12/30/11

Anonymous Hacks Again Hackmas Gift 4 Charities

UPDATE: 12-30-2011 (CentOS) is the OS that the Victims of the Duqu worm -Diagram -(son of Stuxnet).

Anonymous hacks Security Firm Stratfor Global Intelligence

Provides strategic intelligence on global business, economic, security and geopolitical affairs.

gAtO sMiLe - Hackers Breach the Web Site of Stratfor Global Intelligence. gATo did a goole search on Stratfor_com. As you can see the site as of Sunday night (12-25-2012) 2310 hundred hours it’s still down. The part that got gAtO 2 sMiLe is that the other links from google point to “default- error page”.  For a security firm they have done everything WRONG that they could after the HACK.

These error pages from a Google search gives away the OS  ((CentOS) Server) that they are using the Version of  (Apache/2.2.15)  also the the nomenclature they use in their Directory structure. This is a wealth of information to give any hacker to start hacking then next time (there will be a next time 4 Stratfor ) . A security firm should at least have a disaster recovery plan well Stratfor Global Intelligence has none.

Example: From Google click on Careers, ABOUT Stratfor, Geopolitical Weekly or any othe rpage and you get an error page with all kinds of information for any hacker during information gathering before the hack. 

From a simple google search:

(CentOS) Server

 

 

 

 

They use CentOS: – Check out their bug report page: -http://bugs.centos.org/view_all_bug_page.php

stratfor.com/subscibe error code show lots of Information about any site. A good web designer would of hiding this information to keep a hacker from knowing my information

This site list the bug reports for Cent(OS). A wealth of information for a hacker.

Apache/2.2.15

http://httpd.apache.org/security/vulnerabilities_22.html

You can see that if you need to hack Apache just scan for CVE-2022-3368 and CVE-2011-3348 and these are for version 2.21 and 2.2.22 they are running 2.215. To gAtO it looks like they may not of done proper Patch management to keep up with updates.

 

 

“Anonymous” claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor

 

I read that they did not encrypt their subscribers credit card so a few people have made charitable contribution from their credit cards on .stratfor. Why do companies that have credit and personal information not encrypt them. This is a no brainer, if I have customers information and I’m a security company why is my website so bad and open to hacking so easily.

 

Anonymous said the client list it had already posted was a small slice of the 200 gigabytes worth of plunder it stole from Stratfor and promised more leaks. It said it was able to get the credit card details in part because Stratfor didn’t bother encrypting them – an easy-to-avoid blunder which, if true, would be a major embarrassment for any security-related company.

 

Hours after publishing what it claimed was Stratfor’s client list, Anonymous tweeted a link to encrypted files online with names, phone numbers, emails, addresses and credit card account details.

 

Anyway gAtO just wanted to point some of these things out I just don’t understand it why these big shot Security firms scream so loud about hackers, maybe because they do such a bad job that they think that laws may help them but this damage of reputation may bring this company down.

The problem that gAtO has found is these big shots thing that they hire anyone that has a security clearance or a certification. These people have no real knowledge of what a hacker does but what’s in the book. When you read it from a book today it’s outdated before it’s been printed and the hackers are on to newer stuff. Companies cannot think if they are compliant and within regulatory that will stop a hacker, they think that just because it has n0t happened before and it looks impossible to you the hackers know all the same in-the-box stuff that everyone else does. So you better understand were the new information is coming from and keep learning every day. Cyberspace is not going to stop evolving so security people better not stop and, they need to always keep an open mind and think of the impossible and protect you data. It may be what keeps your company from going under with just one hack

gAtO_oUt

Directory Structure: just add strafer.com/xxx

/weekly/friedman_on_geopolitics

/analysis/20111028-mexicos-cartels-draw-online-activists-ire

Not Found

The requested URL /analysis/20111028-mexicos-cartels-draw-online-activists-ire was not found on this server.

Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

Not Found

The requested URL /careers was not found on this server.

Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

Not Found

The requested URL /weekly/20111212-russias-plan-disrupt-us-european-relations was not found on this server.

Apache/2.2.15 (CentOS) Server at www.stratfor.com Port 80

Read More:

http://www.huffingtonpost.com/2011/12/25/anonymous-stratfor-hack-hackers-hacking_n_1169268.html

http://www.nytimes.com/2011/12/26/technology/hackers-breach-the-web-site-of-stratfor-global-intelligence.html?_r=1&hp

12/30/11

Antisec Teaser MERRY LULZXMAS

Antisec Teaser 12-25 - http://pastebin.com/bQ2YHDdw

Antisec Teaser 12-26 - http://pastebin.com/q5kXd7Fd

Antisec Teaser 12-27 - http://pastebin.com/vuMypejL

Antisec Teaser 12 -29 - http://pastebin.com/f7jYf5Wd

  1.      #AntiSec™    (wtf? we hate copyright…)
  2. > Can I haz candy?
  3. > :3
  4. Greetings Global Pirates! Having fun riding the waves of the Global Financial Meltdown?  We sure are.
  5. Did Bradley Manning get his fancy LulzXmas dinner yet?
  6. hm… guess not.
  7. Still trying to lock him up for life?
  8. Still think we’re just joking around?
  9. That’s OK. The time for talk is over.
  10. MERRY LULZXMAS and a Lulz New Year

