Two Drone Questions: How Did Iran Get It? What Will the Damage Be?
As I noted in an update to this post, the US has now admitted that the drone Iran claimed to down is, in fact, one of its new-fangled RQ-170 Sentinels. Sources have admitted anonymously that CIA was using the drone for reconnaissance, implicitly of Iran.
Which leaves a number of questions. First, how did the drone go down?
Marc Ambinder quotes a source suggesting the US lost communications with the drone, after which it glided to land inside Iran.
Controllers lost contact with the prized stealth unmanned aerial drone, the RQ-170 “Sentinel”, last week over western Afghanistan, said one government official who spoke on condition of anonymity. Based on its projected glide path, officials assume it fell just inside the Iranian border.
But as he notes, if it had just lost communication with its controllers, it should have either returned to base or self-destructed.
The story that the drone was not flying over Iran, but flew into it as it came to the ground, is repeated in this CNN piece.
The officials said they did not believe the mission involved flying the aircraft directly over Iran because the reconnaissance capability of the RQ-170 Sentinel drone would allow it to gather information from inside Iran while remaining on the Afghanistan side of the border. The officials also for the first time confirmed to CNN it was an RQ-170 drone that was lost.
A third U.S. official confirmed that when the drone crashed, the United States briefly considered all potential options for retrieving the aircraft or bombing the wreckage, but those ideas were quickly discarded as impractical. There was also satellite surveillance over the site, which helped confirm the location of the wreckage before the Iranians retrieved it.
Of course, the US has reason to want to deny it had violated Iran’s airspace, though I don’t doubt the drone has significant surveillance powers.
In any case, satellite surveillance must be how this anonymous official confirms the drone came down largely intact.
Another U.S. official with access to intelligence said that losing the Sentinel is a major security breach. The official, who was not authorized to publicly speak about the information, wouldn’t say how the drone fell into Iranian hands, but confirmed that the downed drone was largely intact.
“It’s bad — they’ll have everything” in terms of the secret technology in the aircraft, the official said. “And the Chinese or the Russians will have it too.”
Which would seem to rule out some of the speculation of a number of experts quoted by the LAT, who still can’t seem to explain how the drone was brought down intact, but it did not return home (as it would have been programmed to do) or self-destruct. Moon of Alabama offers some thoughts here.
Now, I still think it’s possible–as some of these sources suggest–that this might be an intentional ploy on our part. Though I can’t see doing that with a Sentinel.
Which leads me to a point a few of these sources note. Iran would only be able to make so much use of the drone (aside from politically). It would likely need Russia’s or China’s help to reverse engineer it.
So I wonder: Is it possible that one of the countries everyone agrees would have much more capability to to reverse engineer the technology–Russia and/or China–might have been involved in downing the drone? After all, both are getting fed up with our drive to war against Iran. And, as Ambinder reveals, the event has resulted in the grounding of all the Senintels.
An investigation is under way and the rest of the small fleet of classified UAVs have been grounded. They number less than 10 and are piloted by the 30th Reconnaissance Squadron at Creech Air Force Base in Nevada.
Downing this drone would seem to be useful to Iran in several possible ways. First, the PR victory, particularly if it can refute the American claim the drone wasn’t over Iranian airspace. Next, if it can reverse engineer the stealthy and communications technology, probably with help, it can cut into American advantage on drone technology. It seems that downing the drone has already stopped the Americans from using other Sentinels to surveil it. And here’s one question: What would it take for Iran to demonstrate what the drone was surveilling? That is, could it do more than just prove the US had violated its airspace, but tie the US back to some of the attacks within Iran?
Update: Here’s another question. Why the fuck is the government telling us Iran that the drone has been watching what they claim to be Hezbollah training camps before?
The RQ-170 stealth drone that crashed in Iran last week has been used by the CIA in the past to spy on Iran’s nuclear facilities and Hezbollah training camps inside Iran, U.S. officials told NBC News on Tuesday.
Unless that’s another feint to distract from who would be most interested in that “Hezbollah camp”?
Update: More uncanny leaking on the CIA’s activities in the area.
According to these officials, the U.S. has built up the air base Shindad, Afghanistan, with an eye to keeping a long-term presence there to launch surveillance missions and even special operations missions into Iran if deemed necessary.
