Le 8 mars dernier, Jeffrey Carr (*), fondateur de la société de sécurité rapprochée Taïa Global (**) intervenait depuis Seattle dans le cadre de la conférence Stuxnet organisée par NanoJV à l’Atelier BNP-Paribas (voir ici). Dans l’analyse qui suit, en ligne sur son blog, Jeffrey Carr donne 4 bonnes raisons pour lesquelles l’Iran pourrait avoir réussi le hacking du drone furtif RQ 170.
Il confirme l’intense activité de cyberespionnage sur les fréquences de commande et contrôle des drones, rappelle justement la découverte de logiciels malveillants sur la base US de Creech spécialisée dans le pilotage des drones à distance , et met en exergue les capacités cybernétiques de l’Iran (et sa volonté de revanche) boostées par l’attaque Stuxnet. Jeffrey Carr parle d’une alerte très sérieuse pour l’Air Force américaine…
Lire toute la saga du RQ170 ici.
"On December 4th, the Iranian FARS news agency announced that the electronic warfare group of the Iranian military took over the operations of a very sophisticated, un-manned RQ170 Stealth Sentinel drone along the border between Afghanistan and Iran.
NATO acknowledged that operators lost control of a drone in that area one week ago but that doesn’t necessarily mean that Iran was responsible. Iran has lied about drone captures before and they may be lying this time, but there are at least four good reasons why they may have succeeded.
1] Through my company’s work in this area, I know that Un-manned Aerial Vehicle (UAV) technology is actively being targeted and acquired via acts of cyber-espionage. This includes research in the Narrowband spectrum which is how UAVs receive their commands.
2] It’s not enough to know that Narrowband technology is used. An adversary would need to know the specific frequency in order to assume control of the vehicle. That obstacle may have been solved in October with the discovery of “credential-stealing” malware infecting the Ground Control Stations at Creech AFB.
If the UAV operators (or pilots) entered the narrowband frequencies used to control their drones on a keyboard, and that keyboard was infected with a keylogger, that information would be captured and delivered to a command and control server and then collected by whomever was responsible for the attack.
3] The RQ170 Stealth Sentinel along with the Reaper and Predator drones are all operated by pilots manning ground control stations at Creech AFB. The Air Force has not been forthcoming with details of the malware attack nor its remediation and the information that it has provided has been vague and misleading.
4] Thanks to Stuxnet, Iran is spending a lot of money to ramp up its cyber warfare capabilities, and it’s highly motivated to obtain some "get-back" against the U.S. since it believes that the U.S. and possibly Israel are responsible for the Stuxnet attack.
No one will know for sure if Iran successfully launched a cyber attack against “The Beast of Kandahar” (as the RQ170 is called) unless Iran presents proof, but its intent to do so is real; the theft of related technology is real; the lapse in cyber-security at Creech AFB was very real and the Air Force would be well-advised to take this threat seriously and re-evaluate the vulnerabilities that exist today in its UAV fleet".
(*) Jeffrey Carr , fondateur et PDG de la société de sécurité Taïa Global Inc, est aussi l’un des spécialistes en cyber intelligence les plus respectés aux États-Unis. Son expertise porte notamment sur les cyber guerres et les attaques informatiques contre les gouvernements et les infrastructures vitales. Il est consulté régulièrement par les agences gouvernementales américaines et alliées au sujet des cyber stratégies russes et chinoises. Son livre best seller «Inside Cyber Warfare» a été préfacé par le patron de l’US Strategic Command.
(**) La société de sécurité Taïa Global est spécialisée dans l’escorte à l’étranger de personnalités du Forbes 2000. Taïa Global propose des services de cyber-protection, d’intelligence opérationnelle, des services d’audit de sécurité et de forensique d’intrusion. “Taia Global, Inc. provides executive cyber protective services, operational intelligence, due diligence investigations and intrusion forensics for Global 2000 companies.”
*
*
*
Publié le 12 décembre 2011
0