Slashdot Mirror
Meshnet Digital Armor To Protect Tanks
An anonymous reader writes "General Dynamics Canada and Secure Computing have partnered to develop Meshnet, a hardware/software firewall designed to protect networks and digital devices inside tanks and other military vehicles from hostile computer and virus attacks. Without adequate protection a tech savvy enemy can infiltrate networks, manipulate information, and deny crews the data they need to participate in modern warfare. Exactly such an event happened last year to an Israeli crew, when hackers from Hezbollah eavesdropped on their communications. 'The system uses Secure Computing's off-the-shelf Sidewinder Security Appliance ... Sidewinder consolidates all major Internet security functions into a single system, providing "best-of-breed" antivirus and spyware network protection "against all types of threats, both known and unknown," according to Secure Computing.'"
Deposit 50 cents to continue. 30, 29, 28.... game over.
Before anyone asks...
"best-of-breed" antivirus and spyware network protection
It apparently does run Linux!
I got a catholic block.
Or just shoot any one coming towards you with a laptop!
why do i get the feeling this software is going to have some gaping holes in it?
use their wifi to play WoW?
Is there some deficiency in the military's current ability to kill people that I am not aware of? Or are they preparing to defend against extra terrestrial attacks? Isn't this the second military research story for week?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
This unsubstantiated BS as a justification for an obvious product placement requires more scrutiny. I don't doubt that there IS a chance that some enemy force could have the capability to "hack" a tank, but the "Exactly such an event happened last year to an Israeli crew" needs some evidence.
Dominant Meme
Perfect protection against unknown attacks. What are they dreaming of at night?
This article begs the thought, what if a hostile force did take over the computer systems of military vehicles. With the advent of fly by wire and now drive by wire systems, the computer can pretty much take complete control over the vehicle. Add in something like Storm, which can run more brute force keygens than even the best supercomputer, and none of these vehicles are in any way secure, even with this new digital armor installed.
Karma Whoring for Fun and Profit.
If the current defenses against phishing, spam, and botnets are any example, it's going to be a long, long struggle to keep things "clean".
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
That article was so light on information, it was worthless. And for anyone that did actually RTFA (like me) the last line was SERIOUSLY ABOUT THE COLOR SCHEME OF THE TANK! Wtf!
So, defense contractors plan to use off the shelf network security tools in the future because the one currently deployed are too easily hacked. What the point in having that on the main page?
This reminds me of Ghost in the shell, "I pwned your eyes".
When his defense asked, "Which computer has Jon Johansen trespassed upon?" the answer was: "His own."
Incoming buzzword alert!!! Run for best of bread cover against unknown threats.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
They won't say which BSD, but who wants to bet OpenBSD or at least parts of OpenBSD have found their way into it?
Karma Whoring for Fun and Profit.
Hope it helps a bit when Skynet takes over. I for one don't welcome our Skynet overlord with his beowulf cluster of hacked tanks.
No one wants to suggest the obvious, which is systems like this should never require antivirus and spyware support. For mission critical systems, the only thing they should use is embedded devices where the only way to install additional software is by flashing the firmware on the device. Also, use of a hardened kernel would be nice...
HOW does he do that?
Does he send you an email with an attachment named "nude girl.jpg.exe" that you open?
Does he send you an HTML email that exploits a vulnerability in Outlooks/IE?
Does he use a worm to attack the vulnerability in your SSH daemon?
Does he leave a floppy disk on the battlefield that you boot to see what's on it?
HOW does he crack your system? And HOW does this firewall prevent that?
Slashdot is now publishing press releases from military-industrial-complex vendors without any real commentary in the main post?
Yeah, the military needs firewalls at all levels of networking, but is this news?
Recursion: To curse repeatedly.
It comes down to something like this I think. Which is better? "Battlewide intelligence acquisition systems", or a 10% increase in manpower?
Exactly what good does all our "modern" military high tech equipment do? Does some bluetooth based worldwide communication equipment actually make a soldier more efficient, or does it just weight him down? Do tanks need the latest Wifi based external cameras streaming megabytes of information back to HQ, or do they need to, say, be less flammable.
