Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
The Internet

Cracking Military Devices 193

Kenneth Ng was one of the folks who wrote to us about an article CNN is running, courtesy of Federal Computer Weekly. The piece talks about scenarios that have caused the Army some consternation -- namely, crackers being able to take the wheel of remote-controlled military weapons systems like tanks, ships and planes. I dunno -- I kinda like the idea of being able to play Grand Theft Auto [?] with an M-1 Abrams tank.
This discussion has been archived. No new comments can be posted.

Cracking Military Devices

Comments Filter:
  • by Anonymous Coward
    ...although there are well-known security gaps in the commercial systems that the Army plans to use on the battlefield, hacking into tanks and other weapons may prove to be too difficult for an enemy engaged in battle.

    This thinking deeply concerns me. It appears that they are considering this as a purely tactical vulnerability, rather than as a strategic one. Rather than worry about an opposing force compromising tank controls in a single engagement, this suggests a very real possibility of a systematic hijacking of central control systems by an enemy, either military or what is euphemistically called a "rogue element."

    If guidance systems and foe recognition systems alone can be compromised, one can wreak essentially unlimited havoc by (e.g.) sending troops unwittingly into the lines of enemy fire, causing troops to engage friendly troops unknowingly, or even drawing third parties into the fray by sending troops at another country. (Imagine if American troops in Korea had attacked China by mistake?)

    Most seriously, such an attack would not necessarily be obvious even in retrospect; the usual errors associated with any military operation (just where did that enemy unit go again?) might be enough to obscure the true origin of these systematic errors over a prolonged period of time. Only a continuous process of error analysis (the statistical frequency of various sorts of errors, measured by the disagreement of multiple independent detection systems; e.g. AWACS versus ground-based reconaissance versus satellite reconaissance) could detect such attacks reliably, and that only over a prolonged period of time.

    I think that this reveals a far more systematic weakness in modern, highly computerized and highly networked weaponry than the military has been willing to admit before; let us hope that they do not ignore the very pressing need for qualitatively new forms of defense by appealing to arguments such as tactical inapplicability.

  • by Anonymous Coward
    ...Hemos in charge of military weaponry. I hope Natalie Portman lives inside a fortress of some kind!
  • Unfortunately, I feel that I have to post this as an AC.

    Here is the real story of how an Air Force officer "controlled a Navy warship remotely".

    The Air Force Officer in question (lets call him Fred) was at a Joint (meaning all armed services were involved, Army, Navy, et al) Interoperability demonstration in the Boston area. His resaon for being at the demonstration was to perform live penetration attempts on DoD computer systems for any of the high-ranking officers who might stop by their booth. Fred's computer was connected to a worldwide command and control (C2) network which was NOT connected to the internet, so he could potentially hack into C2 systems worldwide.

    One day, a Navy Lt Commander (O-5) stopped by the booth. He asked Fred if it was possible to break into computers on board deployed Navy ships. Fred told him that it was quite possible. The Commander then asked Fred to try to penetrate the computers on board his ship, which was deployed in the Mediterranean. Fred, assuming the Commander had the authority to make this request, agreed to do so.

    Fred broke into the systems quite easily, and the Commander was duly impressed. But the story doesn't stop there! Once the Navy senior leadership found out that an Air Force officer had broken into an operational Navy system, all hell broke loose. The Navy wanted to crucify Fred, but he had simply been following the orders of the Lt Commander. The Lt Cmdr, however, did get crucified.

    So, the reality of the situation was:

    - The Navy ship was NOT accessed from a hotel room

    - The Navy ship was NOT access from the Internet
  • by Anonymous Coward
    This is *so* not funny. Sig11 must definitely moderate himself up. Especially since no real moderator ever reads up to post #68. Sig11 is a karma whore.
  • by Anonymous Coward
    I proved this some months back. As a clinical psychiatrist, I would love to examine "Signal 11". I am very interested in what would motivate someone to create multiple logins and generate enough posting history to garner enough karma to give him the opportunity to moderate his own posts. I imagine he is a sad little person living in his grandma's basement, periodically sodomizing his young nephew.
  • I can't believe the Government would let their remote controlled vehicle system be hooked up to the internet.

    Indeed. Imagine what a well-placed tfn/trinoo DDoS could do to in a critical situation!

  • If I recall correctly, and F-14 is not a fly by wire aircraft. Kinda hard to take over that by remote control. :)
  • I didn't mention any details you couldn't get off of FAS.org ... :-)
  • It would be even harder to take over by remote control seeing as how the "wires" only connect to the stick and pedals in the cockpit. How are you going to hack that?
  • The military wants to control their systems where ever they are. That is why they have these problems. Think the general says to to soldier turn left The general see that he is turing right the general will make him turn left. It is designed to take control from the outside so it is possible that can take that control if they want to. It is all about design my friends.

    http://theotherside.com/dvd/ [theotherside.com]
  • by Signal 11 ( 7608 )

    wopr:~# _

  • This reminds me of a movie...

    Lieutenant Saavik!
    Quick! Punch up the Reliant's command console...
    Now, order the Reliant to lower it's shields.

    FIRE!!!!!! (kaboom)

    You did it, Captian!

    I DID NOTHING! All I did was get caught with my britches down.

  • While I might believe a compromise of a ship computing system -- ships like carriers are floating cities, after all, with huge infrastructures, lots of computers, and multiple nuclear reactors -- even high tech aircraft have a clear separation in their design between avionics and the controls, even if the vehicle is fly-by-wire. One of the most automated designs considered in recent decades was the Army's LHX helo. It cut its funding cut badly, but pilots have this Thing about handing over too much control to the boxes, even if there are compelling cases to be made that letting the boxes control would improve survivability. I strongly suspect the electronics in tanks serve a communications and advisory capacity. Besides, doctrine says that, eg, option to fire or engage always requires a human decision. Now, some of the FSU aircraft are, indeed, capable of being flow from the ground, although with collapse of infrastructure and desire to sell to the international market for currency, the manufacturers have recently made them more independent. So, my assessment is this is a military "wolf cry" on a theme of current concern to extract more funds for pet projects from the public using the military's accomplices, the Congress.
  • The M-1 Abrams is a 4 person tank if I remember, so bring your friends over if you want to go fully nutz in the proper military approved fashion.