    So now let’s talk… about cocks:
  11. It’s time to dump the full 75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor.
  12. But that’s not all: we’re also dumping ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who’s ever registered on Stratfor’s site.
  13. > …
  14. > WTF?!?!
  15. > Did you say 860,000 accounts????
  16. > Did you notice 50,000 of these email addresses are .mil and .gov?
  17. > fuck men…we’re pretty much screwed up now…tinfoil hat please here..
  18. > yeah, for the lulz \:D/
  19. > sounds illegal…
  20. * /me phones police
  21. > holy shit, like frontal crash at 180mph!!!
  22. > :P
  23. > lol xD
  24. We almost have sympathy for those poor DHS employees and australian billionaires who had their bank accounts looted by the lulz (orly? i just fapped).
  25. But what did you expect? All our lives we have been robbed blindly and brutalized by corrupted politicians, establishmentarians and government agencies sex shops, and now it’s time to take it back.
  26. We call upon all allied battleships, all armies from darkness, to use and abuse these password lists and credit card information to wreak unholy havok upon the systems and personal email accounts of these rich and powerful oppressors. Kill, kitties, kill and burn them down… peacefully. XD XD
  27. Is that it? 0h hell n0.
  28. On New Years Eve, there will be “noise demonstrations” in front of jails and prisons all over the world to show solidarity with those incarcerated.
  29. On this date, we will be launching our contributions to project mayhem
  30. by attacking multiple law enforcement targets from coast to coast.
  31. That’s right: once again we bout to ride on the po po. Problem, officer? umad?
  32. Candiez, pr0n and cookies for LulzXmas:

Greetings fellow global pirates,

The halls are decked with lulz, AnonSanta’s battle sleigh is re-filled, and lulz lizards worldwide are awaiting his arrival. Wait no longer, good denizens of the Internet, it’s time for another round of the LulzXmas festivities.

But first, tell us, have you enjoyed the complete obliteration of Stratfor live on IRC and Twitter? We have. We also laughed heartily whilst these so-called protectors of private property scrambled desperately to recover the sensitive information of all the customers who they wronged by failing to use proper security precautions. Stratfor’s Terms of Service stated, “Security: The personally identifiable information we collect about you is stored in limited access servers. We will maintain safeguards to protect the security of these servers and your personally identifiable information.” Yet Stratfor lazily stored credit card information and corresponding data unencrypted. Is the irony palpable yet?

Continuing the week long celebration of wreaking utter havoc on global financial systems, militaries, and governments, we are announcing our next target: the online piggie supply store SpecialForces.com. Their customer base is comprised primarily of military and law enforcement affiliated individuals, who have for too long enjoyed purchasing tactical combat equipment from their slick and “professional” looking website. What’s that, officer? You get a kick out of pepper-spraying peaceful protesters in public parks? You like to recreationally taser kids? You have a fetish for putting people in plastic zip ties?

We had to contain our laughter when we saw these two “hacker proof” logos plastered on the SpecialForces.com website: “Scanned by GoDaddy.com: secured website” and “McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses, and online scams.” Despite the almighty powers of GoDaddy and McAfee’s logos and some reassuring words, SpecialForces.com was just no match for our hella wicked black hat voodoo. We have just one question before we continue: You mad, officer?

To be fair, at least SpecialForces.com DID store their customers’ credit card information using blowfish encryption (unlike the global intelligence and security industry “professionals” at Stratfor, who apparently remain confused as to whether their customers’ information was even encrypted or not). Nevertheless, our voodoo prevailed and we were quickly able to break back into the military supplier’s server and steal their encryption keys. We then wrote a few simple functions to recover the cleartext passwords, credit card numbers, and expiration dates to all their customers’ cards. That’s how we roll.

In reality, for the past few months, we have been in possession of approximately 14,000 passwords and 8000 credit cards from SpecialForces.com. Unfortunately a former comrade leaked the password list early, and the full story on this owning will be told in our upcoming zine. Until then, feast upon one hell of a juicy text file.

We’ll continue to have ourselves a merry LulzXmas at the expense of capitalist pigs, corrupt public officials and all those third parties who cater to the continued oligarchic elite worldwide. We are your secretaries, your janitors, your babysitters, your IT guys, your bus drivers, your maids, your hard-working, driven and determined fellow humans. We could be sitting next to you in a coffee shop, scanning your goods at a department store or even fixing your busted-ass computer. We are here to stay, and by now, you had better damn well expect us, cause the time for simple “lulz” is long past.

Oh, and by the way: Did Bradley Manning get his fancy holiday meal yet? Might want to hurry up before we hit even more targets.

12/29/11

China’s Cyber Command | China Power

Chinese analysts and officials like to point out that it was the United States that first set up Cyber Command and thus, in their view, militarized cyberspace. Yet Chinese military thinkers are clearly thinking about what type of organizations and institutions they will need to conduct offensive cyber operations and to defend their own networks against attacks. An interesting piece in China Defense Daily lays out some of the characteristics necessary for “a highly effective command system for cyber war mobilization.”

– Military and civilian networks are interconnected, and the resources needed for cyber war permeate society; military units, social organizations, and even individuals “will all possibly become combat forces during a cyber war.”

via China’s Cyber Command | China Power.