Stalin once asked of the Pope: "How many divisions has he got?". It shows the mindset of those whose countries actually fought in a major and prolonged conflict. For them, it was not as much about which tank could turn faster, or whose radios had a better signal. It was about how many men (and for the Soviets, women) they actually had to fight with.
I'd ask of the Western world: "How many divisions have you got?". Note; UAVs, CCTV cameras and satellites do not count towards your tally.
May the Maths Be with you!
BOOM...
The evidence from the digital attack last year is as follows:
"The A-176 tank scope operator was panning to the North to acquire the target in question when a pop-up add appeared in the view finder alerting him of a fantastic deal on Viagra. Later alerts included free porn and offers to download virus scanning software"...
Now I know for a fact you can't run Opera or iTunes on this thing!
How do I get my products advertised as articles on Slashdot? I imagine that could be pretty lucrative. Who do I pay?
Any security consultant worth his salt would be aghast at the military taking up a posture that allows for a single point of failure. Defense in depth is the current mechanism of choice... talk about putting all of your eggs in one basket.
if I claimed I was emperor just because some watery tart lobbed a scimitar at me they'd put me away!
Just shoot back at the enemy. If your tanks are getting hacked, cancel the MySpace page for your regiment.
technical writing / development
As I work at GDC, a few clarifications are in order.
It looks like they are actually talking about the Tactical Network Gateway, which is part of the MESHnet product group, which includes a whole bunch of other stuff.
They do actually run Windows in the tanks. Its a big step up from the old SCO Unix boxes that they used to run (And still run in Afghanistan).
Now who would argue with a Beowulf cluster of those?
Enter your password. You now have ten seconds to comply
Is the military so stupid they're actually using Windows-based software (or software running ANY consumer OS for that matter) in battlefields? If so, there's been a major drop in their design and code standards in the past few years.
Also, what's the threat? "This was reportedly the case during Israel's incursion into South Lebanon last year, where Hezbollah hackers were allegedly able to monitor IDF communications, giving the guerrillas a leg up in attacking Israeli armor." sounds like ordinary signals intelligence. You don't fight that with firewalls and antivirus software, you fight it with encryption and electronic countermeasures like dummy sources to fight tracking and traffic analysis.
How do you use your eyes to sight a target in the dark? I'd say the system on the Abrams is doing its job well, if the 95% hit percentage is accurate.
http://en.wikipedia.org/wiki/M1_Abrams#Aiming
A post a day keeps productivity at bay.
"You have aquired an enemy target. Cancel or Allow?"
You know what?
The sorry state of affairs today in that our boys on the field rely TOO MUCH on TECHNOLOGY is reflected in what happens when that technology FAILS. People DIE.
a) Technology can give you a huge advantage over The Enemy(tm). Which is why the US led coalition was able to dominate in Desert Storm.
b) Because technology acts as a "force multiplier," meaning you can do a lot more with less people/tanks/planes/etc.. Without high technology we would need many more real live people in the military. So you either pay the cost in technology or you pay the cost with a larger percentage of your population in uniform and/or in harm's way.
c) Technology requires "less skill" to use. Having infrared sensors, laser range findings, and a computerized fire control system makes the M-1's main gun very deadly. How long would it take for a gunner to get that good using just the Mark I Eyeball and human skill? People in the military should be focused on winning, and not on frantically having to look up wind speed on paper firing tables before taking a shot.
The article makes it sound like M1s are Bolos, or something. But slow down there, McFly. The ability to "blind" a tank assumes a level of tech that's not currently available.
Sure the commander is getting info electronically. But it's not like the computer that stabilizes the gun and sight is connected to the network. Nor is the turret traversing mechanism. The article at best glosses over the systems that are networked, and at worse is FUD. From TFS it sounds like there's imminent danger that Al Queda is going to be hacking our tanks' mainframes and turning them against us. As cool as some super-networked, computer controlled, AI-powered, self-aware nuclear tank sounds, they're not in the inventory right now.
