Two experienced network security experts are startling the U.S. cyberspace community. Functioning as airborne hackers, they are clearly demonstrating penetration of wireless lines of communication.
Operating a surplus Army target drone as a low-cost proof-of-concept autonomous unmanned aerial vehicle (UAV), the two men are proving that a digital communications Achilles’ heel poses grave challenges for the nation. The drone is equipped with modular cyber attack hardware and software.
Indeed, this airborne hacking capability is emerging in an era where the Defense Department considers information a weapon system. Intercepting and corrupting wireless communications points out serious battlefield vulnerabilities. Moreover, their airborne hacking toolkit effectively disrupts and corrupts wireless network communications.
Michael J. Tassey and Richard Perkins’ cybersecurity experience with Wall Street firms and government agencies, including the intelligence community, helped them develop capabilities that center on attacking, infiltrating and exploiting computer networks, mobile devices and cellular phones. They constructed a modular cyber attack payload consisting of various off-the-shelf components, both in the UAV and on the ground, according to Tassey.
Almost simultaneously, the U.S. Air Force is looking to conduct similar battlefield cyber warfare with unmanned aerial vehicles. The service plans possible cyber operations with follow-ons to the General Atomics-Aeronautical Systems Predator or Reaper UAVs.
Components in Tassey and Perkins’ cyber warfare package are extremely small in volume and weight. They also are available at almost any commercial electronics outlet as well as online. This explosion of open-source hardware and software enables anyone with a few hundred dollars and electronics or cyber expertise to possibly duplicate their concept. Tassey explained that is precisely why they developed this technology – to prove what terrorists, criminals or other enemies might accomplish in infiltrating WiFi networks that wirelessly link electronic devices.
Perkins and Tassey, who served together in the Air Force and subsequently collaborated in the cybersecurity domain, obtained a free surplus Styrofoam target drone, which they still fly. They also bought six additional airframes for $250 each as backups. The Federal Aviation Administration limits the maximum altitude at which they can fly the airborne hacking system to 400 feet above ground level. The ultra quiet UAV is powered by an electric motor and the onboard hacking equipment is battery powered.
They call the airborne system the wireless aerial surveillance platform. Onboard UAV equipment includes an IMSI catcher, an eavesdropping device to intercept cellular phones, usually undetectable by users of mobile phones. Cell phones can also be tricked into routing calls through the drone instead of commercial cell towers.
The aerial cyber package can disable cell phone encryption, or record calls using Voice over Internet Protocol (VoIP), before routing the call to the intended receiver. Using jamming signals, the aircraft’s onboard cyber package can render networks unusable by attacking data providers for as long as the UAV is in the air, Tassey said. Equipped with a 340-million word dictionary, the drone package not only detects wireless networks but also determines passwords.
Perkins and Tassey used an extensive array of test equipment for proof-of-concept demonstration access points adjacent to Scott Air Force Base at a model club flying facility in Belleville, Ill. The signals for the demonstration were powered on the ground to duplicate friendly wireless communications. These off-the-shelf access points are representative of what is available in 802.11 wireless hardware systems. This 802.11 is an international set of standards for implementing wireless local area network (WLAN) computer communications in the 2.4-, 3.6- and 5-GHz frequency bands, Tassey said.
“Think of the drone as a flying laptop. There is actually a Linux-based computer on the UAV, which is actively controlled by operators on the ground. Rather than placing hackers on the ground in a target area, where they might be detected, the drone allows multiple hackers to be anywhere in the world and see whatever the aircraft sees in the electromagnetic spectrum to attack systems on the ground,” Tassey said.
He added that an array of onboard WiFi, Bluetooth and cellular equipment enables network access. The UAV is capable of gaining access to 802.11 wireless networks to gather intelligence, exfiltrate or manipulate data, create rogue servers and services, or cause denial of service.
Focusing on projecting cyber attacks through the aircraft against systems and networks on the ground requires real-time interaction with the payload systems. Sufficient bandwidth is required to upload tools, stream voice and video and forward traffic to the Internet, Tassey explained.
The UAV gains the ability to manipulate Global System for Mobile Communications, or GSM, cellular phone calls and text messaging and allowing control – a change in the UAV threat paradigm. Tassey noted that the UAV is equipped with a pair of 900-megahertz 802.15.4 XBee radios, which provide telemetry and data link. The channels are protected by 128-bit Advanced Encryption Standard (AES), a specification for electronic data adopted by the U.S. government.
Much of the aircraft’s capability relies on performing mathematically complex operations such as cracking passwords and performing brute force attacks against secure wireless computer networks and cellular devices. To enable the aircraft to provide processing-intensive functions and voice backhaul, an off-airframe processing capability has been created, which can reside anywhere on the Internet, Tassey said. This tiny onboard x86-based package for cyber warfare uses the same architecture as a desktop computer and is approximately the size of a cigarette package, weighing about 3 pounds. This equipment costs approximately $2,000 in the marketplace.
This airborne cyber equipment could be packaged to operate in any number of UAVs in the U.S. inventory; however, if the aircraft flies at 30,000 feet, as an example, signal amplification equipment would be necessary, along with antenna modifications. “The chilling result of our efforts it that the worldwide hacker community has developed open source hacking tools that could be put together by a layman without special skills. This vulnerability must be addressed,” Tassey concluded.