I sort of wonder whether David Petraeus hasn’t come out of his undisclosed location?
I would first like to state that I agree that as you’ve pointed out previously this could still be an “exploding cigar” ploy.
A variation on that theme is a possibility that this was US-provided “pogey bait” designed to lull somebody like Russia and/or China with its “authenticity” of the acquisition of an apparent “real” RQ-170 Sentinel drone.
This variation scheme goes on with a “special version” of the standard US stealth coating that purportedly makes it invisible to radar. What the Russians and/or Chinese aren’t meant to figure out is that this “special version”, which the Russians and/or Chinese are meant to copy and apply to their stealth aircraft, has a teensy-weensy, deliberately-designed flaw or “enhancement” that makes it light up and visible like the sun to a radar under a very specific radar frequency.
Or the cigar could just be a cigar. *g*
@MadDog: I also think it’s possible that China or Russia helped Iran with this.
I keep waiting for hints that someone (besides Pakistan–though China could be working through Paksitan as we once did) to try to hasten our experience with Afghanistan’s graveyard like properties. And with all the warmongering against Iran, with the troubles with Pakistan, now would be a fairly easy time to do it, particularly given that taking a drone down in Iranian territory would shield whoever helped from claims of entanglement.
Then again, we’re still fighting about whether those “hikers” we caught in Iran or Iraq.
Both Russia and China have “fiddled” with our orbiting satellites with stuff like high-powered lasers. It would not be beyond the range of possibility that they might have jammed the RQ-170 drone satellite-based flight control communications.
Not just in drones, but all of the US leading edge 21st century inventory of aircraft use a stealth coating technology to help provide the invisibility against radar. This includes our B-2 bombers, our F-22 fighters, and the coming on stream F-35 strike fighter which will also be sold to allies like Israel, Britain, Australia, etc. around the world.
Well, the general lack of US interest in getting it back lends credibility to that idea, especially when one remembers how the P-3 forced down by the PRC was returned in a series of boxes, after the PRC took it apart. In that case we were demanding return before the plane landed.
OTOH, the fact the rest of the RQ-170s are grounded points to a vulnerability that may be an artifact of the Creech AFB cyber attack, and that tidbit would also explain why the default actions programmed into the drone did not occur, in which case the PRC and Russians have extremely valuable intel.
Did we ask for it back, and how vehemently?
You can’t discount it, but I’m not sure I buy into the 11venty dimensional chess on this one. Especially since the Chinese, who Pakistan already gave a good long look at our secret helicopter, could probably spot things not on the up and up fairly quickly.
While this focuses on the Predator, I thought it was an interesting story on the question of how often do our pilots lose control of their drones.
http://www.alaskadispatch.com/article/how-often-does-us-military-lose-contact-unmanned-drones
Some things I had not thought of – but also interesting as to what disrupting satellite communications in the area might do. And there’s this on the E-Drone Phone Home, return to base, nonfailsafe:
“Though they are generally programmed to fly a pre-determined – and thus trackable – path until pilots are back online, in the past the US military has been forced to shoot down renegade drones. In other instances, they simply crash”
fwiw
Edited to add: Mad Dog “squoze in” the satellite thingy first. I hadn’t seen it when I posted.
So, is it much more likely than not that this was just surveillance? I don’t know the differences in capabilities, but is it likely, as the US keeps trying to emphasize, that this was not an armed drone? Also, doesn’t it sound like maybe the Iranians were tracking it too or that it was VERY near an Iranian installation, if the US thought it was took risky to try to destroy it? That makes it sound like Iran was on it almost as soon as it went down. That would add to the possible 11venty dimensional element, but I still don’t think that’s what happened. How is it going to boomerang back on Iran?
@emptywheel: I could easily envision either or both Russian and Chinese involvement.
Russia certainly has both the geographic nearness as well as the history with both involvement in Afghanistan and competing militarily with the US.
China has “helped” Iran in numerous ways and has a not insignificant number of Chinese personnel on the ground in Iran.
Making the US Eagle tired of beating its wings in order to keep flying is likely official state policy in both Russia and China.
@rugger9: I think both EW’s and your point about the RQ-170 fleet grounding is possibly a critical tip-off that something ain’t right.