    Is OpenSSH standard on the Abrams yet?
  • All the military needs to do is use lax security all over the armed forces, and then get strict laws passed with heavy jail-terms for any country that tries to break in. That should do the trick, and it is already in line with the methods the rest of the government has been using.
  • This sort of story [niu.edu] has been flitting through the press for years. A slightly new spin though, at least they are starting to get a little inventive. :) It is not going to happen. You cannot telnet to navigation.uss-cybersub.mil and take control of a nuclear sub. These systems are not connected to public networks. I am not particularly knowledgeable about what they use, but my guess is HEAVILY encrypted satelite transmission. So you basically need to hi-jack a satelite, break the governments encryption, hope they aren't using some obscure ass language :), fake some command orders, and hope that the commander of the unit is generally clueless and doesn't ask the superiors why they are suddenly attacking Canada. Not exactly something a script-kiddie is going to be able to do.
  • Yeah, I just got out of the Military about a year ago and some of this stuff is just funny (well not really). The system we had ran on SunOS 4.1.3 on new(! in 1997 !) SPARCStation 20s. You weren't supposed to be able to get a command shell but oclock was in your startup, just set an alarm and set xterm as the program to run when the alarm goes off, viola! I never tried to get root, although I could have used it a few time instead of trying to work with tech support when something went awry, there were a few known security vulnerabilities, like in tooltalk, that probably never got fixed (in 1999!)
  • Amen to that, the Weather software I used, AWDS (Automated Weather Distribution System), was very ugly and crufty (and no hope of Y2K compliance, I hope they aren't still trying to use it). It was designed in the '80s but never funded or fielded untill the '90s, but they didn't update their hardware or software specs so people got 10 year old technology at 10 year old prices (remember how much that 40MB HDD cost 15 years ago). It ran on a "Barco Chromatics" machine running what appeared to be a Unix variant (never heard of them, but at least we were able to cannablize the SCSI drives for our 386 desktop machines (in 1997!))

    Many of the features didn't work, or were too slow, it had much that was tailored to the Meterologist (ability to define some custom algorythms and do interesting data analysis (LGGs)) but were pretty useless to the work-a-day Forecaster and the features that would have helped were incomplete or broken (useless satellite images, poor/late vector charts from Global Weather, etc.)

    They've been patching this system for many, many years and have almost got it useable but because it doesn't even have a hope of Y2K compliance they have to scrap it. Of course when I left last May the next system appeared to still be in the planning stages, without any code actually written. Well they were going to move everything to the WWW, I hope it worked out for them.

  • There is some reason why they don't encourage Novell and MS trained admins, because they can easily leave for a higher paying, less stress job outside the Military. Where I worked sysadmin tasks fell squarely on the local users, computer admin support was disruptive to non-existant. The local users were supposed to manage their own server so at one point they paid for someone to go to Novell training (the users main job was Air Traffic Control, IIRC, which he still had to pull shifts for and stay certified in.) A couple of months later he left for a much, much higher paying job ($50K+ as opposed to $20-30K in service) and left a half configured Novell server behind that no one knew how to use. When I got there people weren't sharing files at all and using MS Networks for file and print (or sneakernet) because they didn't know how to use the server (setup print queues, etc. anything more than adding and removing users from NWAdmin was too much) I created directories for my users, edited the container logon script to map drives, setup printers on JetDirect, etc. but what a pain.

    They are "upgrading" to a NT system because they think that it will be "easier to use", of course they are just fooling themselves. Where I currently work we use Novell and ZENWorks to manage Windows workstations and there isn't anything better or easier to use, it just requires a little elbow grease. For managing Windows workstations Novell is the best thing going (even if NetWare OS is crufty and really only good for file/print duty)

  • Ever seen the police force try to stop a tank?

    Cop: Look at that guy go.
    By stander: Yea, but there went my car!
  • I would have though that with military tech. being, what, 5 years or more in advance of what we civilians get they would be using multiple signal, spread spectrum, 2GB encryption keys and a slew of other technologies that make it at least infeasable to try and crack.

    Alas, this isn't really the case anymore. Most military areospace computer technology is quite primitive by civilian standards. The problem is mainly radiation hardened electronic components. The highest end RAD-hardened CPU at the moment is a 486-ish device. Work to get a hardened pentium in production has faltered recently. Basically it just doesn't make any financial sense for any IC manufacturers to go through the trouble of developing these devices when they have such a limited market.

  • You are responsible for what your code does.

    I am?

    If you wrote a chemistry book which explained what nitrates are and someone went and used that knowledge to build an ammonium nitrate bomb and blew up a grade school, would you feel responsible?

    I won't even go into the bit about Hussein and the chances of him (or anyone like him) following the GPL.......

  • Whoops - I didn't mean to Anonymous Coward that. I'll stand by my statements publicly. Yonatan Zunger
  • After reading some comments, I also came up with something else that could be just as deadly---

    causing the ship/tank/plane to lose connectivity with the controller. I'm sure they may program in some generic routines for self defense/keep alive techniques, but maybe that would give "the enemy" enough of an advantage to destroy everything that is remotely controlled....

    I think that would almost be more dangerous to us if the enemies figure out how to cut communications. As in traditional war, communication is key, and with big hefty robots, while there is no human factor at that point, I'm sure some government big wig will get pissed if they lose a few billion dollars worth of planes. :)
  • Doesn't matter, in an M1A1 that's only about enough to turn around.
  • It depends whether the intruder is merely breaking in or is improving the system once inside. The hard part is getting the commander to actually add the new documentation from the navigation printer to the system manuals...
  • Let's not forget David's Sling [amazon.com], featuring self-controlled weapons with remote links. The focus is on development and use of the weapons, not network attacks.
  • Hacker-controlled tanks, planes and warships?

    Not likely. Doing so would require specialized and intimate knowledge of the system(s) in question. This would mean actually having worked with the system(s) or working for the contractor which built them.

