systems to look at what mister Pike meant. I think that what mister Pike was aiming at is the problem of being able to send a vehicle the wrong data. For that you don't need to access the vehicles systems. You just need to be able to send fake data in such a way that your opponent interprets it as real. Deception in the end is a large part of Warfare.
Use Adsense for Charity
"One character at a time" was an old bug on at least one system (TOPS-20.) The password validation system did a strcmp to check for a password match. You could also get a page fault count on a process. So, you put your trial password across a page boundary with the first character on one page, the rest on the next page. Try each first character in turn until you see a page fault to the rest of the password, shift to two characters on the first page, and repeat until you have the entire password. An elegant attack that reduced the effort from 26^36 to 26*36!
we were military intel. (please hold the jokes), and the equiment we worked on was *almost* a stand alone network, small server that had a single encrypted data feed from outside.
the machines were brand new(we were some of the first trained to use them), but were already antiquated. the contractors spent more time working on them than us analysts. and there were so many holes in the gui that it wasnt funny.
even we, uneducated and unexperienced as we were with unix, were able to find several ways to do interesting stuff. its been too long to tell you the version of solaris running, but was a custom gui, with no command line for non-contractors. somehow, we found that it was easy to create a file with a few commands in it, save as .cshrc, and open a couple windows to execute it... and it didnt take us long to get transferred to another unit.
the point we were trying to make though, is before we got into trouble, we told the contractor what we could do, we reported everything we did to see if he could stop us. and he could never get the authorization. he tried a few things on his own, but we always found ways to circumvent them.
now, we query you, what if we had been malicious? or, for that matter, anything other than curious? we never broke anything, and only got root once (did nothing with it, but let the contractor know). granted we were right there, and that makes a difference, but there are many out there whom are much better than we (though we are still learning - not cracking, losing our job was enough to teach us a lesson), and many systems are not so remote.
just a thought.
Where hast Great OOG gone?
OK, I can only speak with regards to a fighter aircraft here, but I would guess most everything else will be similar. (knowing how uncle sam operates ...)
I hope to God that the arming circuitry requires some kind of hardwire interface at least for the last stage of final go-ahead for launch.
Hell yes!!! I work SMS (stores mgmt system) right now. This is what we do. In order to launch a missile or drop a bomb, the master are switch is required by the hardware to be in the armed position and the weapon release is required by the hardware to be depressed. If either of those interlocks (and a whole mess of software interlocks and other software/hardware interlocks) aren't OK, the missile never comes of the rail. (or isn't ejected)
I would have though that with military tech. being, what, 5 years or more in advance of what we civilians get they would be using multiple signal, spread spectrum, 2GB encryption keys and a slew of other technologies that make it at least infeasable to try and crack. And yes I do mean for navigation and indeed all subsystems of any kind of military device or even civillian device which has the possibility for far-reaching or deadly effects if such a system were to be compromised.
The keys aren't THAT big (on the stuff I know about, which isn't all that much since I'm not with the NAV team) but freaking EVERYTHING is encrypted. The JTIDS shared tactical info, the comms, the datalink to your wingman, nav, gps, etc. And yes most of it is spread spectrum. There is a bunch of anti-spoof stuff built into a lot of it as well.
Basically some cracker hijacking a manned combat vehicle will not happen. Ever. Period. Even if someone got around 1 layer of crypto, they would have more to deal with other stuff. (like the fact that these systems are unbelievably complex, and use some pretty strange hardware.)
The issue is the new UCAVs. (unmannded combat air vehicles) These could be hijacked somehow if the crypto on the link was broken. These are not gonna be deployed for quite some time, and I'm sure the link encryption will be heavy duty. (I would guess to the point of requiring dedicated proprietary hardware on both ends. that's just a guess based on past experience however.)
dv
"There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
That was my thinking. I know a lot of competent and disciplined people who served in the military. More like, most of the competent and disciplined people I know were in the armed forces or something like it. Especially with a well defined chain of command and rigid oversight, I just don't think that they are capable of creating such a comedy of errors. Okay - it's stupid enough to hook all your tanks up to the internet. I don't buy it, but let's say it happened. But then would they really go out and advertise this to the world? Of course not. This is the government! Master of masters when it comes to coverups and hushing a sensitive situation. I think this is more a product of sensational reporting than of stupidity on the part of the Army.
