Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracking Military Devices

Posted by ryuzaki0 on from the breaking-the-law-breaking-the-law dept.

Kenneth Ng was one of the folks who wrote to us about an article CNN is running, courtesy of Federal Computer Weekly. The piece talks about scenarios that have caused the Army some consternation -- namely, crackers being able to take the wheel of remote-controlled military weapons systems like tanks, ships and planes. I dunno -- I kinda like the idea of being able to play Grand Theft Auto [?] with an M-1 Abrams tank.

6 of 193 comments (clear)

  1. It's not an issue with current platforms! by Bwah · · Score: 4

    OK, I can only speak with regards to a fighter aircraft here, but I would guess most everything else will be similar. (knowing how uncle sam operates ...)

    I hope to God that the arming circuitry requires some kind of hardwire interface at least for the last stage of final go-ahead for launch.
    Hell yes!!! I work SMS (stores mgmt system) right now. This is what we do. In order to launch a missile or drop a bomb, the master are switch is required by the hardware to be in the armed position and the weapon release is required by the hardware to be depressed. If either of those interlocks (and a whole mess of software interlocks and other software/hardware interlocks) aren't OK, the missile never comes of the rail. (or isn't ejected)

    I would have though that with military tech. being, what, 5 years or more in advance of what we civilians get they would be using multiple signal, spread spectrum, 2GB encryption keys and a slew of other technologies that make it at least infeasable to try and crack. And yes I do mean for navigation and indeed all subsystems of any kind of military device or even civillian device which has the possibility for far-reaching or deadly effects if such a system were to be compromised.

    The keys aren't THAT big (on the stuff I know about, which isn't all that much since I'm not with the NAV team) but freaking EVERYTHING is encrypted. The JTIDS shared tactical info, the comms, the datalink to your wingman, nav, gps, etc. And yes most of it is spread spectrum. There is a bunch of anti-spoof stuff built into a lot of it as well.

    Basically some cracker hijacking a manned combat vehicle will not happen. Ever. Period. Even if someone got around 1 layer of crypto, they would have more to deal with other stuff. (like the fact that these systems are unbelievably complex, and use some pretty strange hardware.)

    The issue is the new UCAVs. (unmannded combat air vehicles) These could be hijacked somehow if the crypto on the link was broken. These are not gonna be deployed for quite some time, and I'm sure the link encryption will be heavy duty. (I would guess to the point of requiring dedicated proprietary hardware on both ends. that's just a guess based on past experience however.)

    dv

    --
    "There's no secret. You just press the accelerator to the floor and keep turning left." -- Bill Vukovich
  2. Re:Maybe I'm just over-cynical.... by drix · · Score: 4

    That was my thinking. I know a lot of competent and disciplined people who served in the military. More like, most of the competent and disciplined people I know were in the armed forces or something like it. Especially with a well defined chain of command and rigid oversight, I just don't think that they are capable of creating such a comedy of errors. Okay - it's stupid enough to hook all your tanks up to the internet. I don't buy it, but let's say it happened. But then would they really go out and advertise this to the world? Of course not. This is the government! Master of masters when it comes to coverups and hushing a sensitive situation. I think this is more a product of sensational reporting than of stupidity on the part of the Army.

    --

    --

    I think there is a world market for maybe five personal web logs.
  3. This is why the military uses "air gap" firewalls by DragonHawk · · Score: 4

    You will find, that for most "sensitive and mission critical" operations (that does cover a lot with the military, but not most of their PC LANs), they use the tried-and-true "air gap" firewall: They simply don't connect the internal systems to any external systems. You can't attack what you can't talk to.

    Now, the Navy seems to be having trouble with their "smart" ships, but so far, their track record there isn't too hot (remember the whole NT debacle?). That whole program seems to be more like some Star Trek fan's wet dream then your "standard", ultra-paranoid military project. I can only hope it is the exception and not the rule.

    You will find the military is very strict with regards to what you connect to what, how you can connect it, and how you have to protect it and shield it. And with good reason.

    If you've got a PC with classified data on it, then the entire system is classified. Including the keyboard and monitor. (No, I'm not making that up. I've seen many Air Force PCs with red "SECRET" stickers on the keyboard and monitor.)

    If you so much as put a floppy disk in the drive and take it back out, that floppy is now classified as well. You also cannot connect just any hardware to the system; you need to make sure everything is properly shielded for EMSEC (emissions security; what used to be called TEMPEST). This applies all the way down to serial cables connecting to external SDDs (Secure Data Devices).

    I'm fairly confident this article is pointing out exceptions in design policy to ensure that the exceptions do not become the norm.

    --

    dragonhawk@iname.microsoft.com
    I do not like Microsoft. Remove them from my email address.
  4. Re:[OT]Re: "PC Anywhere"? by Weezul · · Score: 4

    In related news the Cult of the Dead Cow announced that they were buying the makers of popular remote administration program PC Anyware.

    Members were reported as saing "We have cought a lot of flack for hackers who write remote administration software. This has allowed inferior products like PC Anyware to take some of our market. This merger is benifitial to both PC Anyware and Back Orafice. It will provide PC Anyware customers with the more powerful Back Orafice which has a better interface, plugin support, more portable clients, and is open source. Back Orafice will recieve use of the PC Anyware name which should allow more companies to use the product officially."

    The U.S. millitary seems happy about the merger. They reported that they have had security and preformance problems related to their new PC Anyware / NT driven missles. "Back Orafice's encrypted connections and higher preformance are exactly what we were lookng for in a remote administratin product and the Butt Plugs feature offers a better interface to specialised hardware then PC Anyware could" the report said. The repost went on to say that Back Orafice's interface looked cryptic and difficult when the product was first considered, but apperently a large portion of recruting age males recieve training in the use of Back Orafice from their High Schools and this is expected to offset any difficulties encountered.

    --
    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
  5. Hacked Military Hardware by bailpossum · · Score: 5

    It is somewhat particularly troubling indeed. The US Military as a whole is farming most of their computer programming out to civillian contractors these days. For example, I believe the Navy has most of the software for their ballistic missle submarines done by GTE. (These are the same folks that use NT4.0 for navigation and damage control routines on Aegis missle cruisers, which have failed more than once, leaving a billion dollar vessle dead in the water)

    As opposed to the USAF, which just barely does most of their work in house.

    At anyrate, talk to a military programmer, and they'll admitt that quality control can be iffy, budgets are short, and the Brass is always looking for a way to trim budgets. Even if it means going with an off the shelf product, hacked and crammed into working by only one or two enlisted men, who leave a few months later for higher paying civillian jobs.

    And now the Military is looking at things like fully autonomous combat vehicles. The next US Army MainBattleTank, in later versions will operate autonomously, Both the Navy and Airforce hope to fly UCAV (unmanned combat air vehicles) that for a large part operate autonomously, if not fully.
    Hackability of these systems may not be practical, many of them will operate without external data connections, being solid systems.
    What is my concern more than anything, is that these systems need their software to perform at all, and the trend at cutting corners, and having a shrinking qualified personnell base, is what the Military is really in danger of.

  6. sounds like a cover up by adpowers · · Score: 5

    Sounds like the military wants to be able to blame someone when they attack unprovoked.

    Taiwan: Why did you attack us!!!
    US: Wasn't us, someone must have hacked into our computers and done it.

    Later that day

    US: *snicker* fools