Meshnet Digital Armor To Protect Tanks

An anonymous reader writes "General Dynamics Canada and Secure Computing have partnered to develop Meshnet, a hardware/software firewall designed to protect networks and digital devices inside tanks and other military vehicles from hostile computer and virus attacks. Without adequate protection a tech savvy enemy can infiltrate networks, manipulate information, and deny crews the data they need to participate in modern warfare. Exactly such an event happened last year to an Israeli crew, when hackers from Hezbollah eavesdropped on their communications. 'The system uses Secure Computing's off-the-shelf Sidewinder Security Appliance ... Sidewinder consolidates all major Internet security functions into a single system, providing "best-of-breed" antivirus and spyware network protection "against all types of threats, both known and unknown," according to Secure Computing.'"

Why?

[msi]

Or just shoot any one coming towards you with a laptop!

Re:Why?

[eobanb]

Well, that's not entirely true. For example: 2.4 GHz, which is an ISM band in the United States, is used by the French military in France. Therefore, a number of common electronics, like cordless phones, Bluetooth devices, 802.11, etc., have faced problems with the government banning their use; over time, industry groups have been able to cut through the red tape, but both Bluetooth and Wi-Fi was not allowed in France for several years after it was already in wide use in other countries.

Re:Why?

[Mister+Whirly]

The French Military? Why even bother trying to encrypt "We Surrender!" - their enemy will find out soon enough.

If you want a chuckle, go to Google and type "French military victories" and click on the "I'm Feeling Lucky" button...

Umm?

[pembo13]

Is there some deficiency in the military's current ability to kill people that I am not aware of? Or are they preparing to defend against extra terrestrial attacks? Isn't this the second military research story for week?

Re:Umm?

[aadvancedGIR]

No, they are still as deadly, it is just that if a hidden guy with a wireless laptop could trick a nearby MBT crew to fire on their own troops, it would be bad news.

Sanity check:

[Jennifer+York]

Do anyone think the Hezbollah reference is a little bit odd? How does intrusion detection and firewalls stop someone from eavsdropping on communications? Please point out the reference that deatils how an Isreali tank was denied information, or misled by false information.

This unsubstantiated BS as a justification for an obvious product placement requires more scrutiny. I don't doubt that there IS a chance that some enemy force could have the capability to "hack" a tank, but the "Exactly such an event happened last year to an Israeli crew" needs some evidence.

Re:Sanity check:

[ByOhTek]

So, lets say I'm connecting to my computer via SSH, and I'm a savvy individual, I notice a keyswitch, etc, and won't connect if I see something like that (suggesting a man in the middle).

No you think "great, it'll be hard to evesdrop on my conversation, I'm running SSH, it's encrypted!"

So, now some hacker comes along and wants to observe me. He *could* go after my SSH traffic, and try to decode it, but look! I'm not running a firewall or intrusion detection software. He figures (correctly in most cases), it will probably be easier to hack into my system, and put monitors there.

So, without a firewall, he got in easier, and without an intrusion dection system, I didn't find out. I now have a "new" ssh client, that copies everything over to his/her system, all network traffic is sent in duplicate, the keylogger is collecting all my paswords, etc, etc, etc...

Re:Sanity check:

[ArcherB]

The communication is wireless. Either they were not encrypted, did not frequency hop or were jammed. Probably a combination.

Re:Sanity check:

[dwillden]

Absolutely it's odd, since Hezbollah wasn't really able to listen in on the Israeli radio's, they just used Direction Finding to locate where the Israelies were broadcasting from, and used that to plot where the Israelies were and where they were going.
There was no great security hack, just monitoring and DF'ing the encrypted radio traffic. I don't need to know what is actually said. If I can track the enemies location by simple DF'ing of their communications, I can quickly locate them and then track their movements. And when that indicates that a large number of radio's are moving up the valley towards my position, I know to be ready to attack, defend or run.

This reminds me

[javilon]

This reminds me of Ghost in the shell, "I pwned your eyes".

Skynet

[jandoedel]

Hope it helps a bit when Skynet takes over. I for one don't welcome our Skynet overlord with his beowulf cluster of hacked tanks.

The 800 LB gorilla in the room...

[tgatliff]

No one wants to suggest the obvious, which is systems like this should never require antivirus and spyware support. For mission critical systems, the only thing they should use is embedded devices where the only way to install additional software is by flashing the firmware on the device. Also, use of a hardened kernel would be nice...

Re:The 800 LB gorilla in the room...

[somersault]

How are they meant to install their bonzai buddy on that?

Re:The 800 LB gorilla in the room...