    It would also require physical access or having a close proximity to these system(s). This is NOT something that Joe Hacker could do from his home.

    It's possible a disgruntal contractor or military person could pass information to a hostile government. Even then, the chances of the system(s) being remotely hacked is not likely. And since all communications are encrypted ( No! The internet does NOT count! ) it would be almost impossible to do.

  • You wouldn't even need any artillery if you could have your enemy's 'smart' weapons chase them home..

    Well, some minor problems with this. First, the purpose of artillery is to sow disruption amongst the enemy and make it difficult for them to mass together for both attacks and defences. 'Smart' weapons could be retargeted to attack the CQs and HQs from the side they came from, but they're not as effective as a nice rolling barrage at instilling terror amongst the soldiers. Perhaps in paralyzing the command and control structures and perhaps pinning down the air forces.

    The other problem is one caused by everyone playing all these nice computer and video games. You keep forgetting that it's not a level playing field. In any given conflict between the US or NATO vs someone else, we are the ones with the 'smart' weapons, or (let's hope) the JATO-assisted dumb bombs (way cheaper). So almost any hack is going to be used against us, not against them.

  • Why, if the Army really thinks this could happen, would they advertise it?

    Maybe they realize that the real security experts don't work for them. Or maybe they've clued in that it's cheaper to have /. do the security threat analysis and brainstorming for them, at no cost to the taxpayer.

    Or, it could just be that they got a batch of bad circuit boards for some mil hardware forced on them by some Senator from New Jersey that they can't replace, and they're trying to innocculate themselves against the inevitable failure during combat when the weapons fire against friendlies.

  • I've seen stuff on remote jeeps too, massively armored little boxes with cameras for scouting.

    Yeah, those are wierd dohickeys. Now we're talking ... maybe you could hack that baby, and run over some guys in their rucks or at least move at high speed into an ammo dump. Probably more effective to use it for the camera intel though.

    Totally Skynet if they wire some attack capable vehicle though ...

  • Yes, it is the same thing. Just with a different method of access.

    Maybe the next Bond movie will be about 007 hacking his way into some foreign army's attempt at world domination. And subverting it with misdirection and false orders via signals.

  • You mean like the Chinese Embassy bombing in Belgrade?

    How do you know that wasn't a hack?

  • ..but since when to are tanks, planes and warships unmanned?

    Actually, those cool drone planes are unmanned. No payload, but a nice camera and all that.

    I guess you could intentionally crash it into another plane or do a top-down crash into a tank. But it's probably better used for taking on a joyride to a fuel dump.

  • You're referring to the "must accept any interference recieved" clause, right? I always thought that just meant that the device couldn't bitch about other devices bothering it.

  • Most missiles (obviously unmanned) can be partially remote controlled. One could change the target or just tell it to blow up at will. Detonating an ICBM a few seconds after firing would be rather messy.
  • I want to play Command And Conquer with real tanks, just to get access to auxillary weapons....Why use a gunboat when I can get my hands on a cruiser? Take THAT, Noddies!:) Or alternatively, I think an Abrams would be sufficient to silence your neighbor's aggravating dog.
  • Having used the Wind River Real Time OS Tornado, I have to say it is far superior to Linux in terms of memory allocation, multi-threading, and real-time applications. A bit buggy on the SLIP implementation, though.

    Of course, XFree86 *really* sucks on it...
  • Not only that... but there's a LOT lower political cost to losing a unmanned vehicle versus a manned one. The U.S. leadership tends to be *very* skittish about (U.S.) casualties, and if DARPA and friends develop better unmanned devices, it'll help avoid that issue.

    And, it's hard to interrogate a machine for battle plans, as long as it doesn't store that information. Could be useful when going up against forces that don't exactly respect the Geneva Conventions.
  • Yeah. I was thinking that, if, say, radio were the method, then jamming might be a problem in the case of non-autonomous vehicles. Particularly if it allowed one to capture a unit intact, and there was anything that could be useful to the enemy, like recent Stealth technology.

    If memory serves, there's been work here at Carnegie Mellon that's at least partly involved with some helicopter-ish drone, that can autonomously fly 'bout and land. So they're not completely clueless 'bout the issue.
  • Sounds good. Then sit back and wait for the TLAM-N's to come from the nearest carrier and blow your country to hell. This is the joy of carrier battle groups. The fight will be brought immediately to your home turf. Even if you used nonnuclear EMPs, you would still be seeing a lot of Tomahawks flying into your country with conventional, cluster, and non-nuc-EMP warheads. If we shot 200-odd at Osama Bin Laden to get the press off the Lewinsky thing, imagine what we'd do if someone REALLY pissed us off. You forget the old military equation. Infantry + cluster munitions = pink mist. To engage ground troops in any meaningful way is to provoke the wrath of offshore fleets, falling squarely into the "bad things" category. Not to mention the fact that these chaff-dropping bombers would have to stay airborne for, oh, say 10 minutes, which is hard to do with F-14's and Phoenix missiles "all up in" your airspace.

    And where's this "crippled" argument coming from? (Soldier + M16 + GPS) - GPS = perfectly capable of performing.
  • And if you could write a SCRIPT, for the kiddies to use to do this, that would of course be:
    Auto Grand Theft Auto.
  • It might help if they stopped insisting on running their systems with NT.....

  • What makes you so sure this is all so James Bond high tech? Get with the program, computers are easy, people are hard.

  • Somebody should send the Pentagon a copy of the Security HOWTO for Linux. One of the first things discussed is, "Don't assume they won't find you. Don't assume they won't look. Don't assume they won't find your weakness." (My wording.)
  • this type of thing is really scary... I mean giving a government a BFG is one thing, some cracker gaining access to that BFG is another thing entirely.

    I would much rather have someone hack into my automated home system and put my coffee maker on the fritz than have a tank drive through my living room.

  • Talking about Hacking Through Air, have you read the FCC regualtions carefully?

    In effect, they say that the device must not protect itself against external interference and/or probing.