@Mary: And there’s always the question about which side of Iran it was brought down on. ISAF was clear that this was operating out of Afghanistan, and that much I believe. But how far into Iran was it?
I sort of believe the surveillance only. But that’s not to say it wasn’t feeding info back to people on the ground. We still don’t havea real explanation of how the missile site blew up–I’d imagine that’s what Iran would be on the lookout for.
The juxtaposition of this post with Glenn’s on the domestic deployment of drones for all sorts of nifty purposes is pretty disturbing. Whether or not this particular drone was indeed hacked by Iran or any of its chums, it seems inevitable to me that our automated weapons systems will someday be hacked by someone somewhere.
So even in a benevolent parallel universe where our own government would never intend to use its domestic drones against its own law abiding populace, one would still need to worry about an adversary hacking such drones to harm us.
Oddly enough, I would be enormously relieved if Iran et al. turn out in fact to have successfully hacked this drone. Perhaps then it will force us to re-evaluate the wisdom of deploying them willy nilly just because some stupendously short-sighted defense contractor wants to open new markets to goose quarterly profits and pass bonuses and cigars all around.
Can I stir the pot a bit more and say that the Murkans put video/infrared evidence of Iran’s nucular program on the Sentinel and landed it in Iran, for the Russkies and Chinese to “discover” …
Laugh all you want, I’m calling Tom Clancy … *g*
Oh, and while we’re on the subject of drones, there’s this:
@Jim White: I’m shocked, shocked, to see a DHS official caught in such a compromising position ; ) Who does he think he is, Michael Chertoff??? ; )
@phred: You misspelled Jerkoff.
@Jim White: Fair enough ; ) You know a person might just get the impression that DHS was created strictly to enhance government corruption.
If you blocked the satellite feed you wouldn’t necessarily have to spoof any complicated control commands, it might be enough if you could just send a “carrier on” signal to prevent the thing from excuting a mission abort, and presumably it would just fly steady-as-you-go. You would just wait until it was pointed in a useful direction before you lit it up. Then you could just follow along until it ran out of gas, as one report suggested it happened. Scoop it up with a retrieval chopper before a strike plane can get there, and Hi-Yo-Silver! You would have to be waiting in ambush, but why not?
If you knew ahead of time where to expect it, might it be possible to spot it visually? Looking down from something AWACS-like?
@emptywheel:
I would throw out the thought that whatever the CIA mission the RQ-170 drone was on, it would seem to me that it had to have been a top priority mission.
It would seem to me that the US would not be using a stealthy radar-evading drone on some hum-drum operation. The US has a ton of Predators and Reapers in Afghanistan for the everyday missions.
And with the far more capable KH reconnaissance satellite fleet for strategic surveillance of nuclear and missile sites, it would seem to me that the use of stealthy radar-evading RQ-170 drone with its real-time video capabilities would imply a different sort of mission than mere surveillance of Iranian nuclear and missile sites.
This all goes back to EW’s take that the Government/Military Industrial Complex™ is unbelievably cocksure in their technologies. This has to be a giantic WTF moment as they realize their system vulnerabilities were not properly vetted and scramble to firewall all systems. Good luck with that. Horse, Barn, Door.
OT: After seeing a rash of tweets I couldn’t decipher speculating on a sudden trip to Dubai for Pakistan’s President Zardari, Josh Rogin once again blows the lid off with his story:
Don’t forget the obvious; human intelligence.
This is not the same ideological times as the cold war, when we were indoctrinated, almost at birth, that we were in mortal danger from all those evil Soviets-that-want-to-destroy-us-all.
A single family of non-ideological spies broke the compartmentalization of our best codes during the cold war. The Soviets were listening to all of our stuff for years before we discovered it. (In fact, wasn’t it defected Russians that told us?)
Any good EW tech will tell you that to take over a receiver you use a stronger signal than the intended source. If you know the codes because of some free-enterprising (i.e. paid) soul with access, you just swamp the receiver with a stronger transmitter. Add that to the fact that the signal hijacker is much much closer to the receiver, pretty easy to do.
We do that to RADAR all the time; just return our own stronger signal to the receiver and the RADAR can’t tell which is real.
Though MOA has some excellent insight in his post, I’m still uncertain about how the drone was brought down intact.