--
I think there is a world market for maybe five personal web logs.
You will find, that for most "sensitive and mission critical" operations (that does cover a lot with the military, but not most of their PC LANs), they use the tried-and-true "air gap" firewall: They simply don't connect the internal systems to any external systems. You can't attack what you can't talk to.
Now, the Navy seems to be having trouble with their "smart" ships, but so far, their track record there isn't too hot (remember the whole NT debacle?). That whole program seems to be more like some Star Trek fan's wet dream then your "standard", ultra-paranoid military project. I can only hope it is the exception and not the rule.
You will find the military is very strict with regards to what you connect to what, how you can connect it, and how you have to protect it and shield it. And with good reason.
If you've got a PC with classified data on it, then the entire system is classified. Including the keyboard and monitor. (No, I'm not making that up. I've seen many Air Force PCs with red "SECRET" stickers on the keyboard and monitor.)
If you so much as put a floppy disk in the drive and take it back out, that floppy is now classified as well. You also cannot connect just any hardware to the system; you need to make sure everything is properly shielded for EMSEC (emissions security; what used to be called TEMPEST). This applies all the way down to serial cables connecting to external SDDs (Secure Data Devices).
I'm fairly confident this article is pointing out exceptions in design policy to ensure that the exceptions do not become the norm.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
In related news the Cult of the Dead Cow announced that they were buying the makers of popular remote administration program PC Anyware.
Members were reported as saing "We have cought a lot of flack for hackers who write remote administration software. This has allowed inferior products like PC Anyware to take some of our market. This merger is benifitial to both PC Anyware and Back Orafice. It will provide PC Anyware customers with the more powerful Back Orafice which has a better interface, plugin support, more portable clients, and is open source. Back Orafice will recieve use of the PC Anyware name which should allow more companies to use the product officially."
The U.S. millitary seems happy about the merger. They reported that they have had security and preformance problems related to their new PC Anyware / NT driven missles. "Back Orafice's encrypted connections and higher preformance are exactly what we were lookng for in a remote administratin product and the Butt Plugs feature offers a better interface to specialised hardware then PC Anyware could" the report said. The repost went on to say that Back Orafice's interface looked cryptic and difficult when the product was first considered, but apperently a large portion of recruting age males recieve training in the use of Back Orafice from their High Schools and this is expected to offset any difficulties encountered.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
It is somewhat particularly troubling indeed. The US Military as a whole is farming most of their computer programming out to civillian contractors these days. For example, I believe the Navy has most of the software for their ballistic missle submarines done by GTE. (These are the same folks that use NT4.0 for navigation and damage control routines on Aegis missle cruisers, which have failed more than once, leaving a billion dollar vessle dead in the water)
As opposed to the USAF, which just barely does most of their work in house.
At anyrate, talk to a military programmer, and they'll admitt that quality control can be iffy, budgets are short, and the Brass is always looking for a way to trim budgets. Even if it means going with an off the shelf product, hacked and crammed into working by only one or two enlisted men, who leave a few months later for higher paying civillian jobs.
And now the Military is looking at things like fully autonomous combat vehicles. The next US Army MainBattleTank, in later versions will operate autonomously, Both the Navy and Airforce hope to fly UCAV (unmanned combat air vehicles) that for a large part operate autonomously, if not fully.
Hackability of these systems may not be practical, many of them will operate without external data connections, being solid systems.
What is my concern more than anything, is that these systems need their software to perform at all, and the trend at cutting corners, and having a shrinking qualified personnell base, is what the Military is really in danger of.
Sounds like the military wants to be able to blame someone when they attack unprovoked.
Taiwan: Why did you attack us!!!
US: Wasn't us, someone must have hacked into our computers and done it.
Later that day
US: *snicker* fools