12/28/11

Business Cell Phones Hacks Will Soar In 2012

gAtO sAy -In 2012 businesses information will be the main hacking victims thru their cell phones. IEEE say’s “it is likely to be C-suite executives exposing businesses to vulnerabilities” (CEO -Chief Executive Officer, CFO -Chief Financial Officer, COO -Chief Operations Officer) yes even (CTO’s) Chief Technology Officer will get their cell phones hacked and all kind of IP intellectual property- BI Business Intelligence- KM knowledge management- will go out the door. The hacked information is a treasure to cyber criminals, competition, international/national governments, hackers and scipt-kiddies. Smartphones Danger for Corporate World

GaTo sAiD bEfOrE -Why is this true, the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.

Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.

Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection, These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.
It takes just one high or low level employee to download malware onto their phone and spread it to the organization systems.

But the fun does not end here you don’t really need to be a hacker to get information to decide who to attack, just like targeted spear phishing attacks.
Here are a few thought:

2012 Security Predictions gAtO working copy v.01-alpha - click to enlarge

  • ? spoofed caller ID -
  • ? low-tech approach of merely guessing someone’s four-digit voicemail PIN number or password
  • ? pretexting -professional imposters

Social engineering if a person uses there cell phones to update Linkedin, Facebook or twitter – “Send an enticing link via SMS, email, Twitter; if the target follows from their phone you’ve got a chance at using one of many remote exploits for iPhone and Android to install a rootkit,”

An attacker can join social media and start collecting friends I’m sure there will be a wealth of information out there. Even indirect if you can get a friend of a friend of a friend you may be able to see your subjects SMS or cell phone update.

Watch how you use your cell phones PEOPLE.

WiFi and VIOP hacking for the personal and corporate data and better still small mom & pop stores and small business, how much information does your local gas station, news stand have on you, they don’t have an IT department. VIOP can allow you to drive by phone phreaking along the back roads of suburbia near the subjects (targets) home address.
Android and iPhones re-syncs phone book data, voicemail, text message logs, browser history, or anything covertly sent to you with your computer. Even your personal computer may have business information.
“Older versions of Android are easiest to hack,” – “Recent versions of iOS [are easy to hack] too, though both Apple and Google have been quick to release patches.”
If a rogue hacker were to hack into someone’s (your) voicemail, is there any way to detect the intrusion? Unfortunately, voicemail systems from the major carriers in the U.S. leave a lot to be desired. None that I’ve encountered offer any sort of access log. The best you can determine is whether or not a message has been listened to. Even then, if a hacker were to listen to and then delete a message, you’d have little way of knowing.”
Getting a person’s personal phone number to spoof could be accomplished by finding it in publicly available documents such as student listings, or these days, on social networking sites like Facebook. A bit of social engineering with real people who know or could access the number would accomplish the same thing

Your E-Mail is the KEY to cell phone hacking. It’s the closest thing to the skeleton key of the digital world. How about if your email is hacked and your password published. How about just simple bad password, in the release of the hacked email from Stratfor there were 100 with “password” in them. How about the last four digits of your phone number, or 1-2-3-4, or publicly available information like your birthday,”

Data Breach Affects 50,000 people; 50,277 Credit Card Numbers, 44,188 Hashed Passwords, 47,680 E-Mail addresses.
personally identifiable information:
• 50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired. Note: Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
• 86,594 Email addresses, of which 47,680 are unique.
• 27,537 Phone Numbers, of which 25,680 are unique.
• 44,188 Encrypted Passwords, of which roughly 50% could be easily cracked.
• 73.7% of decrypted passwords were weak
• 21.7% of decrypted passwords were medium strength
• 4.6% of decrypted passwords were strong
• Average decrypted password length: 7.1 Characters.
• 10% of decrypted passwords were less than 5 characters long.
• Anonymous and AntiSec Hackers??Only 4.8% of decrypted passwords were 10+ characters long.
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.
Cell Phone — Password retrieval mechanisms can be exploited, most security protocols send forgotten passwords to a person’s main email address. Every service in the world typically goes back to your email address. Your primary email password should be different than anything else you use, and it should be stronger than any other password you use.”

Ubiquitous computing, of which our smartphones and tablets are but just the beginning, is going to require that we shift our paradigms of privacy and security in profound ways. This isn’t just the responsibility of the average Joe user, however.  We need to be demanding that our mobile service providers aggressively protect our privacy and keep the bar high for device security. In the meantime, to avoid becoming phone hacking victims, users should take extra precautions to regularly reset their PIN numbers to protect their data — just as we’re engrained to do with our computers and online accounts.
It’s not unreasonable to project that [phone hacking] will become more common, as more of our important data finds its way into the cloud, those seeking to exploit that data will seek the weakest point of entry. Your cell phone can talk to a cloud service so think about it. One exploit ran an application on the attacked phone that could retrieve data. The SMS came back with the attack phone’s INSI number; the phone’s unique ID. However the application could have just as easily have stolen a contact list, either personal or corporate. It is also possible in this scenario to push viruses to the device or even initiate a denial of service attack. The app could easily uncheck SSL, leaving the device vulnerable with no encryption when you login at your local coffee shop. These kinds of hacks are unique to smartphones because PCs don’t have SMS capabilities, gAto advised all smartphones that are under an organization’s control be tightly monitored, patched and updated regularly to avoid users taking matters in their own hands… - gAto oUt