MOA hypothesizes:
Unless the flight control communications was using the same encryption algorithm and/or key over and over and over again, I’d think that the encryption process on a Top Secret drone platform like the RQ-170 would be of the kind that changed on a regular basis (on a weekly or daily or even hourly basis) and that even if one could break the encryption of one set of communication sessions, it would be almost impossible to use the results to decrypt another set of communication sessions.
And in addition, without access to the encryption key, I can’t see how it could be done on a real-time basis in order to “takeover” the flight control communications and fly the drone.
So that leaves me still “up in the air” (yes, that was meant to be a play one words *g*) on just how the RQ-170 drone made it down supposedly intact.
@JohnJ: I agree that taking ownership of something encrypted is more often as a result of buying/stealing the key rather than breaking the encryption.
That said, in the case of the downing of the RQ-170 Sentinel, the next challenge would be flying (and landing) the critter. Without the pilot’s controlling software, the flight control communications is just a bunch of bits flowing back and forth.
I suppose that in addition to buying/stealing the encryption key, one could also do the same for a copy of the pilot’s controlling software, but that pile one difficulty on top of another. Still, I suppose if one got to the right person, you could buy/steal the entire package.
This:
And this:
Still bothers me as well. How does one track a supposedly stealthy and invisible to radar RQ-170 drone? How did the US pinpoint the supposedly stealthy and invisible to radar RQ-170’s crash site? How did the US even determine the direction of the supposedly stealthy and invisible to radar RQ-170?
Via infrared from the jet engine exhaust? And if so, is the US inadvertently revealing even more about its own Top Secret classified tracking and surveillance capabilities? That it can track stealthy and invisible to radar aircraft?
@MadDog: From Fox News (I know, I know):
And how it may have landed itself:
@MadDog: I guess one way to track/locate a missing RQ-170 is if it, like ET, phoned home. It probably has an GPS chip like GM’s OnStar™ so that when it finally lands itself it can be located.
I can understand that for a civilian vehicle, but that doesn’t seem to be a very smart design for a piece of highly classified military equipment that you’d think whose operators wouldn’t want to have fall into one’s foe’s hands.
Ok, here’s the latest from about 2 minutes ago from Julian Barnes of the WSJ:
Without knowing how close to the boarder it went down maybe one of our own systems caused it to crash.
Or Iran just used our own technology against us.
@MadDog: And about an hour ago from MSNBC’s Jim Miklaszewski:
Crashed or landed itself? Who knows. We’re getting different stories from seemingly different US anonymous sources.
@MadDog: And about 3 minutes ago from CNN’s Barbara Starr. More and different spin. If you wait a bit, it will change again:
@MadDog: I find that purported mission about “tasked to fly over western Afghanistan and look for insurgent activity” has a smell about it that reminds me of bullshit. *g*
Btw, it seems my comment at # 24 is still awaiting moderation. If the honorable blogmaster would be so kind? Ta!
@MadDog: See my update. Now DOD has told Mik that the drone has done several runs before, sending streaming video back of nuke facilities and a Hezbollah training camp.
Which of course must be bullshit–or at the least designed to distract from what it was really doing (unless the “Hezbollah camp” is something else that it wants someone to know about).
Or are we spreading that so when it comes out, no one blames Israel?
@JohnJ: Heck, I wouldn’t even rule out someone diverting it in Afghanistan, though you would think our security in Afghanistan would prevent that.
@MadDog: That seems easy to me. 1) Stealth is about radars, not pictures. Satellites are pictures. And we knew where it was. 2) Stealth presumably focuses on the earth-ward side of things, not the satellite side of things.
We knew where to look, we were looking from the right perspective, and we’ve got scary good sat surveillance, as you noted earlier.
@MadDog: That seems to be the belated spin. a) we’ve already got someone saying on the record it was mostly intact, b) I have some swampland in FL for whoever believes the “rec in W Afghanistan” bullshit.
Therefore I tend to believe the rest is bullshit too, possibly including the story that the guidance system went haywire.
@Quanto:
Or is it “Rainman the reboot”? *g*
@emptywheel:
I couldn’t agree more! There is definitely a PsyOps effort underway to intimate that every single calamitous or scary thing that occurs with regard to Iran is a deliberate US and/or Israeli plot.