    This also reminds me of the NSA's "Clipper Chip". I wonder if the military will be using *those*.
  • > like corporate America, is starting to have trouble finding people able to run the things they need run.

    They are having trouble finding people at the wages they want to pay. Its not 'they are having trouble finding people.'
  • Good point, it used to be that commercial equipment borrowed from old military design elements. There was always a healthy lag before any products that could possibly effect military performance were released to the public access.

    Now with military spending programs looking for ways to cut back on costs by using "commercial where available" products there is a probability that damaging information could be gleaned from corporate databases.
  • This sounds to much like Y2K to me, really. Nothing happened, someone got disapointed that technology did not end the world.

    So now its, "Well would if 'hackers' (Crackers) break into our systems and blow everyone up."
    Good thing there is no time table to disprove this one. Can't wait for the new anti-craker-terrorism laws....
  • Now all they have to do is make a hovertank and I will finally be able to put all those hours of practice to good use!

    Seriously, tho this is scary as hell. I sure hope the nukes still require a couple of keys to be turned.

  • He ran out of gas.
  • Uh, no. That would be almost as bad as running on NT. Unless you happen to have a realtime, fully rudendant, fail-safe, ultra secure version of Linux in your pocket. No, I thought not. I like Linux as much as the next hack, I also like SunOs and FreeBSD but I would never run a milatary app on any of those os's. If you want to see a Mil-grade os check out the fellos at Wind River [windriver.com] not that they are perfect and I would not want to run a word prosseser that runs under ther stuff but If I wher to try to control a flying robot that could blast the hell out of a city I might consiter them.

    And yes I know that I have bad spelling!!!
  • The ECDIS (Electronic Charting Display and Informatino System) on board all the big US Navy ships. Talk about the Blue Screen Of Death (BSOD).
  • (null)

  • Hmm...If this isn't a good enough reason to ditch NT and use linux or MAC os, I don't know any other...
  • It sounds like you should've got a bonus, instead of getting fired. These guys can't take security very seriously. I'd love to see US bombed by its own airplanes. Stupidity deserves its fate.

    - Steeltoe

    What do you do today to limit yourself?
  • I do believe that the U.S. Army has in fact been experimenting with armed and unmaned combat drones for some aerial attacks Cryptacool
  • Ah yes. Because you'll be quite safe in Zimbabwe, high-tech mecca that it is. Oops, is that a cracker-controlled ICBM coming in?
  • This could seriously put American soldiers at risk and with a President like Clinton that doesn't care about the military, it will take a republican or reform party president to fix this. Clinton would only fix it if it was reported that you could shoot off icbm's like bottle rockets. For those between 18 and 25 reading /. don't say "well I'm not goin in the military, this doesn't affect me" because it does. With Tawain and China moving closer to war every day, so do we. We are bound by treaty to enter any war between Tawain and China on Tawain's side. Also think of it like this, suppose a cracker knocks out the guidance systems on a F15 squadron and they crash into a neighborhood or business district and kill a bunch of people. We don't need more laws as the crackers will just laugh at those.
  • Just do what some guy did here (Perth, Western Australia) a few years ago.

    Just walk into the army barracks, drive out in a tank, drive it up the main freeway towards the city etc

    Just be sure to learn to secure the hatch properly. This guy didnt, and ended up with a smoke grenade in his lap...

  • Well, some of the newer things the military has been playing with involved unmanned, remote controlled weaponry. Removing the remote-control interface would most likely make these weapons less effective.
  • I believe the NIC will not link up without the transmit pair connected, but you can use the AUI port and take out a certain pin. That will remove all transmition ability from the NIC, but still allow it to link up and recieve.

    I think I read this on the l0pht site somewhere.

  • Anyone remember that alleged nsa key that Microsoft put into windows? I wonder how the army would feel about that.
  • Okay, so it wasn't controlled remotely, but a few years ago an Marine reservist did drive away with a tank in San Diego. As I recall, the police just followed him until he got hung up on the center divider of the highway.
  • These "Army Officials" should start thinking closed-circuit computer aided human interfaces and quit thinking that everything can be controlled via remote-control..

    Got 80,000 feet of wire hanging off the back of that F-117?

    Actually a sit-in virtual station that relays the aircraft's environment back to you and makes you feel like you're there *is* a good idea. Besides protecting the pilot's life, the pilot can also do 20G air maneuvers that would kill a human being (9Gs max). The fighter plane could be used to maximum efficiency (unlike now) where the human is the limiting performance factor.

  • by Anonymous Coward
    So I'm sitting at home the other day, flying an stealth...when the FBI comes knocking at my door...so I answer (first stupid move) and they say, so we hear you have a stealth bomber under your control...I say and....you like your house...so they left...came back with a buch of ATF agents...saying something about what I was doing wrong...they didn't like my comment about who's tax dollars paid for this...jerks
  • I like the bit in Hacker Crackdown [eff.org] about a h/cracker with the exaggerated reputation of being able to launch WWIII from a pay fone.... :)
  • Gee... just think what could have happened if the nutty little gamers behind the Columbine atrocity had gotten their hands on some *serious* weapontry.

    Seems to me that it's the big boys in office playing their video games that might be the *real* threat in the years to come...
  • The military needs more money to shoot people with. The reason this crap is being addressed now is because the military is moving into a generation of unmanned vehicles as many have already pointed out. They're also making soldiers increasingly electronic from night vision to GPS systems. If someone can hack (crack) into an army's eletronic (C4 infrastructure) they can control the army. I see the "21st century soldier" stuff and just laugh. Instead of making soldiers more independant technology makes them more dependant on a base of operations. The digital soldier's effectiveness only lasts as long as his (her) battery. Eletronic toys will also have to be heavily protected from the environment which adds to their weight and bulkiness. After a while soldiers will be entirely dependant on technology for mobility and survival in the field. Want to cripple a ground unit? Fly over them with bombers releasing lightweight radio reflective chaff with small amounts of radio static causing isotopes. A cheap and easy way to keep your enemies from phoning home. Want to get more complex? Arm your army with a bunch of HERF guns and lay waste to your electronic opponents. The US military's vision of fighting in the future is fundamentally flawed, radio reflective chaff and HERF guns are cheap, with a little bit of cash and know-how you can build some low yield nuclear bombs. You don't use them to obliderate cities, you shoot them up into the ionosphere and detonate them to create one whammy of an EMP. Keep IT Simple Stupid.
  • Speaking of PC Anywhere, I got the funniest thing in the mail the other day. It was a typical "Free ISP for newbies" CD, with a long list of included software (mostly demos) on the back. The first item on the list, in bold type, was... PC Anywhere. It struck me that distributing such a widely-known vulnerability to the typical audience of this sort of CD is, well, a little reckless.