References:
IEEE Experts Predict Smartphone Hacking Will Soar in 2012

http://www.prnewswire.com/news-releases/ieee-experts-predict-smartphone-hacking-will-soar-in-2012-134658373.html

http://uscyberlabs.com/blog/2011/12/28/stratfor-hack-personal-identifiable-information/

http://www.cellphonehacks.com/

http://en.wikipedia.org/wiki/Phishing

http://en.wikipedia.org/wiki/Corporate_title

http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html

http://www.google.com/search?client=safari&rls=en&q=midnight+raid+attack&ie=UTF-8&oe=UTF-8

http://www.privateline.com/mt_cellbasics/index.html

12/28/11

Stratfor Hack -Personal Identifiable Information

Data Breach Affects 50,000 people; 50,277 Credit Card Numbers, 44,188 Hashed Passwords, 47,680 E-Mail addresses.

personally identifiable information:

  • 50,277 Unique Credit Card Numbers, of which 9,651 are NOT expired. Note: Many credit cards are re-issued, and many credit card processors do not check the expiration date. Consequently, more than 9,651 credit card holders may still be at risk.
  • 86,594 Email addresses, of which 47,680 are unique.
  • 27,537 Phone Numbers, of which 25,680 are unique.
  • 44,188 Encrypted Passwords, of which roughly 50% could be easily cracked.
  • 73.7% of decrypted passwords were weak
  • 21.7% of decrypted passwords were medium strength
  • 4.6% of decrypted passwords were strong
  • Average decrypted password length: 7.1 Characters.
  • 10% of decrypted passwords were less than 5 characters long.
  • Anonymous and AntiSec Hackers

    Only 4.8% of decrypted passwords were 10+ characters long.

  • Presumably the remaining non-decrypted passwords were stronger than the decrypted subset.
  • 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world.

 

 

 

Read More …> http://www.identityfinder.com/blog/post/Identity-Finder-Releases-Detailed-Analysis-of-Personal-Information-e28098Anonymouse28099-Attack-on-Stratfor.aspx

 

 

12/27/11

Detectives Hunting Dead Girl -Rupert Murdoch Hacked the Phones

gAtO pIsSiRupert Murdoch and son James get away with not just hacking a dead girls cell phone but it appears that they also hacked the phones of the police investigators on the case. this all happened in 2002. Chief Constable Mark Rowley reported this and when passed to Scotland Yard about the phone hacking investigation in 2006 this part of the report was missing.

gAtO sAiD- funny ha ha how Rupert Murdoch can get Scotland Yard in your pocket and the local police in London.

So Rupert, Jimmy and let’s not forget Tom Mockridge as another scumbag at News International. These are the hackers that make me sick. Here was power and influence totally disregarding any decorum of a news organization. They went out and hired crackers the web 3.0 type and then these people had great meetings about all this information. They could of deleted messages and dummied some up. The personal violation that these people committed in cyberspace and then they talk about hackers.uscyberlabs - gatomalo_at_uscyberlabs_dot_com

The Murduch cyber crewz were the best. No problem if this is illegal we got a get out of jail card with he police and Scotland Yard this was a hackers dream. gAtO aDmIt - he would like to hack without strings one time sI-nO but unless I find a rich and powerful well connected type like the Kock brothers. gAtO sent in a rEsUmE it was a zenmap report of their site -gAtOmAlO sOmEtImE

Detectives hunting Milly Dowler’s killer had phones hacked, Leveson Inquiry hears

Police officers investigating the disappearance of the schoolgirl Milly Dowler had their mobile phones hacked during the inquiry, Surrey Police has revealed.

A lawyer for the force told the Leveson inquiry that “a number of Surrey Police officers themselves were victims” of phone hacking shortly after the investigation began in March 2002.

Previously it was known that journalists at the News of the World had hacked the mobile telephone of the missing 13-year-old.

But this is the first time that it has been confirmed that detectives working on the case were also victims of phone hacking.

John Beggs QC, counsel for Surrey Police, told Lord Justice Leveson: “My instructions are that it is very likely that a number of Surrey Police officers themselves, at the time of launching the Milly Dowler investigation in March nine years ago, were themselves victims of hacking.”

Earlier this month Surrey Police admitted that they learned that Milly Dowler’s phone was hacked by the Sunday tabloid in 2002 but did not act.

RELATED ARTICLES

Mr Beggs did not reveal whether the force also learned that their own officers had been hacked or whether this has since come to light during Operation Weeting, the Metropolitan Police’s investigation into phone hacking.

He was speaking as the Surrey Force made an application to become a core participant in the Leveson inquiry, which will look at the culture and ethics of the press.

Mr Beggs argued that the force should be allowed “core participant” status in light of the criticism the force has faced following their admission that they knew about Milly Dowler’s phone being hacked.

The force made the admission in a letter to the Home Affairs Select Committee.

The force’s then Chief Constable Mark Rowley said that officers became aware in April 2002 that someone from the News of the World had accessed the missing girl’s voicemail after someone on behalf of the Sunday newspaper phone the police operation room.

However Mr Rowley said that a formal investigation was not launched. He said: “At that time the focus and priority of the investigation was to find Milly who had then been missing for over three weeks.”