Lemons into lemonade. If the US looses a classfied stealthy drone in Iran, might as well scare them some more by claiming we be hiding under Ayatollah Khamenei’s bed.
@emptywheel: Now about 9 minutes ago, Kimberly Dozier of the AP was laying down the same fertilizer:
@MadDog:
While were speculating, maybe it was like Air America with the hillbilly with a musket taking down a C-123 :)
@emptywheel:
Speaking of Israel, and tangentially related to this post’s topic regarding Iran, I suppose you already knew this EW, but it came as news to me when I read it yesterday – via The Independent:
(My Bold)
I was aware of the laptop, but not that it was supposedly sourced from the Israelis. Vested interest in skewing its contents much?
@Quanto: LOL! I got a good chuckle out of that image!
@Jim White:
The answer to that question ought to be extremely obvious to everyone involved: hell, yes, it’s conflict of interest. Anyway, a government official has no business being on the board of a corporation: hell, yes, it’s conflict of interest.
Updated once more with MORE inexplicable leaking on what the CIA is doing in Afghanistan.
@MadDog:
I’d expect it to have some kind of remote-controlled self-destruct.
@emptywheel: Then this Greg Miller WaPo blog post earlier today also fits the bill:
Let me throw in my speculative twist. Iran has experienced several explosions at various sites recently which Iran claims were not by outside sources. Lets assume that this was not about survielance but another attempt to destroy by stealth UAV. Utilizing info and data from previous flights. was Iran able to capitalize and bring down this flight. Also there have been recent stories of viruses or trojan horses detected in some of these UAV’s. They could also be a factor. Just thinking.
I find the NYT’s “dog that didn’t bark” interesting. The NYT usually puts their next day reporting up right now (9:00 CT or 10:00 PM ET), but strangely there is no new NYT reporting on this drone story.
Now maybe that is because their reporting on the drone story is still being written/edited, but given all of the other news outlets’ stories today, one would think that the NYT would at least have their own piece of the pie ready to go, and if further updates were in hopper, they would simply re-post an updated version of their reporting.
@MadDog: I thought it was laundered through the MEK and Turkey. I did not know we had sourced it to the Israelis.
@emptywheel: Could be one and the same. Given all the high-ranking former US officials
in the pay of the MEK lobbysupporting MEK, I wonder if there isn’t a strong Israeli component involved with it.And further, I’d imagine that some in the US government would’ve been extremely reluctant to acknowledge and source it back to Israel for the obvious bias concerns.
@Jim White:
“Unpaid!”
We gets no respect!
The Russians looked at a lot of U2s before they figured out how to get Powers. Can’t imagine the Iranians are any happier about our drones, or any less interested in figuring out how to pop one that’s in their air space.
We know the control systems have been compromised recently. Wonder what the chances are it got hijacked using our own joysticks? That would be a twofer. What better way to get even for Stuxnet?
If nothing else, the keyloggers that were identified could generate a nice stream of plaintext to match up to encrypted traffic. Gives the cryppies something to chew on.
Does anyone know how much we’ve tightened up drone communications? They were embarrassingly accessible as recently as a couple of years ago. RQ-170’s been around long enough to be part of that debacle. Might not have been too hard to distract it.
Here’s a recent snippet from Defense Tech:
I asked Kevin Coleman, DT’s resident cyber security expert to weigh-in on the keystroke-recording virus that has infected the UAV ground control stations at Creech Air Force Base in Nevada.
He gave a very succinct reply. Here it is:
“The Drone thing is way overblown! At least this time. This time it was a keylogger that could not send any data out that it captured!”
He went on to say how the highly publicized incidents where insurgents have intercepted drones’ video feeds were much more harmful than this.
http://defensetech.org/2011/10/11/usaf-drone-control-virus-overblown/
I have to admire Iran for their restraint, quite honestly. How many other countries, when under rhetorical and physical attacks, some secret, and others not so much, would be able to hold back from attacking SOMEBODY?
Israel and the US actually attack at the drop of a hat. For all their bellicosity, Iran doesn’t.
It seems to me that EW’s take is most on target, in that blame has to be deflected from Israel at all costs. And if the Israelis were found to have a hand in this, ackack’s restraint noted in #52 would go out the window, at the very least via Hezbollah. Any increase in Hezbollah activity lately? I haven’t seen it reported and one would think Bibi would set that marker out if he had it to justify whatever he was doing.