    Hmmm... I guess it was funnier at the time. Oh well.

  • "Yes it's my gun, but *I* didn't shoot him! This 8 year old friend of my kids did!"

    Your analogy is invalid. A gun is final hardware. Source code is information. A correct analogy would be: "Yes, those are plans for my nail gun, but I didn't shoot him..."

    "Yes I wrote SATAN, but *I* didn't crack those root nameservers and bring down the net! That evil script kiddie did!"

    What tools do you use to secure your machines? SATAN and tools like it are the only reason those root nameservers are still operating.

    Just keep on blaming everyone else for what they do with your creations, but someday, you won't be able to pass the buck.

    Do you really see no difference between raw information and the intent behind how it is used? Perhaps fire-making knowledge should be hidden, since after all, thats how arsonists burn down buildings...never mind all the other people who will freeze to death.

  • Well, anyhow, what I can talk about and is unclassified is that most of the military communications formats are encrypted, jamproof and in many ways just really dang hard to deal with. There are two exceptions. One of them is used to control airplanes remotely (usually for Automatic Takeoff and Landing, for carriers). It's not encrypted. Granted, the format of these communications isn't something the average joe can get a hold of easily. And there's probably a way for a pilot to shut down the communications.

    Can one do arbitrary remote control via that interface? (i.e. any maneouver I want?) First thing after I hijack the control connection, could I pull one of those 20G moves someone mentioned earlier, killing the pilot to prevent him from shutting down?

    How about killing the VTOL engines, and dropping the plane on the deck? Perhaps with the bombs armed?

  • 1. GPS creep might work. Sounds like that Bond movie, though, eh? I'm guessing that might be harder than we think, just because you'd have to trick the receiver into hearing your signal while ignoring the actual signal. A system such as GPS has to have some way of throwing out erroneous data (or admitting that it can't determine a valid result). Now if you knock the satellites out of orbit first, you've got it, but then the all around lack of GPS except when you're spoofing would probably be noticed.

    2. Fake AWACS might be possible if stuff was transmitted unencrypted over non-voice channels. Which sounds unlikely. I think open voice communications is already vulnerable, and non-voice is likely going to be encrypted (there's a real-time encryption system from the NSA, although I forget the name, that's used for voice, surely you could throw it into a cell modem...)

    3. FOF tomfoolery might be possible. Although the other way around, making foes seem friendly, makes more sense. The FOF is a radar transponder system that essentially fiddles with the bounced signal, I'd think in order to change it you'd need physical access to the transponder.

    What it sounds like they are looking at is large systems - computers that provide navigation and systems control for planes and boats, like fly-by-wire. Of course, it does make one wonder what the hell the military would be thinking allowing remote access or control of said computers. I mean, really... I don't know, I think it might be mis-information, getting the "bad guys" (whoever they are this week)to waste time looking at something that is irrelevant.

  • Well ...

    OK, so the example they give is faking the incoming navigation data for a ship. For vessels which depend on downloads of info (such as GPS locators), this might prove useful in that:

    A. one could induce systems creep in a MBT so that the tank thinks it's a few hundred feet away from where it is, especially while on the move. "Charlie, I thought you said we were going 70kph, how come we're 20km closer than we should be?"

    B. one could give false image info for targets beyond local range (e.g. fake data from an AWACS).

    C. one could trick the Friend Or Foe signal data so that friendlies appear to be hostiles.

    None of these sound very promising. And none of them "take control" of the system. Now if someone knows of any buffer overflow exploits with these systems, maybe we're talking a nifty hack; but otherwise, it's just smoke and mirrors.

  • Maybe OT but anyway:

    A 16 year old Danish boy managed for some hours to control the trains on a major switchyard using only knowledge of the switching system and a stolen radio from the train operator.

    He got caught when he by mistake changed the switches so that a high speed passenger train would be led onto the switchyard ! (The Automatic Train Control system set off the alarms)

    The boy is in all respects an ordinary and clever boy with a huge interest for trains and how to operate them. In other words - he is by no means nuts.

    Never the less he could have caused a disaster if the passenger train was so close that the ATC couldn't stop the train fast enough.

    Security is alway an issue with humans!
  • Since when does the USA take their treaties into account? After all.. they are the policemen of the world, those who would protect us from the big bad commies, self-appointed lords of democracy. On one hand, they urge every country to ratify the no-nuclear-weapons-testing document.. but guess who is absent on that list. The US is one of the most hypocritical nations I know. (not necessarily all people in it, before you start flaming me for that)

  • What is stopping the commander in chief from ordering the big toys out to play?
    What is stopping anyone from going to the armory and grabbing the big toys?
    What is stopping the boy with the toy from pointing it at his buddies, rather than downrange?
    What is stopping the makers of the toys from planting 'software bugs'?

    The only reason anyone is caring here is digital is seen as invisible...hard to track.

    The US Military has wanted smarter toys so they can use lesser trained people. The 'threat' expressed in the article is part of the trade off they accepted when they signed the contract.

    Perhaps the military contractors need more money?

  • Taking control of a ship carrying cruise missiles now qualifies as "random harassment".

    I'm gonna get me a script and randomly harass my old High School.


  • someone mentioned that "you'd need to have worked with this stuff to hack it"

    time and time again this has been shown to be blatantly false. People that design systems are not clairvoyant. Interested parties can and do infiltrate and learn about systems that they've never seen before. Reading old phrack articles should leave you quite convinced of this.