Mr Rowley’s letter said that an inquiry is looking into why no formal investigation was launched. He also revealed that the information that the News of the World had accessed Milly Dowler’s voicemail in 2002 was npot passed to the original Scotland yard phone hacking investigation in 2006. The reason for that is also being investigated.

http://www.telegraph.co.uk/news/uknews/phone-hacking/8860067/Detectives-hunting-Milly-Dowlers-killer-had-phones-hacked-Leveson-Inquiry-hears.html

12/27/11

Phone Hacking Timeline-Is Rupert Murdoch a Criminal

News of the World: UK Police Put Phone-Hacking Victims At Around 800

LONDON — The total number of people whose phones were hacked by journalists at the News of the World tabloid is around 800, British police said Saturday.

Scotland Yard said investigators have spoken with 2,037 people, of whom “in the region of 803 are victims” whose names appeared in notes seized from a private investigator working for Rupert Murdoch’s now-shuttered News of the World.

“We are confident that we have personally contacted all the people who have been hacked or who are likely to have been hacked,” it said.

Police had identified 5,795 potential phone-hacking victims in material collected from Glenn Mulcaire, the private investigator at the center of the scandal who was jailed in 2007.

Scotland Yard said Saturday that while there are still “a raft of people” it needs to speak to who were identified as potential targets, those individuals are unlikely to have been hacked.

What had for several years been a trickle of allegations by people who claimed to have been hacked by the News of the World – from celebrities like Sienna Miller and Jude Law to politicians including former Deputy Prime Minister John Prescott – exploded this summer with the revelation that the paper had hacked into the phone of a 13-year-old murder victim, Milly Dowler, in hopes of getting material for news stories.

Two top London police officers and several senior Murdoch executives resigned in the scandal, and the investigation into phone-hacking has seen more than a dozen News of the World journalists arrested, including former editor Andy Coulson, who resigned his post as Prime Minister David Cameron’s media chief as the scandal widened.

It also has prompted multiple investigations and an official inquiry into media ethics, which has heard from the Dowler family and celebrities such as Hugh Grant about the effects of media intrusion on their lives.

1843
News of the World is first published, by John Browne Bell

1969
Australian Rupert Murdoch buys the newspaper, his first toehold in Great Britain

1984
Murdoch revamps News of the World from a broadsheet to a tabloid format

1989
Rebekah Wade
(she married horse trainer Charlie Brooks in 2009 and took his name) is hired at News of the World, as a secretary

March 2002: 

British tabloid News of the World began intercepting Dowler’s voicemail messages

Days after the disappearance of 13-year old Milly Dowler, British tabloid News of the World began intercepting Dowler’s voicemail messages. The paper deleted old messages to make room for new ones, leading some to speculate that she was alive. The Guardian reports: “The Dowler family then granted an exclusive interview to the News of the World in which they talked about their hope, quite unaware that it had been falsely kindled by the newspaper’s own intervention. Sally Dowler told the paper: ‘If Milly walked through the door, I don’t think we’d be able to speak. We’d just weep tears of joy and give her a great big hug.’”

April 2002:

Police first became aware that the paper was listening to Dowler’s messages after it reported that an employment agency had called Dowler about a job vacancy, but didn’t take action “partly because their main focus was to find the missing schoolgirl and partly because this was only one example of tabloid misbehaviour,” according to the Guardian.

November 2005:

A News of the World item about his knee injury lead Prince William to believe that his aides’ voicemail messages were being listened to by a third party. Three royal aides also noticed that new voicemails were showing up as old. Months later, the New York Times reported, News of the World editor Clive Goodman wrote a piece about Prince Harry’s visit to a strip club that quoted a voice mail message from his brother William word-for-word.

January 2007:

Goodman (right) and private investigator Glenn Mulcaire (left) received jail time for intercepting hundreds of voicemail messages meant for royal aides. The pair accessed the voice mailboxes of three aides 609 times, according to BBC News. An earlier search of Mulcaire’s home turned up “dozens of notebooks and two computers containing 2,978 complete or partial mobile phone numbers and 91 PIN codes; at least three names of other News of the World journalists; and 30 tape recordings made by Mulcaire,” reports the Times, but the pair were only charged for hacking the royal aides.

July 2009:

New allegations from the Guardian that NoW paid £1m to suppress evidence of phone hacking prompted Parliament to hold new hearings two years after News International exec Les Hinton (bottom left next to Murdoch) first testified that Goodman was the only person at NoW who knew about the hacking. At the new hearing, Coulson (top left) maintained that he was unaware of phone hacking during his time at NoW.

September 2010:

A New York Times piece alleged that phone hacking was pervasive at NoW and Coulson was aware of conversations about the practice, despite denying any knowledge about it. According to the Times: “‘Everyone knew,’ one longtime reporter said. ‘The office cat knew,’” and reporters “described a frantic, sometimes degrading atmosphere in which some reporters openly pursued hacking or other improper tactics to satisfy demanding editors.”

January 2011:

Coulson stepped down as communications chief, blaming media speculation that he knew about phone hacking during his tenure of NoW. News editor Ian Edmondson was fired after allegations of phone hacking, and new information prompted police to re-open the investigation on NoW.

April 2011:

The News of the World admitted its role in phone hacking in a public apology on its website and paper. Former editor Edmondson and reporters James Weatherup and Neville Thurlbeck were arrested on charges of intercepting voicemail messages.

