‘Anarchist’ hacks Israeli drones

Mary Dobbing, co-author of Drone Wars’ briefing on Israel and the drone wars, looks at the implications of the recent news that US and British spooks hacked Israeli drone feeds.

Image of Heron TP drone - Credit: Laura Poitras/The Intercept

Image of Heron TP drone – Credit: Laura Poitras/The Intercept

The United States and Britain have been hacking into Israeli drone signals and video feeds since 1998 we have learned from latest publication of leaks from former US NSA contractor Edward Snowden. The details were published by The Intercept at the end of January. “This is an earthquake, the worst leak in the history of Israeli intelligence” shouted the headline in The Times of Israel quoting “a security source”. The information hacked related to video feeds and routes-over-the-ground that the drones were flying.

Using open-source encryption busting software (called AntiSky used to hack into pay-to-view TV), the drone’s downlink to its ground controller from a satellite gave analysts a “virtual seat in the cockpit” of drones and piloted aircraft said The Intercept.

The secret program code-named ‘Anarchist’ comprised intelligence gathered by UK’s Government Communications Head Quarters (GCHQ) in Cheltenham working with the US National Security Agency (NSA). Troodos, a GCHQ listening station high on a mountain in Cyprus, is well positioned to monitor signals from military flight activity in a wide area of the Middle East, North Africa and the Eastern Mediterranean. The NSA listening station at Menwith Hill in North Yorkshire also plays a part working closely with the GCHQ site in Cyprus for tip-offs about military flights in this area.

“The GCHQ documents describe the mission against Israeli drones in broad terms. An “outbreak of hostilities between Israel and Hamas” occasioned the intelligence agency’s interest, and so did tension with Tehran. In reporting on flights of an armed Heron TP, a Troodos employee noted that “our ability to collect and track and report this activity is important for the initial detection and tip-off for any potential pre-emptive or retaliatory strike against Iran.”  [The Intercept]

The intelligence leaks describe how a range of Israeli-made drones have been hacked. Namely, the Heron UAVs (IAI), Searcher (IAI), Hermes UAVs (Elbit), Aerostar (Aeronautics) and Orbiter (Aeronautics). Fuzzy photo stills from the drones’ video feed appear to show what has long been known, but never officially confirmed by the Israelis, that the Heron TP drone carries missiles.

The Heron TP, known in Israel as the Eitan, is larger than the US-made Reaper drone with 85ft wingspan and described as “the drone that can reach Iran,” when it was unveiled in 2007.  Internal GCHQ documents revealed by The Intercept included still images from footage recorded by drone cameras including a series collected in 2009 and 2010 that appear to show Heron TP carrying missiles.

We’ve learned about intense US interest in keeping an eye on the Israeli Air Force when it comes to military flights over occupied Palestinian territories, Golan Heights and Iran. Israeli sources say that while they were not surprised about the spying, they were “disappointed”. The intelligence leaks show that Israel flies drones over Gaza, West Bank, Golan Heights and Israel’s northern borders with Lebanon and Syria, including that Heron TP drones have been monitoring fighting in Syria since 2012.

US and Britain have also incepted drone feeds from (probably) Iranian-made drones being flown by Hezbollah in Lebanon and by Assad’s regime from an airbase in Syria. But by the far the biggest target for interception was Israel’s drones.

In early January 2009 as Israel’s air assault on Gaza intensified (called Operation Cast Lead, when 1,330 Palestinian civilians were killed), the leaks reveal that satellite surveillance operators at Menwith Hill had been tasked with looking at drone activity. While they never recorded a strike from an Israeli drone, the video feed from an F-16 fighter jet was collected as it was tracking a moving target to strike in Gaza giving operators a virtual seat in the cockpit.

“It is not always clear from the images precisely where the drones were located, and it is thus impossible to tie the intercepts to specific attacks. A note on January 12, 2009, in the midst of Cast Lead, directs technicians “with the current situation … to keep a watch and report on where the majority of UAV flights are being conducted.” [The Intercept]

We have also learned that in spite of Israel’s efforts, they have persistently failed to encrypt drone video and other feeds. This will be a matter of acute embarrassment for the Israeli drone industry following the 1997 debacle when 12 Israeli Naval Commandos were killed during a raid to assassinate ‘a senior official in the Amal movement’ and Hezbollah presented photographs which showed they could intercept drone video feeds and work out areas the Israeli military were interested in. Following this the defense establishment invested “unprecedented efforts and resources,” according to an official familiar with the issue, in order to encrypt the frequency of the transmissions between the drones and the base.