    Unmanned military vehicles are no longer an experiment. They are a reality. They were used successfully in the gulf war - in reconassiance roles. However, more traditional aircraft and military systems roles are also being moved to unmanned versions. It is my understanding that the JFX (or is it JSF or JSX ?) is the last planned manned fighter aircraft. Well, this summer they had mated the two halves fo the fuselage. In other words, don't expect too many more manned fighters. Fighter aircraft can already far outperform the limits of their frail human pilots.

    The military is and will continue to use unmanned vehciles in an increasingly aggressive/active fashion. Many current generation missiles are "fire and forget" -- this is software driving the missle to the target once it is released. Commercial airliners already more or less fly themselves. Putting all these peices together is all thats left.

    Someone else mentioned that taking a machine off a public network insured that it would not be hacked. I can't think of a more foolish statement. Systems were getting hacked -- and much more thoroughly than they are today -- long before everyone "had internet". The mentality which says "private network == unhackable" is the mentality that I don't want near _Any_ computer network with sensitive data. VPN's are just a matter of encryption. Isolated LANs invariably have some private dial-in #. Think of this problem in terms of telco stuff. What telco gear do you know of thats hooked up to the net ? Ask yourself how often that stuff gets completely compromised and understood by cajoling teens.

    As far as buffer overruns in military systems, I wouldn't count on it. For instance, the majority of the F-15s software is written in Ada. C typically is _not_ used, and for good reasons.

    The facts are clear. The future of the military is software automation. If people take the attitude that they are doing enough to safeguard their software and networks, then they probably really aren't. Paranoia is the only answer.

  • Highly unlikely scenario....

    nah...you should be more afraid of police dressed
    up in military gear busting down your door and
    shooting you because you moved too fast and
    "they were scared" on the word of a junkie paid
    informant who told them you were running a crack

    (oh wait...that never happens...oops)
  • > Actually, the scenario you describe might be
    > more likely than one might think.

    I know. Actually...with a little looking around
    a few months back I found anice story. Police in
    miami or something paid an informant, who was nice
    and very forthcomming about this nice crack house.

    They came in armed to the teeth...when an old
    lady answered the door, she saw all their guns and
    screamed. He husband herd the scream and came
    rushing out of his bedroom with a gun to save her.

    Needless to say the man was probably dead before
    he realized what was going on (much less before
    he hit the floor). It was a house owned by an old
    retired couple...no crack found.

    Another case police busted into a house looking
    for drugs, chased a man into the bedroom and
    shot him, emptied their clips into him. Coroner
    said that most of the bulletts enterd "at a
    downwards angle through his back" (ie he was
    laying on the floor dead).

    No drugs were found. The man was unarmed. The
    police were not punished.

    So, all in all, I don't think this remote
    controlling military gear is too much of a worry.
    Frankly....there are worst things that should
    keep you up nights.
  • Any information we considered VITAL we do NOT put on a network where any non military personnel can access it.. We have special networks for that kind of stuff, and I can guarantee that the ability to control a TANK will NOT be on Niprnet (what we call the internet)...

    All of our special networks are of course, QUITE encrypted, so good luck if you think you have a chance cracking them...

    -Dextius Alphaeus
  • ...but i just don't buy this at all. Why, if the Army really thinks this could happen, would they advertise it? "Hey, you too can get control of our tanks! Commandeer a APC and take your friends to the Prom in real All-American (tm) style!!!
    It could just be more of the government's "cyber-criminal/terrorist" rhetoric aimed at eroding more people's right to hack. Well, not that there is a right to hack....yet.
    Am I just crazy? Am I placing to little faith in our military? Can you place too little faith in an organization that practices better ways to kill people?
  • Most military computers or systems hooked up to the internet with potentially classified stuff on them have something that say:

    Another thing I think worth mentioning:
    I've seen a lot of posts that talk about the fact that the military wouldn't talk about it if they did have tanks and such hooked up to the internet. This is probably true for the most part. See most squadrons, wings(in the AF, for the Army it's probably battalions, companys etc.) have this neat guy called the PR officer. Basically any public statements or talking to the press is done/authorized by him/her. There are often things that are initially classified info, then de-classified, but aren't released to the press. No officer/enlisted personel are going to say a word, unless the PR gives it the okay. That's the cool thing. If the PR person doesn't say anything about it, no one outside the military would ever know. I've been fortunate enough to hear some 'confidential information not released to CNN' breifings. They were interesting to say the least. I once even heard about a hack that accomplished the next best thing to taking over a vehicle.


  • ...I was reading this and realized, "Hey, that's ME he's talking about."

    Yes...I am a civilian working for the Navy. (I feel like I'm at Defense Contractor's Anonymous...) In fact, I'm with a group of folks responsible for writing the software that is the official NATO test for military communications equipment.

    [aside] Do you have any idea what the NDA for this company looks like? How many NDAs did you sign that said, "If you talk about the wrong things to the wrong people, or even to the right people at the wrong time, or even to the right people, at the right time, but in the wrong place, OR EVEN the right people at the right time at the right place but when that other person didn't Need To Know the information, we'll throw you behind bars with your new "husband" for the next 10 to 15 years!"??? *sigh*)

    Well, anyhow, what I can talk about and is unclassified is that most of the military communications formats are encrypted, jamproof and in many ways just really dang hard to deal with. There are two exceptions. One of them is used to control airplanes remotely (usually for Automatic Takeoff and Landing, for carriers). It's not encrypted. Granted, the format of these communications isn't something the average joe can get a hold of easily. And there's probably a way for a pilot to shut down the communications.

    But the unencrypted nature of this, not to mention the fact that it can be used to control a plane, handled cleverly, could be a risk. It's like the risk in Star Wars..."I've analzyed their attack, sir, and there IS a danger..."

    Hmmm, I seem to have wandered off the point of the post I'm responding to...I know I had something relevant to this post to say...oh yeah, it was this: Even the civilians are underfunded. You'd be amazed at the crap our team here has to dig through. Our solution is that we're always having to reuse old code, rather than hacking an off-the-shelf product. But if you've been on a project where you've tried to reuse code and merely update a system over time, you know how nasty things can get...well, we've been updating the same code pretty much since...1993 or so. Seven years makes code fugly.