June 2011:

Levi Bellfield was found guilty of murdering Milly Dowler, but a second charge that he had attempted to abduct another schoolgirl was abandoned after tabloid publicity made it impossible for the jury to reach a fair verdict. News of the World paid Sienna Miller £100,000 in damages after publishing 11 articles that used private information from her messages in 2005 and 2006, according to the Guardian.

July 2011:

Police notified Milly Dowler’s family that NoW intercepted and deleted the young woman’s voice mail messages, destroying possible evidence in the search for her killer. New evidence also shows that NoW targeted families of London’s 7/7 bombings.

July 8, 2011:

Andy Coulson, former communications chief to David Cameron and ex-editor of News of the World, was arrested in the investigation on phone hacking at NoW.

July 10, 2011:

The News of the World released its final issue after James Murdoch, head of parent company News Corp’s operations in Europe, made the decision to shutter the paper. The move was expected to “take some of the heat off immediate allegations about journalistic behavior and phone hacking.”

July 11, 2011:

Multiple news outlets reported that the Sun and the Sunday Times, also owned by parent company News International, had been hacking the voice mail box and other records of former Prime Minister Gordon Brown for years. The Sunday Times allegedly posed as Brown to obtain his financial records, and the Sun allegedly received details about Brown’s son’s cystic fibrosis. The revelations mark the first time allegations have targeted News International’s other papers.

July 11, 2011:

News Corp referred its bid to take over satellite broadcaster BSkyB to the Competition Commission, which will delay the deal by at least six months as the company awaits regulatory clearance. British leaders have called for Murdoch to drop the bid, with Labor Party leader Ed Millibrand calling the deal “untenable” and Liberal Democrat Nick Clegg calling on News Corp to “do the decent and sensible thing.”

July 13, 2011:

Rupert Murdoch withdrew its $12 billion bid for BSkyB, the largest pay-TV broadcaster in Britain, after the British government withdrew its support the day before. The deal, which would have substantially increased Murdoch’s foothold in the British media, appeared like it would sail through until last week. News Corp, which began to seek full ownership of BSkyB in March 2011, will keep its 39% stake in the company.

July 14, 2011:

The FBI launched a probe into allegations that News Corp. attempted to hack the phones of September 11 victims after Representative Peter King and other members of Congress wrote to FBI Director Robert Mueller demanding an investigation. Murdoch also agreed give evidence before a parliamentary committee. He had previously said that he was not available to attend the hearing, but relented after receiving a personal summons delivered to him and his son by a deputy sergeant-at-arms.

July 15, 2011:

Les Hinton announced his resignation as Dow Jones CEO, and Rebekah Brooks stepped down as chief executive of News International. Brooks presided over the News of the World during the phone hacking of murder victim Milly Dowler, and is scheduled to appear before a parliamentary committee next week. Murdoch also met with Dowler’s family to apologize.

July 17, 2011:

Brooks was arrested in connection with the scandal, throwing her scheduled appearance before Parliament on Tuesday into serious doubt. In addition, Sir Paul Stephenson, the head of Scotland Yard, resigned his position, becoming the highest-profile public official yet to lose his job because of the scandal. (The Met has itself been plunged into crisis for its lax handling of the scandal and for the corrupt ties police officers developed to News International.)

July 18, 2011:

John Yates, assistant commissioner of the British Metropolitan Police, stepped down after the resignation of chief Paul Stephenson the previous night. The scandal has focused on British police for failing to investigate evidence of News of the World’s phone hacking activities and for accepting bribes for information from tabloid writers. Yates decided not to reopen the investigation two years ago, saying he did not believe there was new evidence to consider.

July 19, 2011:

Rupert Murdoch, son James and former News of the World editor Rebekah Brooks testified in front of a parliamentary committee. All three insisted that they were not aware of phone hacking activities at the tabloid. Rupert Murdoch also made clear that he would not resign. Someone attempted to pie Murdoch in the face with shaving cream.

July 21, 2011:

A former editor and a top lawyer for the News of the World accused Murdoch of lying in his testimony that he had no knowledge of phone hacking at the tabloid. The two recall showing him an email between private investigation Glenn Mulcaire and then-reporter Neville Thurlbeck with transcripts of hacked voice messages. Sun editor Matt Nixson was fired following allegations that he knew about phone hacking during his time at the News of the World. The investigation also threatened to spread to other newspapers that were named for using a private investigator to illegally obtain information.

July 28, 2011:

The Guardian reported that the News of the World hacked the phone of Sara Payne, the mother of an 8 year old girl who was abducted and killed by a pedophile. The 2000 murder had prompted Rebekah Brooks to launch a campaign for a sex offender’s law in Britain now known as “Sarah’s Law.” The phone that the tabloid hacked may have been one that Brooks personally gave to Payne in the aftermath of the tragedy, which Payne had praised as for helping her “stay in touch with my family, friends and support network.”

August 16, 2011:

Clive Goodman, a former News of the World reporter, has alleged that there was a massive coverup of phone hacking at the tabloid. He was arrested for phone hacking in 2007, and now claims that former editor Andy Coulson offered to let him keep his job in exchange for saying that he was the only person at the tabloid who hacked phones. The allegations are deeply damaging to Coulson and Rupert and James Murdoch, who have all maintained that they knew nothing about phone hacking.