“Yuval Steinitz, Israel’s energy minister and a member of Netanyahu’s security cabinet, sought to play down the issue but said lessons would be learned. “I do not think that this is the deepest kingdom of secrets, but it is certainly something that should not happen, which is unpleasant,” he told Israel’s Army Radio. “We will now have to look and consider changing the encryption, certainly.” [The Guardian]

In figuring out why US and UK would secretly spy on Israel’s Air Force when they maintain friendly shared intelligence on for example, counter-terrorism, it is suggested that there are two main areas of interest. Firstly, that Israel’s policies towards Palestinians and Iran are at variance with the Obama Administration’s and secondly, commercially, the fact that Israel is the biggest exporter drones to the rest of the world. India has purchased the most drones from Israel and is now taking delivery of weaponised Heron TP drones, and Germany is leasing armed Heron TP drones. The question is – are all the drones exported to at least 37 countries hackable by US and UK and presumably other states?

Countries with Israeli UAV models which have been intercepted by US/UK
Country UAV Manufacturer
1.  Angola Aerostar IAI
Heron 1 IAI
2.  Australia Heron 1 IAI
3.  Azerbaijan Aerostar IAI
Hermes 450 Elbit
Hermes 900 Elbit
Heron 1 IAI
Orbiter Aeronautics
Searcher Aeronautics
4.  Botswana Hermes 450 Elbit
5.  Brazil Hermes 450 Elbit
Hermes 900 Elbit
Heron 1 IAI
Searcher Aeronautics
6.  Cote D’Ivoire Aerostar IAI
7.  Croatia Hermes 450 Elbit
8.  Cyprus Hermes 450 Elbit
Searcher Aeronautics
9.  Ecuador Heron 1 IAI
Searcher Aeronautics
10.  Finland Orbiter Aeronautics
11.  France Heron 1 IAI
Heron TP IAI
12.  Georgia Aerostar IAI
Hermes 450 Elbit
Hermes 900 Elbit
13.  Germany Heron 1 IAI
Heron TP (Armed) IAI
14.  India Heron 1 IAI
Heron TP (Armed) IAI
Searcher Aeronautics
15.  Indonesia Searcher Aeronautics
16.  Italy Hermes Elbit
17.  Kazakhstan Hermes 900 Elbit
Orbiter Aeronautics
18.  Kenya Heron 1 IAI
19.  Mexico Hermes 450 Elbit
Hermes 900 Elbit
20.  Netherlands Aerostar IAI
21.  Nigeria Aerostar IAI
22.  Peru Orbiter Aeronautics
23.  Poland Orbiter Aeronautics
24.  Russia Heron IAI
Heron TP IAI
Searcher Aeronautics
25.  Singapore Hermes 450 Elbit
Hermes 900 Elbit
Heron IAI
Searcher Aeronautics
26.  South Africa Hermes 1500 Elbit
27.  South Korea Heron IAI
Searcher Aeronautics
28.  Spain Heron 1 IAI
Searcher Aeronautics
29.  Sri Lanka Searcher Aeronautics
30.  Switzerland Hermes 900 Elbit
31.  Taiwan Searcher Aeronautics
32.  Thailand Aerostar IAI
Searcher Aeronautics
33.  Turkey Aerostar IAI
Heron IAI
Searcher Aeronautics
34.  Uganda Searcher Aeronautics
37.  Uzbekistan Hermes 450 Elbit
US and UK excluded from this list.

Note UK and US excluded from this list.  

It’s possible that the spying has commercial implications too, with huge numbers of drones being exported to the rest of the world by Israel (see Drone War UK’s report). If it’s this easy to hack into the drone video feeds and track their flights’ over-the-ground routes then purchasers of Israeli drones will also have a problem with security. If it’s this easy to hack into Israeli drone video feeds, who else can?

Looking at the countries that have Israel drones we know have been hacked, one can imagine the interest by US/UK in being able to spy on Israeli-made drones flying around parts of the globe by other states.

The Hermes 450 drone is widely reported to have air-to-ground missiles and has seen action in periodic Israeli air assaults on Gaza and elsewhere, but the GCHQ documents from Troodos in Cyprus do not mention any such attacks by this drone model. This is intriguing, but maybe the UK knows all about Hermes 450 already because we have 54 of them, rebranded as the Watchkeeper.  As these are for sale by UK Inc., it would be an own goal to show how easy they are to hack into. Indeed, as The Intercept’s report came out we learned that France has decided not to buy Watchkeeper in favour of French-made Patroller tactical UAV which can carry missiles.

Edward Snowden’s leaks reveal that while the technologies used in UAVs are sophisticated and cutting edge, it seems that less thought has been put into securing the signals. This has huge implications for their utility as the ‘only game in town’.

Categories: Israel and drones

Tags: , , , ,

1 reply

  1. “persistently failed to encrypt drone video and other feeds.This will be a matter of acute embarrassment”

    No such ’embarrassment’ then (‘acute’ or otherwise) for the abused, harassed, perennially vilified Palestinians & their terrified children expected to ‘live’ with these ‘death machines’ 24/7? Thought not.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.