    Okay, I'm going to stop now.

  • I have. Gas pumps used to be mechanical. Then they switched over to computerised displays and computer controlled measuring systems that report back to the interior checkout.

    Trouble is they weren't well EMC shielded. So along comes the hacker, with an illegally powerful ham radio.

    He gets halfway through filling and: ZAP! - with luck, the pump will stop registering anymore fuel.

    Before you rush out to try it, it doesn't work very well anymore. The shielding is much better.

    Sure this isn't a software hack, but if it puts a military vehicle out of action it doesn't really matter. Also, theoretically it might in fact be possible to reprogram something remotely (even if the wires to do it have been cut, if you put the right voltages on it, its going to work ;-)

  • by tzanger ( 1575 ) on Tuesday March 21, 2000 @03:04PM (#1185279) Homepage

    I agree with an earlier poster that if you don't want the ability for people to do it remotely, don't put it in there in the first place. This can't be done in all circumstances, of course, but read on.

    I hope to God that the arming circuitry requires some kind of hardwire interface at least for the last stage of final go-ahead for launch.

    I would have though that with military tech. being, what, 5 years or more in advance of what we civilians get they would be using multiple signal, spread spectrum, 2GB encryption keys and a slew of other technologies that make it at least infeasable to try and crack. And yes I do mean for navigation and indeed all subsystems of any kind of military device or even civillian device which has the possibility for far-reaching or deadly effects if such a system were to be compromised.

    <sigh> I guess that's what they mean by "military intelligence".

  • by Audin ( 17719 ) on Tuesday March 21, 2000 @04:24PM (#1185280) Homepage

    B. one could give false image info for targets beyond local range (e.g. fake data from an AWACS).

    This ability can be extremely useful to a country undergoing bombardment.

    One of the main reasons the V-1 and V-2's of WW2 did so little real damage is that the British controlled the german spies in England. They would report slightly altered impact coordinates back to the German launch teams. The end result was that, as the incorrect reports were worked into the targeting, the missile aim points would slowly move away from the city itself and into the surrounding farmland. The British could even tell when the launch crews moved to new sites, as the impact points would snap back to the center of London...

  • by Jason Straight ( 58248 ) on Tuesday March 21, 2000 @02:57PM (#1185281) Homepage
    I've been playing Janes Lonbow a lot lately ;-)
  • by jon_c ( 100593 ) on Tuesday March 21, 2000 @04:17PM (#1185282) Homepage

    No, lets play Thermonuclear Warfare


    3) TROLLS

    ---> 3


    FIRST POST!!!!!

    BSD SUCKS!!!!!



    FIRST POST!!!!!

    BSD SUCKS!!!!!



    FIRST POST!!!!!

    BSD SUCKS!!!!!



  • by Raindeer ( 104129 ) on Tuesday March 21, 2000 @02:57PM (#1185283) Homepage Journal
    "The problem for the enemy is that computer security vulnerabilities will almost certainly prove fleeting and unpredictable," said Pike, adding that such tactics would be nearly impossible to employ beyond the random harassment level.

    Most security problems that I know of are not fleeting, but are resident in the system. So you have a systematic bug in stead of a fleeting and unpredictable. This problem is real and might be a problem, but that is not what i think is meant here.
    So I think that we shouldn't look at the error inside the systems to look at what mister Pike meant. I think that what mister Pike was aiming at is the problem of being able to send a vehicle the wrong data. For that you don't need to access the vehicles systems. You just need to be able to send fake data in such a way that your opponent interprets it as real. Deception in the end is a large part of Warfare.
  • by Gorobei ( 127755 ) on Tuesday March 21, 2000 @04:44PM (#1185284)
    "One character at a time" was an old bug on at least one system (TOPS-20.) The password validation system did a strcmp to check for a password match. You could also get a page fault count on a process. So, you put your trial password across a page boundary with the first character on one page, the rest on the next page. Try each first character in turn until you see a page fault to the rest of the password, shift to two characters on the first page, and repeat until you have the entire password. An elegant attack that reduced the effort from 26^36 to 26*36!
  • by OOGs_apostles ( 165548 ) on Tuesday March 21, 2000 @07:30PM (#1185285)
    oh oh... we worked on some of that hardware and software.

    we were military intel. (please hold the jokes), and the equiment we worked on was *almost* a stand alone network, small server that had a single encrypted data feed from outside.

    the machines were brand new(we were some of the first trained to use them), but were already antiquated. the contractors spent more time working on them than us analysts. and there were so many holes in the gui that it wasnt funny.

    even we, uneducated and unexperienced as we were with unix, were able to find several ways to do interesting stuff. its been too long to tell you the version of solaris running, but was a custom gui, with no command line for non-contractors. somehow, we found that it was easy to create a file with a few commands in it, save as .cshrc, and open a couple windows to execute it... and it didnt take us long to get transferred to another unit.

    the point we were trying to make though, is before we got into trouble, we told the contractor what we could do, we reported everything we did to see if he could stop us. and he could never get the authorization. he tried a few things on his own, but we always found ways to circumvent them.

    now, we query you, what if we had been malicious? or, for that matter, anything other than curious? we never broke anything, and only got root once (did nothing with it, but let the contractor know). granted we were right there, and that makes a difference, but there are many out there whom are much better than we (though we are still learning - not cracking, losing our job was enough to teach us a lesson), and many systems are not so remote.

    just a thought.

  • OK, I can only speak with regards to a fighter aircraft here, but I would guess most everything else will be similar. (knowing how uncle sam operates ...)