August 18, 2011:

Glenn Mulcaire, the private investigator hired by the News of the World to intercept voicemails, sued News Corp. over the payment of his legal fees. The company had been paying his fees since 2007 when he was found guilty of hacking the phones of aides to the royal family, but recently terminated the arrangement after Rupert and James Murdoch’s testimonies in Parliament. Mulcaire himself is the target of dozens of civil lawsuits filed by suspected victims of phone hacking.

August 19, 2011:

Glenn Mulcaire has been ordered to release the names of people who ordered him to hack the phones of six public figures. He is due to make the disclosure by the end of next week, as part of actor Steve Coogan’s lawsuit against News Group. The revelations threaten to blow the defense presented by News of the World editors, who claim they knew nothing about phone hacking.

August 22, 2011:

News breaks that the News of the World hacked even more of Milly Dowler’s voicemails than previously assumed.

August 26, 2011:

News International is continuing to pay Glenn Mulcaire’s legal fees, despite the company’s insistence that it would stop. The previous month, the private investigator had released the names of people who ordered him to hack phones, but the names were kept confidential.

September 13, 2011:

News International announces the discovery of thousands of new documents related to phone hacking.

September 19, 2011:

Milly Dowler’s family is slated to receive £3 million in a settlement with News Corp.

September 30, 2011:

Neville Thurlbeck, a former News of the World reporter, insists that he is innocent and was unfairly dismissed. His account contrasts News Corp.’s defense, which places Thurlbeck as the single rogue reporter responsible for phone hacking at the News of the World

October 5, 2011:

News International faces a lawsuit from the parent of a 7/7 London bombing victim, among at least 60 other lawsuits.

October 19, 2011:

Yet another lawyer has accused News International of misleading Parliament over its knowledge of phone hacking. Julian Pike, a partner of the firm that used to represent the company, said that he saw evidence that there were more journalists involved in phone hacking in 2008. His testimony came after the company signed with a new law firm and Pike was no longer bound by client-attorney privilege.

October 21, 2011:

Rupert Murdoch faced angry shareholders at News Corp.’s annual meeting. Shareholder after shareholder vented frustration with the company, and Murdoch struggled to remain calm, losing his temper at one point.

October 24, 2011:

James Murdoch has been called back to testify in front of Parliament for the second time on November 10. His testimony will focus on discrepancies in his account, given witnesses who have said that he signed off on phone hacking payouts to Gordon Taylor.

October 24, 2011:

Les Hinton, the former CEO of Dow Jones, testified about phone hacking in front of Parliament. The former publisher of the Wall Street Journal, who had previously testified on phone hacking in 2007 and 2009, denied that he misled Parliament in his past testimonies. He resigned in the summer, and was the most senior executive claimed by the scandal.

October 25, 2011:

James, Lachlan and Rupert Murdoch were all re-elected to the board of News Corp. despite huge shareholder opposition to their leadership. Their tenure was never in doubt, due to the company’s shareholder structure, but the majority of shareholders voted against James and Lachlan.

November 1, 2011:

A series of internal News International memos could be damning for James Murdoch, who is set to testify in front of Parliament for the second time next week. One of the documents was prepared for a meeting between James Murdoch and Colin Myler, the former editor who challenged his account of events, and specifically discusses the hacked voice mails. The notes of Julian Pike, then-lawyer for the company, also contain incriminating phrases like “paying them off.

November 10, 2011:

James Murdoch testified on phone hacking in Parliament for a second time. The younger Murdoch faced new evidence that he may have been aware of phone hacking at the time of his company’s settlement with footballer Gordon Taylor. He maintained his innocence, claiming that he was aware that Taylor had been hacked, but that he was unaware the News of the World had targeted others.

12/26/11

China vows to speed up convergence of TV, Internet, phone in 2012 – Xinhua | English.news.cn

BEIJING, Dec. 26 (Xinhua) — China will push ahead the convergence of television, Internet and telecom services in 2012, said Miao Wei, minister of Industry and Information Technology, Monday.

The government will expand pilot projects to all the municipalities, provincial capitals and other eligible cities next year, Miao said.

Last year, only 12 cities were chosen for the trial, including two municipalities, Beijing and Shanghai, and four provincial capitals, Harbin, Nanjing, Hangzhou and Wuhan.

The tri-network integration, which allows users to access television, Internet and mobile phone services through a single device, was listed in the government work report last year as one of the emerging strategic industries for priority development and slated for completion by 2015.

China achieved some progress in facilitating connections of broadcast and telecommunications networks in 2011 and was able to provide consumers with products and services, Miao said.

By the end of November, China’s Internet protocol television (IPTV) users have exceeded 11 million, while mobile video subscribers have surpassed 40 million.

via China vows to speed up convergence of TV, Internet, phone in 2012 – Xinhua | English.news.cn.

12/23/11

RQ-170 Sentinel Drone – How Was it Hacked?

RQ-170 Sentinel Drone hacked – Discussion Group – This is some of the threads from a security discussion groups about the RQ-170 that Iran has and how was it hacked.

gAtO – tHiNk-  Maybe you’all heard of the RSA hacking that happened this year. Well guess what- Military-band GPS (M-code) is protected against spoofing by the RSA cipher. Can we start to connect the dots. The RQ -170 was guided down by Russianequipment.

developed by Lockheed Martin - Hacked this Summer 2011 along w/ RSA

The aircraft’s presence was detected by peripheral installations that are part of the S300 antiaircraft system, and it was forced to land at a base in the desert region of Tabas, some 250km from the frontier with Afghanistan. Relations between Iran’s military industrial system, linked to the Guardians of the Revolution, or Pasdaran, and Russia’s GRU make it probable that Iran will share the drone’s secrets with the Russians. Did the Chinese or the Russian hack us this spring and summer.