If you want the real chance to do physical damage by hacking, crack the control network of a Predator and shoot a Deuce-and-a-half with a Hellfire. That'd be real "win" for some 133t haxor in a burqa. And they'd get terrific PR (which is what Al Queda is really all about) from using The Great Satan's own weapons against us.
As far as tanks? Nothing to see here. Move along.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
No, there are not. There are very few avenues to crack any system.
#1. Attack the daemon listening on an open port.
#2. Trojans.
#3. Exploiting a vulnerability in an app when fed specific data (IE is a good example).
#4. Viruses that attach themselves to other apps.
Yeah, you've just repeated yourself without explaining how the firewall is supposed to do anything.
No, it is not. They all have the same, limited, avenues of attack. There is nothing "different" about that.
Exactly. It's the same old story with military hardware salesmen. The put words in nice brochures that attract the senior officers who don't understand the details. Look at the words used in the ad.
"The system uses Secure Computing's..... " makes it sound secure.
"off-the-shelf.... " makes it sound 'cost effective'
"...Sidewinder Security Appliance..." makes it sound like a cool offensive weapon
".... consolidates all major Internet security functions into a single system" makes it sound like they have everything in a small box (perfect for in a cramped tank i hear them say),
"..providing "best-of-breed" ".... sounds like they had to compromise... I feel it slipping...
"...protection against all types of threats, both known and unknown.." see that!? protects against 'unknown threats'... Wow... if you read far enough down the brochure you'll find the snake-oil salesman will advertise the snake oil.
I deal with this kind of stuff every day. As the parent pointed out, you don't need to dig very far to find that the system uses the largest target OS out there with arguably the most exploits available to 'hackers'.
I've dealt with enough military equipment to know that if I had seen something along the lines of Trusted sun/vxworks OS, TEMPEST tested to xxxx, MIL-STD-461E (or similar) DO-178B for environmental... NISP Chapter 8 and 9 compliant... Common Criteria (ISO/IEC 15408) etc... then it'd be worth taking a second look.
"We're taking small arms fire, possible RPG position sighted!"
"Ballistics are non-responsive! The whole thing is locked up! Possible enemy infiltration of system... wait, no, it's installing new DATs. 28% complete... 29%... RPG fire! Cover!"
XeoMage
Gaius Baltar, seen with an attractive blonde collegue, assured the Congress in a special Senate Session that the integrated network was completely safe from Cylon, er uh, Chinese attack...
This is my sig.
first Windows for Warships
now Windows for Tanks
"officer on my mark, fire at will on target 254 delta!"
"user account control is asking if i approve or deny the action"
"approve! approve! target is acquiring cover!"
"windows firewall is asking if i should unblock port 666 for application gitty.usuckusa.exe"
"aaaaahhh!"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
That conflict showed the failure of an army fighting by the rules, against an enemy that did not, and never has.
If Israel could have used the full force of its military without the world breathing down its neck, hezbollah would have been so much smoking corpses.
What this shows you is that most advanced tank cannot deal with a meat shield if there is a camera crew near. Hezbollah has become very good at using this kind of war, they had to, the more recent lebanese actions have shown they suck at military conflict. Note that lebanon could just blow the hell out of hezbollah bases and civilian casualties be damned. Suddenly the world realises that just because a shot up corpse is dressed in civil garb, does not make it a civilian.
In fact the military conflics around Israel have shown just how bloody effective modern equipment is, outnumbered in every way, Israel nonetheless manages to hold out, because they use tech to the max.
You are also wrong about the soviets, the russians were actually the one with the better gear against the germans. It just took a while for it all to come together, but it was the germans that copied soviet tech, not the other way around. The turn around came when russia learned to use the tech advantage it had and properly equip its soldiers with it. Early in the war, it had excellent tanks, but often without radios, or it had motivated troops, who lacked guns. Once that was sorted out, the germans never won a single battle against the russians. Superior tech.
Offcourse, you got to use it properly.
Iraq again shows you just how lethal tech is over numbers. The iraq army was many times greater and was wiped out.