[krazytekn0]

The problem with this is that the spec-writers for government contracts don't know anything about the products they are trying to buy. Therefore we would end up with job specs at my old job that said stuff like, "1 piece tank with no seams that is 6' tall by 6' diameter, delivered and set in place." Which would normally be ok except the only doors on the facility are 30" wide. So one could imagine that the spec for these systems had some kind of requirement for the vendor to remotely update many tanks/vehicles at a time but they have to be totally impervious to virii and/or malware. Something that most of us know is completely impossible but some purchasing guy for the Army doesn't give a rats ass about because it's not his problem and it's not his money, it's the vendor's problem and my money.

Re:Don't want to imagine

[Sqweegee]

The easy option: Don't have any remote communication/data systems connected to vehicle control systems, unfortunately there's already a lot of hardware out there already.

The solution the US military will come up with: Spend trillions setting up a super intelligent AI that can defeat hackers on the fly and control all military weapons on it's own to spare ever needing to send real troops into battle again... it will be named Skynet...

Re:It apparently runs Linux

[Critical+Facilities]

It apparently does run Linux!

No, It doesn't. According to the PDF in the article:

Administration system requirements OS - MS Windows 2000 or XP CPU - Intel (1 GHz minimum) Memory - 512 MB minimum Drives - 300 MB of available disk space, 3.5" 1.44 MB floppy disk drive, CD-ROM drive Monitor - 1024 x 768 or higher Network interface card - access to your firewall network Browser - Internet Explorer 4 or later; Netscape 4.x or later Model 2100 & 2150 - 2U platform Model 1100 - enterprise 1U platform Model 410 & 510 - small 1U platform Application (layer 7) throughput example* Operating at virtual wire speed over a Gigabit Ethernet Gigabit Fast Ethernet Ethernet 0 200 400 600 800 1000 1200 1400 1600 1800 2000 2.2 Gbps 4 HTTP Application Defenses 2200

I'm no security expert, but those don't sound like "strong links" in the chain.

And those protected devices now slow to a crawl...

[securityfolk]

C'mon Joe, aim the turret, aim the turret!!! Sorry Jim, I can't - my system isn't responding right now - it's scanning for spyware :(

BOOM...

In reality...

[Javarufus]

The evidence from the digital attack last year is as follows:

"The A-176 tank scope operator was panning to the North to acquire the target in question when a pop-up add appeared in the view finder alerting him of a fantastic deal on Viagra. Later alerts included free porn and offers to download virus scanning software"...

Nice ad

[Pedrito]

How do I get my products advertised as articles on Slashdot? I imagine that could be pretty lucrative. Who do I pay?

Single Point of Failure

[cyberbian]

Any security consultant worth his salt would be aghast at the military taking up a posture that allows for a single point of failure. Defense in depth is the current mechanism of choice... talk about putting all of your eggs in one basket.

Missing the obvious

[athloi]

Just shoot back at the enemy. If your tanks are getting hacked, cancel the MySpace page for your regiment.

What is their "antivirus" protecting against?

[argent]

Is the military so stupid they're actually using Windows-based software (or software running ANY consumer OS for that matter) in battlefields? If so, there's been a major drop in their design and code standards in the past few years.

Also, what's the threat? "This was reportedly the case during Israel's incursion into South Lebanon last year, where Hezbollah hackers were allegedly able to monitor IDF communications, giving the guerrillas a leg up in attacking Israeli armor." sounds like ordinary signals intelligence. You don't fight that with firewalls and antivirus software, you fight it with encryption and electronic countermeasures like dummy sources to fight tracking and traffic analysis.

Re:What is their "antivirus" protecting against?

[argent]

If so, there's been a major drop in their design and code standards in the past few years.

Really?

Yeh, I know a lot of people who were working on mil-spec stuff back in the '80s and earlier, and their battlefield and avionic firmware was using languages and systems developed specifically for military use. Some of them were even dismissive of ADA. I think using C++ would have started a rebellion.

I seem to recall a battleship that got stalled a few years back ...

Yeh, an experimental one. After that fiasco, they went ahead into production?

Re:So there's me thinking...

[stoicfaux]

The sorry state of affairs today in that our boys on the field rely TOO MUCH on TECHNOLOGY is reflected in what happens when that technology FAILS. People DIE.

a) Technology can give you a huge advantage over The Enemy(tm). Which is why the US led coalition was able to dominate in Desert Storm.

b) Because technology acts as a "force multiplier," meaning you can do a lot more with less people/tanks/planes/etc.. Without high technology we would need many more real live people in the military. So you either pay the cost in technology or you pay the cost with a larger percentage of your population in uniform and/or in harm's way.

c) Technology requires "less skill" to use. Having infrared sensors, laser range findings, and a computerized fire control system makes the M-1's main gun very deadly. How long would it take for a gunner to get that good using just the Mark I Eyeball and human skill? People in the military should be focused on winning, and not on frantically having to look up wind speed on paper firing tables before taking a shot.

