Crossroads Blog | CYBER SECURITY LAW AND POLICY

Current Affairs, cyber attack

Did Iran Hijack The ‘Beast’? US Experts Cautious About Bold Claims: The Christian Science Monitor

This is deja vu all over again.  If there has been one constant throughout this entire drone episode, it's that no one expert can agree on anything.

On Dec. 16th, 2011, Mark Clayton reported for the Christian Science Monitor on an Iranian engineer's claim that Iran took control of a US RQ-170 stealth drone by spoofing its GPS signal and tricking it into landing in Iran.  According to the article, US cyberwarfare experts have expressed doubt that Iran did spoof the RQ-170.  The Iranians would have had to accomplish three things in order to bring down the RQ-170:

1)  In order to spoof it, Iran would have had to spot the RQ-170.  And as you can probably guess, the US designed the RQ-170 (a stealth drone) so that it couldn't be spotted.  Moreover, the article notes that Iranian air defense systems aren't top notch, making it more unlikely that they spotted the drone.  One US expert said that spotting the RQ-170 and spoofing it would "almost seem like science fiction."  However, the article also explained that newly acquired Russian jamming technology could have aided the Iranians. 

2)  After spotting the RQ-170, the Iranians would have had to jam the encrypted GPS signal.  This is the most likely of the three steps, as US experts have openly acknowledged the vulnerability of GPS signals to jamming.

3)  Finally, the Iranians would have had to substitute a false GPS signal.  This step, like spotting the drone, is extremely complicated.  I would advise looking at the article to get a better idea of what goes on during this step.  Needless to say, it's very difficult; the Iranians would have had to get around an encrypted NSA signal. 

Taken alone, each step is difficult.  Taken together, the three steps are almost impossible.  That is why US cyberwarfare experts have expressed doubt.

According to the article, cyberwarfare expert James Lewis believes that China or Russia may have a hand in this.  Mr. Lewis explained that the Russians have been aware of GPS deficiencies for a while, and routinely monitor US computer and phone networks (so they would be aware of drone-related problems).  Thus, the Russians could have helped the Iranians, making their claims more likely.  Of course, the Russians helped the Iranians with their nuclear technology, so there is that connection. 

However, the article poses the following question: why give up the technique?  If the Iranians do have the ability to spoof US drones, they would logically keep that technique covered up rather than telling the world.  I'm blanking on the article, but I remember quoting one cyber expert who said that when you have a zero-day exploit or some other sophisticated cyberattack technique, "you leave the Ferrari in the garage."  Here, the Iranians are driving the Ferrari up and down Tehran Blvd. blasting Persian techno music.  If this was a genuine cyberattack, hopefully the Iranian boasting will alert the US to the problem, allowing us to fix it.  Yet, giving the US the opportunity to fix the exploit is the last thing the Iranians would want to do.

Whatever the case, it's clear that no one can be sure what actually happened. 

Again, I really recommend checking out the Christian Science Monitor's article.  They have done fantastic reporting on this entire story.  There is a lot there, and my summary and terrible analogies do not do the article justice.

***

This New York Times article mentions two interesting points: the Iranians will apparently invite reporters and foreign diplomats to check out the drone in the coming weeks, and there was a US Air Force report released in April 2011 acknowledging the GPS vulnerability (the report is in the article).

Leave a Reply