The current conflict has nothing to do with the lack of manpower or reliance on tech. You cannot occupy a country that doesn't want to be occupied unless you are capable of dealing out massive amounts of punishment Roman style. Storm the city, kill everyone inside, tear down the buildings, plow up the ground and sow it with salt, so that you can then point to the desolate area and say, "this is what we do with those who oppose us, any questions?"
In a way, Hezbollah uses very modern weapons, western media, to fight the war. No use of radio? How do you think the images of bloodshed, real and staged made its way to the west? Pigeons?
One final note. You state that Israel only managed to advance X miles. How many miles did Hezbollah advance? Okay, yards then. Feet? Inches? So much for low tech then. Hezbollah has never once manage to threaten Israels survival. It is one of the reasons Lebanon is so fed up with them and finally took action against them and this time, the world media didn't care.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Reminds me of Battlestar Galactica and how the Cyclons hacked into a squadron of Vipers via their sensor arrays and shut them down. Granted they had placed a backdoor in the software (or found a security gap.)
Then there was that power generator that could be "hacked" and given commands to tear itself apart.
And then there's war driving where you drive around looking for wireless networks to access/hack/piggyback on.
And then there are those huge zombie networks containing hundreds of thousands of compromised computers worldwide.
And the there was Vietnam. If you can't fight them directly, then use guerilla warfare. If it's easier to knock out a tank by hacking it's computer than it is to fight it directly...
Rabbits don't shoot back. Infantry do. They'll kill armor first if they get too close. Modern armor absolutely needs the improved sensor suite, or infantry can approach under modest cover with grenade launchers, RPG's, or other tools for eliminating armor.
Quick, input the key to take over their Bridge !
Crap they changed it !!!
KHANNNNN !!!!
Guns are for wimps... Use a crossbow.. this way you can pin them to their chair when you go postal.
Yep, if you can get the codes from someone else ... you're in.
...
Which brings up #6. Backdoors and simple passwords. If your tank's system "admin" account has the password of "USA", well
And let's not forget about "debug" accounts and such that are hard coded and NOT mentioned in the documentation.
Once again, this is just product placement.
A firewall won't do you any good when the intruders are already on your network!. Someone is apparently oblivious to the fact that tanks communicate with radio networks, and anyone within broadcast range can become a part of the network. Having a firewall won't do you any good, security wise. Having an encrypted network, OTOH, will.
While communication security is important to the armed forces, I wouldn't trust any of the contractors in the article to do it correctly. Mentioning "firewalls" and "viruses" and other computer security buzzwords only goes to show that the vendor doesn't truly understand tactical security. You don't want a firewall, you want:
I know, I know, they're trying to sell a product. But the first rule of advertising is give the impression that you at least know what you're talking about. Or perhaps they're counting on government officials to be generally ignorant of the manner in which technology works...
The society for a thought-free internet welcomes you.
Since the tanks PROBABLY aren't running fiber or CAT 5 between them ... we're talking radio signals. So yeah, if they can attack TCP/IP or exploit a vulnerability in the transmission itself ...
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
And as you've noted, a firewall would NOT be much help.
Particularly, as noted in the article, and "off the shelf" firewall.
Whew, at least we're safe from the Cylons!
EvilCON - Made Famous by
What I want to know is what joker managed to sell tanks to the Canadians in the first place? Didn't the Canadians revert to pacifism or something after WWII? -- I want the guy that managed to sell them tanks in charge of marketing at my company!!!
BSD is the largest target OS out there? The standard joke is that BSD is dying, not that it isn't secure.
Don't confuse the workstations with the firewall.
The system they are talking about is based off the MESHnet NAU, which is compliant with MIL-STD-461E, TEMPEST, MIL-STD 810D and a whole bunch of other standards as well.
http://www.gdcanada.com/content/detail.cfm?acronym=NAU&page=2
"Always with the negative waves"
... I'll have a Pan Galactic Gargle Blaster with a side of Plutonium Nyborg
yeah, that'll teach me for not reading TFA and the link... but relying on the GPP's post saying it was on XP with ie... Looks like a reasonable piece of kit. Thanks for the link.