Yeah, you go with that.

[khasim]

There are a lot of ways to hack into a system, it varies on the system.

No, there are not. There are very few avenues to crack any system.

#1. Attack the daemon listening on an open port.

#2. Trojans.

#3. Exploiting a vulnerability in an app when fed specific data (IE is a good example).

#4. Viruses that attach themselves to other apps.

The best answer that can be given without more information is simply - they try stuff until they get some indication of the quality of the user, and the OS. At which point, they pick their method and target.

Yeah, you've just repeated yourself without explaining how the firewall is supposed to do anything.

Cracking a Windows box is different from a Linux box which is different from a FreeBSD box which is different from a Solaris box.

No, it is not. They all have the same, limited, avenues of attack. There is nothing "different" about that.

Re:Yeah, you go with that.

[MarsDefenseMinister]

#5 social engineering. The secretary will let you in, and she's easily tricked.

Well no, not really

[SmallFurryCreature]

That conflict showed the failure of an army fighting by the rules, against an enemy that did not, and never has.

If Israel could have used the full force of its military without the world breathing down its neck, hezbollah would have been so much smoking corpses.

What this shows you is that most advanced tank cannot deal with a meat shield if there is a camera crew near. Hezbollah has become very good at using this kind of war, they had to, the more recent lebanese actions have shown they suck at military conflict. Note that lebanon could just blow the hell out of hezbollah bases and civilian casualties be damned. Suddenly the world realises that just because a shot up corpse is dressed in civil garb, does not make it a civilian.

In fact the military conflics around Israel have shown just how bloody effective modern equipment is, outnumbered in every way, Israel nonetheless manages to hold out, because they use tech to the max.

You are also wrong about the soviets, the russians were actually the one with the better gear against the germans. It just took a while for it all to come together, but it was the germans that copied soviet tech, not the other way around. The turn around came when russia learned to use the tech advantage it had and properly equip its soldiers with it. Early in the war, it had excellent tanks, but often without radios, or it had motivated troops, who lacked guns. Once that was sorted out, the germans never won a single battle against the russians. Superior tech.

Offcourse, you got to use it properly.

Iraq again shows you just how lethal tech is over numbers. The iraq army was many times greater and was wiped out.

The current conflict has nothing to do with the lack of manpower or reliance on tech. You cannot occupy a country that doesn't want to be occupied unless you are capable of dealing out massive amounts of punishment Roman style. Storm the city, kill everyone inside, tear down the buildings, plow up the ground and sow it with salt, so that you can then point to the desolate area and say, "this is what we do with those who oppose us, any questions?"

In a way, Hezbollah uses very modern weapons, western media, to fight the war. No use of radio? How do you think the images of bloodshed, real and staged made its way to the west? Pigeons?

One final note. You state that Israel only managed to advance X miles. How many miles did Hezbollah advance? Okay, yards then. Feet? Inches? So much for low tech then. Hezbollah has never once manage to threaten Israels survival. It is one of the reasons Lebanon is so fed up with them and finally took action against them and this time, the world media didn't care.

How about making that #7?

[khasim]

Since the tanks PROBABLY aren't running fiber or CAT 5 between them ... we're talking radio signals. So yeah, if they can attack TCP/IP or exploit a vulnerability in the transmission itself ...
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

And as you've noted, a firewall would NOT be much help.

Particularly, as noted in the article, and "off the shelf" firewall.

Re:id4-type attack?

[IgnoramusMaximus]

You are confusing logic with sales. The point of this excercise is to sell a bunch $50,000 anti-alien-mind-control-ray tin foil hats. "100% Guaranteed and Tested! No Space Aliens have ever penetrated our ReflectoBeanie! Its a real bargain!"

Never you mind that practicality of manipulating takns into shooting each other or their own troops is beyond ridiculous from the perspective of logistics on the battlefield and return on investment for the attacker who would have to be just in the right place in the right time with a complete understanding of the internal workings of the enemy's command and control systems and procedures, relative tank positions and in respect to their true targets and also to be able to plausibly override voice communications when one tank commander goes on his radio to ask "Sir, why are we prorized to shoot a target 90 degrees from the direction towards the enemy positions?".

But thats Military Industrial complex for ya. Next up, $500 military-grade anti-vampire garlic patches.