Looking at “hezbollah training camps” is the giveaway here on what the RQ-170 was trying to do, and since Hezbollah doesn’t bother the USA it points to Israeli interests.
Although I continue to thinks that software failure is the most likely culprit (as a software developer, I just always suspect that…), I think folks are overlooking an easier way for Iran to have pulled this off. It is called a replay attack. Here’s how they might have pulled it off. The first thing you do is to record the signals that are sent to the drone that makes it land. Iran could have easily placed someone at the Kandahar airport or some other place where these things land. Then you take that recording and play it back at a drone over Iran, overpowering the true signal. You don’t need to break the encryption to do this.
Now, I would think that the USG would have taken countermeasures against this. Normally you do that by including a mutual authentication protocol and a time code inside the signal, so that a replayed signal would be recognized as invalid. There are other ways as well. But remember, building these things involve a lot of trade-offs and maybe they didn’t think it was necessary to protect against that sort of threat. If so, I imagine they are reassessing that judgment.
@MadDog:
So apparently there were no visibility problems with seeing from a satellite whatever the drone was flying over.
So what was the drone tasked with doing that a satellite couldn’t do (at no risk of compromising military technology)?
@lysias: #55
One of the larger unanswered questions, the Hezbollah angle seems most likely but monitoring that camp doesn’t require the RQ-170 IMHO. Why send the coolest toy for something like this?
One mystery is why the drone didn’t either return to non-Iranian territory where it could be recovered, or self-destruct (blow itself up in the air, crash hard into the ground). If I were programming an intelligence drone with technology I didn’t want recovered by the bad guys, the control link would be encrypted enough that really inside access would be required to take over control. And several safe-modes would kick in if the control link was jammed. First, a GPS-based pre-programmed exit path to US-controlled territory. If GPS was jammed, the same thing using inertial navigation. If that wasn’t working, a magnetic compass trajectory and crash after sufficient distance into presumably US-controlled territory.
If there’s a mechanical failure that prevents flight (either normal control or safe-mode), it would self-destruct cameras and sig-int receivers in the air, ejecting the debris separately from the airframe, followed by intentionally crashing into the ground (to maximize damage to airframe and stealth stuff).
While incompetence or bad luck is always possible, there seems to be a perfect storm here.
Also, why is the US saying anything at all, instead of just nothing?
How about this: the real issue is the new Russian anti-stealth radar vs US stealth tech. The RQ-170 uses state of the art stealth, and the US doesn’t want the Russians to calibrate their new radar on it, which would compromise both future use of RQ-170, and other stealth planes and drones.
Maybe this particular drone was modified to give disinformation about how good the latest stealth tech and/or intelligence tech is, and was made to intentionally show up on the new radar (which an unmodified RQ-170 would not). And it was commanded to have a convincing mechanical failure after it was detected on radar, that caused it to glide to a relatively intact landing, with the intention of being recovered. The mechanical failure would “explain” why it didn’t fly away home, so the bad guys would just think they got lucky instead of falling for a ruse.
This compromises the airframe design (which the bad guys probably already know a fair bit about), but not the real stealth tech (because intentionally crappy stealth was used instead). The cameras and sig-int gear wouldn’t be the usual good stuff but obsolete or misleading substitutes.
The public announcements that this is indeed a CIA RQ-170, and that future RQ-170 flights are suspended (to keep the Russian radar from seeing an unmodified stealth drone in flight and realizing that the one they have is a joker), just become part of the plan.
Note, Hezbollah is exposing more Israeli spy toys.
Given the parallel going on in Lebanon, I wonder whether some of this pertains to the spies that Hezbollah and Iran rolled up recently?
Bookmarking Danger Room, this will have more on it, surprising for something so “hush-hush”.
1 minute ago via Scott Shane and David E. Sanger of the NYT:
“U.S. Drones worships an eye outside the lovely dispute. U.S. Drones ends Iran after an arresting excess. U.S. Drones signs a shame across a pretended breakdown. The groan lusts outside the gutter. The ass stacks U.S. Drones.”
This was the initial result of the random paragraph generator at watchout4snakes.com, using these two phrases “U.S. Drones” and “Iran”. Submitted for your approval.