Yum. eating my own words is tasty.
Who are they getting ready to fight? China? Whose military could be sophisticated enough that the would conceive of remotely taking control of tanks and having them shoot at each other?
Any guest worker system is indistinguishable from indentured servitude.
Clearly, you are an idiot. Technology, when used anywhere near properly, is a force multiplier. cf., say, a hammer, or the Internet and the computer you used to make that post, or the car you drive to work. Greater technology allows humans to accomplish things that are only possibly done by a much larger number of humans who don't have that tech, if at all.
Don't fall prey to the romanticism of the underdog in a case like this. Let's see, do I want one hundred guys on horses shouting charge or six guys with Gattling guns? By your logic, you'd take the mounted cavalry. Enjoy those horseburgers!
Whenever I read, "protection 'against all types of threats, both known and unknown'" - all I can do is laugh. I realize that MBA's write articles like this, not technologists but come on, am I the only one that sees the logical fallacy in that statement?
Dennis Dumont
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Hezbollah intercepted IDF communications by simply listening into the calls made by IDF personnel on their personally owned cell phones as they were deployed to different positions. They didn't hack into any network, nor crack any encrypted communications between commanders. Clearly the party at fault is IDF's commanders for not telling their soldiers to not use their cell phones.
Technology is good at some things but does have its drawbacks. The more complex a system is, the more likely it will break down at the wrong moment. On a tank the problem is not that bad. Technology helps but there are multiple backup systems so even if all the computers fail, you can still fire the guns. A M829A3 120mm APFSDS round travels at 1,575 m/sec so at ranges up to 2,500m, whatever you point at will die.
As for hacking into a tank's computer, it is impossible. The Tactical Coms system employs very heavy duty encryption plus frequency hopping on voice and data transmissions.
Today's vices may be tomorrow's virtues.
As always, the people who win wars are the ones who can mobilise the biggest armies and most equipment. Storemen win more wars than infantrymen. Hollywood might let you think that winning is due to six navy seals called "Bad karma leader", but real war is a lot more boring than that.
Sure, some technology does make it easier to be a soldier (point-and-shoot weapons), but a lot of it makes the soldier's work much harder. That's a lot of the reason that training now is 5x or more what it was during WW2.
Engineering is the art of compromise.
Then it should be very easy for you to explain an attack that uses an avenue I have not listed.
But you won't be able to do that.
That shows that you don't know what you're talking about. I was not simplifying anything. I was listing each distinct avenue of attack.
I can put a machine with a default installation of Ubuntu on the Internet without a firewall and it will NOT be cracked. Despite a lot more people having a lot more time to crack it and with access to the source code and a list of exactly what was installed.
Canonical can manage that
That's the whole point. Hezbollah was hiding in the hospitals and residential areas so that Israel would look bad in the eyes of the world when they attacked. The strategy was not to win on the battlefield, but in the news media.
Creative Demolition
Still worthless !!
if one anti-tank missile hit the tank, the tank is turn into a rubble.
They should spend more on tank armor than networking firewall
Exactly such an event happened last year to an Israeli crew, when hackers from Hezbollah eavesdropped on their communications.
I think it's this one: the "hackers" from Hezbollah intercepted GSM calls made by the Israeli crews, who used the cell phones because it was easier and/or because cell phones happen to work better than IDF's bad radios. Or so I've heard.
It doesn't take a big genius to learn something is about to happen soon when the GSM call amount suddenly jumps among IDF people. They'd be calling or texting home because it might be the last thing they do.
What else, it doesn't take a big genius to triangulate the position of cell phones, if you own the towers.
Other than that, the parts about tanks getting "hacked" is a bunch of shit. Mostly harmless advertising.
Be a fool not to - if you know many secretaries willing to turn a trick in a tank ! Good luck with that. Think it might lack comfort for both parties. Or all parties - depends on the number of crew and the number of willing secretaries.
How many beans make five, anyhow ?
... the bandwidth of a homing pigeon with memory cards strapped to its legs.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Tell me I'm wrong but is slashdot's policy to simply reprint press releases? ....
In that case