Archive for December, 2009

I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.

According to the Wall Street Journal, Department of Defense officials knew about this vulnerability back in 2004 when the possible risk of Russian or Chinese signal compromise came up.  While the DoD officials thought it possible that nation-state actors could do this, they vastly underestimated Iraqi insurgents.

My favorite quote from the article:

Officers at the time weren’t concerned about adversaries intercepting the signals in Iraq or Afghanistan because drones weren’t yet common there and militants weren’t thought to be technically sophisticated.

The underlined emphasis is mine.

Helloooo!  Anyone see an obvious need for encryption?  Now we learn that the Dod is working on encrypting video feeds from Predators, Reapers & Ravens, in Iraq and Afghanistan.  Sure, an added layer of encryption will slow the feed speed down an bit, thus increasing latency, but to think that the enemy isn’t sophisticated enough, so why bother is flat-out naive and borderline stupid.

Once upon a time, none of us knew about IEDs.  That unsophisticated enemy adapted pretty quickly, forcing our troops to adapt in return;  despite cell phone jammers, etc., the enemy still uses IEDs,  all too often to horrible effect.

So why on Earth wouldn’t you want to deny any real-time situational intelligence you have from your adversary?  This is basic Poker 101 ~ don’t let ’em see your cards…

The DoD argument is that encryption is complex and there are all sorts of signals, lots to do, etc.,  They say that now the drone video feeds are encrypted, but other video feeds such as the Remotely Operated Video Enhanced Receiver ( Rover) and the Scan Eagle drone still aren’t encrypted.

Cryptography means ‘Hidden Writing’ in Greek (kryptos, “hidden, secret”; and γράφω, gráphō,).  At the risk of an obvious Bad Pun, given the prior military use of cryptography from ancient Sparta forward, and in particular, during WWII in conjunction with the Brits, it’s Enigmatic why this happened.

A classic Epic Fail.  Shock & Awe indeed…


Read Full Post »

O Botnet, Where Art Thou? Yes, like an Odyssey worthy of Homer or a George Clooney movie, the saga of the Conficker botnet continues.  The Most Excellent folks at Shadowserver have posted an update today.

While Conficker fell off the media radar, Shadowserver has been following it:

  • “As recently as late October 2009, the number of systems infected with the A+B+C variants topped seven million.”
  • “Currently, there are over 12,000 ASN’s that have at least one Conficker IP in their network space.”
  • The Conficker stats and charts page can be found here: http://www.shadowserver.org/wiki/pmwiki.php/Stats/Conficker

Like the Bogey Man and the Monster Under the Bed, we Know it’s There, but what is It Doing?  One thing the data shows is that overall, its presence is dropping, its previous  high was6.5 Million, estimated in October 2009 at 7 Million, and now declining, thanks largely to serious eradication efforts, including ongoing domain registration by the Conficker Working Group.

A very interesting piece on SearchSecurity.com brings us up-to-date on the hunt for the Conficker authors.  The article quotes Mikko Hyppönen from F-Secure speaking about how the worm’s authors used the MD6 cryptographic hash to sign the worm, including updating the hash after an MD6 weakness was found.  Also, the worm was able to work-around disabled Autoplay initiated on Windows systems.

The counter-attacks by security researchers will influence botnet developers as they morph their capabilities and attack surfaces in response.  While Conficker seems to be contained and has become the inverse of Top of Mind, you should still Pay Attention, just because…

Peace & Love Y’all!

Read Full Post »