Earlier today, the BBC reported that Iran showed off a downed and completely undamaged US spy drone. Take a look at the footage and you’ll know that the military bullshits you. The other day, their official story was that there was no indication the drone got shot down. Today their official story is that we’re looking at a fake, a model. In other words, Iran went on TV and showed a model for an hour and risked international ridicule if it came out that they showed us all a fake. Sure.
Iran’s military is claiming to have brought down the drone with electronics countermeasures that confused the systems onboard controls. Based on the footage, which shows the machine in pristine shape, it appears to be true. I’m leaning towards the Iranians on this one. You know why? This is because we have a history of atrocious military IT systems.
This is an outright failure of our military IT systems designers and the latest in a series of major military IT screw ups and design flaws. From a Malware breakout that infected Predator firmware to a story that proved that Predators stored and broadcast their vast amount of video footage Unencrypted, we’ve repeatedly shown that we can’t take even basic IT security best practices into account when we’re trying to secure our most advanced military creations. This is completely unacceptable, considering that we are fighting entire wars by remote these days. With this level of incompetence, Iran can throw some script kiddy reverse engineers at attacking the drone and in no time they should have their own fleet of un-piloted war machines flying the unfriendly skies.
Ars Technica has a fantastic article on the astonishing incompetence we’ve shown with our most advanced war machines. It’s called “Predators Use Less Encryption than your TVs.” Here are a few of my favorite quotes from the article:
“The reason that the transmissions could be picked up easily by a cheap satellite recording program? They were broadcast in the clear between the drone and ground control. That’s right—no encryption was used.
Perhaps, you might be thinking to yourself in a mental bid to make the military seem competent here, no one could have suspected this would happen. But they did suspect it, because it had been happening for a decade already. The Wall Street Journal, which broke the story, included this tidbit in its report: “The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The US government has known about the flaw since the US campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.”
Wow. We really thought that nobody would figure this out? That’s right, they’re all just a bunch of bearded morons riding around on goats and exchanging messages via papyrus, right? What a blatant lack of situational awareness. A first year computer science student could figure this out.
The best part is that we have tremendous, publicly available encryption standards, like AES and Blowfish, that would take all of the super computers in the world working around the clock for a 100 years to break. Instead, we secure these things with less forethought than DIRECTV uses to keep you from pirating cable.