    I hope to God that the arming circuitry requires some kind of hardwire interface at least for the last stage of final go-ahead for launch.
    Hell yes!!! I work SMS (stores mgmt system) right now. This is what we do. In order to launch a missile or drop a bomb, the master are switch is required by the hardware to be in the armed position and the weapon release is required by the hardware to be depressed. If either of those interlocks (and a whole mess of software interlocks and other software/hardware interlocks) aren't OK, the missile never comes of the rail. (or isn't ejected)

    I would have though that with military tech. being, what, 5 years or more in advance of what we civilians get they would be using multiple signal, spread spectrum, 2GB encryption keys and a slew of other technologies that make it at least infeasable to try and crack. And yes I do mean for navigation and indeed all subsystems of any kind of military device or even civillian device which has the possibility for far-reaching or deadly effects if such a system were to be compromised.

    The keys aren't THAT big (on the stuff I know about, which isn't all that much since I'm not with the NAV team) but freaking EVERYTHING is encrypted. The JTIDS shared tactical info, the comms, the datalink to your wingman, nav, gps, etc. And yes most of it is spread spectrum. There is a bunch of anti-spoof stuff built into a lot of it as well.

    Basically some cracker hijacking a manned combat vehicle will not happen. Ever. Period. Even if someone got around 1 layer of crypto, they would have more to deal with other stuff. (like the fact that these systems are unbelievably complex, and use some pretty strange hardware.)

    The issue is the new UCAVs. (unmannded combat air vehicles) These could be hijacked somehow if the crypto on the link was broken. These are not gonna be deployed for quite some time, and I'm sure the link encryption will be heavy duty. (I would guess to the point of requiring dedicated proprietary hardware on both ends. that's just a guess based on past experience however.)

  • by drix ( 4602 ) on Tuesday March 21, 2000 @03:26PM (#1185287) Homepage
    That was my thinking. I know a lot of competent and disciplined people who served in the military. More like, most of the competent and disciplined people I know were in the armed forces or something like it. Especially with a well defined chain of command and rigid oversight, I just don't think that they are capable of creating such a comedy of errors. Okay - it's stupid enough to hook all your tanks up to the internet. I don't buy it, but let's say it happened. But then would they really go out and advertise this to the world? Of course not. This is the government! Master of masters when it comes to coverups and hushing a sensitive situation. I think this is more a product of sensational reporting than of stupidity on the part of the Army.

  • You will find, that for most "sensitive and mission critical" operations (that does cover a lot with the military, but not most of their PC LANs), they use the tried-and-true "air gap" firewall: They simply don't connect the internal systems to any external systems. You can't attack what you can't talk to.

    Now, the Navy seems to be having trouble with their "smart" ships, but so far, their track record there isn't too hot (remember the whole NT debacle?). That whole program seems to be more like some Star Trek fan's wet dream then your "standard", ultra-paranoid military project. I can only hope it is the exception and not the rule.

    You will find the military is very strict with regards to what you connect to what, how you can connect it, and how you have to protect it and shield it. And with good reason.

    If you've got a PC with classified data on it, then the entire system is classified. Including the keyboard and monitor. (No, I'm not making that up. I've seen many Air Force PCs with red "SECRET" stickers on the keyboard and monitor.)

    If you so much as put a floppy disk in the drive and take it back out, that floppy is now classified as well. You also cannot connect just any hardware to the system; you need to make sure everything is properly shielded for EMSEC (emissions security; what used to be called TEMPEST). This applies all the way down to serial cables connecting to external SDDs (Secure Data Devices).

    I'm fairly confident this article is pointing out exceptions in design policy to ensure that the exceptions do not become the norm.
  • by Weezul ( 52464 ) on Tuesday March 21, 2000 @03:45PM (#1185289)
    In related news the Cult of the Dead Cow announced that they were buying the makers of popular remote administration program PC Anyware.

    Members were reported as saing "We have cought a lot of flack for hackers who write remote administration software. This has allowed inferior products like PC Anyware to take some of our market. This merger is benifitial to both PC Anyware and Back Orafice. It will provide PC Anyware customers with the more powerful Back Orafice which has a better interface, plugin support, more portable clients, and is open source. Back Orafice will recieve use of the PC Anyware name which should allow more companies to use the product officially."

    The U.S. millitary seems happy about the merger. They reported that they have had security and preformance problems related to their new PC Anyware / NT driven missles. "Back Orafice's encrypted connections and higher preformance are exactly what we were lookng for in a remote administratin product and the Butt Plugs feature offers a better interface to specialised hardware then PC Anyware could" the report said. The repost went on to say that Back Orafice's interface looked cryptic and difficult when the product was first considered, but apperently a large portion of recruting age males recieve training in the use of Back Orafice from their High Schools and this is expected to offset any difficulties encountered.

  • by bailpossum ( 87980 ) on Tuesday March 21, 2000 @02:58PM (#1185290)
    It is somewhat particularly troubling indeed. The US Military as a whole is farming most of their computer programming out to civillian contractors these days. For example, I believe the Navy has most of the software for their ballistic missle submarines done by GTE. (These are the same folks that use NT4.0 for navigation and damage control routines on Aegis missle cruisers, which have failed more than once, leaving a billion dollar vessle dead in the water)

    As opposed to the USAF, which just barely does most of their work in house.

    At anyrate, talk to a military programmer, and they'll admitt that quality control can be iffy, budgets are short, and the Brass is always looking for a way to trim budgets. Even if it means going with an off the shelf product, hacked and crammed into working by only one or two enlisted men, who leave a few months later for higher paying civillian jobs.

    And now the Military is looking at things like fully autonomous combat vehicles. The next US Army MainBattleTank, in later versions will operate autonomously, Both the Navy and Airforce hope to fly UCAV (unmanned combat air vehicles) that for a large part operate autonomously, if not fully.
    Hackability of these systems may not be practical, many of them will operate without external data connections, being solid systems.
    What is my concern more than anything, is that these systems need their software to perform at all, and the trend at cutting corners, and having a shrinking qualified personnell base, is what the Military is really in danger of.
  • by adpowers ( 153922 ) on Tuesday March 21, 2000 @02:54PM (#1185291)
    Sounds like the military wants to be able to blame someone when they attack unprovoked.

    Taiwan: Why did you attack us!!!
    US: Wasn't us, someone must have hacked into our computers and done it.

    Later that day

    US: *snicker* fools

Nothing succeeds like the appearance of success. -- Christopher Lascl