It’s actually less likely that a stealth drone was using C-code GPS than it is that Iran stole the RSA red key to M-code GPS, but are we really talkin’ odds here?

Crypto-systems provide integrity & assurance, so we are either assured that the drone was not landed with GPS spoofing, or we are assured that the use of classified red-key RSA is compromised.

It isn’t well-known that M-code uses RSA, but it isn’t exactly a secret either, so I’m just surprised that apparently I’m the only person alive openly wondering about the relation of RSA integrity to the continuing claims of military GPS spoofing by Iran &/or Russia.
M-code was designed for an improved key distribution system, so they can ultimately recover integrity of GPS guidance so long as the keys were stolen and not compromised through advancements in factoring techniques.

References:
http://www.intelligenceonline.com/north-america/government-intelligencehttp://oeis.org/search?q=helkenberg

http://grothserver.princeton.edu/~groth/frs144s06/Presentations/Andrew_Presentation.ppt

http://news.softpedia.com/news/Experts-Question-Iranian-GPS-Attack-to-Capture-Drone-242310.shtml

http://www.syssec.ethz.ch/research/ccs139-tippenhauer.pdf

http://pastebin.com/u/ComodoHacker

Ron Started the discussion:

While it is reported that intercepting unencrypted drone communication data streams had first been known to US military since the mid-1990′s, this exploitation continued on into 2009 where militant laptops were found with drone data and unencrypted video feeds from Predator drones…

https://www.infosecisland.com/blogview/18778-How-the-RQ-170-Was-Hijacked.htmlby Ron Baklarz

Ray- If, as the CS Monitor claims, the effect was achieved through GPS, then I can think of three possible scenarios. I make no claim that these are reality – more information would probably change my hypotheses. All of these assume that the UAV’s control link was jammed – since this is a satellite link and satellites have weak transmission capability this is not difficult once the correct frequency is identified. Once the control link is severed, the UAV was probably programmed to return to base (although circling until the link is restored is another reasonable response).

Hypothesis #1. The Iranians have developed or gained the ability to spoof P-mode GPS transmissions, having cracked the three-(or is it six?) week Gold code protecting those transmissions. This would only work if the programmers who wrote the UAV software failed to put in a check that would notice the sudden change of position from Iran to hundreds of miles away in Afghanistan (systems and software error #1).

Hypothesis #2. The Iranians have acquired (possibly from the Internet) the capability to jam P-mode and spoof C/A-mode [1]. The UAV could not get a position fix using P-mode and fell back to C/A mode – this is like negotiating SSL down to no encryption while leaving the lock symbol in the victim’s browser. This type of ungraceful degradation, if it exists, would be systems and software error #2.

Hypothesis #3. The Iranians realized that the original developers and System Program Office of the UAV committed systems and software error #3 and used commercial GPS (i.e. C/A mode) in the UAV. This would allow the Iranians to hijack the vehicle with the least amount of capability – control link jamming and easily obtainable C/A spoofing. If this is the case, the developers and SPO were almost criminally negligent and the operations planners exhibited the arrogance of ignorance in risking the asset.

All three hypotheses depend upon systems and software engineering errors, some on multiple errors. Some folks will probably claim that these are not errors because they do not relate to the drone function. However, good systems engineering involves anticipating as many as possible of the future environments and circumstances of the system and preventing bad results up to the limit of the project resources.

Given the record of security problems in the UAV program (encrypting broadcast imagery with satellite TV encryption for which commercial cracks existed and running software environments susceptible to ordinary malware in control centers) my guess is that the third hypothesis is correct. After all, many of the UAV designs are from General Atomics, which got into this field based on their 70+ year history of building target drones. Target drones do not require security.

[1] Garmin and others sell reference transmitters for use in developing GPS equipment that could be repurposed to spoof C/A mode.

Andrei - The comms are also radio based .the encryption its breakable . Seems that the gps system was flawed – somebody admitted that was an known flaw and also admitted that it was matter of time till first drone will be “secluded ” by the enemy .

So the third option its viable in my opinion
Ps.Another question arise – if the gps hacking its true ( personally i have huge doubts that the drone was hijacked in this way) then what about the DGPS NAV ‘s security – its compromised ?( just asking – i dont need an answer)

Matt - DailyTech article [1] mentions GPS and links to the CCS’11 paper “On the Requirements for Successful GPS Spoofing Attacks” [2]. One comment may be of particular interest (?) [3]:

“If you look carefully, the wings were torn off and reattached. They’ve continually covered up the bottom, so it’s probably all torn up too. Maybe from a wheels-up belly landing.

These things are programmed to fly and land themselves. Depending on how those behaviors were layered, you can get all sorts of unintentional behavior in unusual circumstances. We ran into similar problems with our autonomous submarine while I was in grad school. Someone wanted sonar measurements of the ocean floor from 5 meters, so he went and changed the priority of the safety behavior keeping it more than 10 m from the bottom. The new priority resulted in the sub performing its entire mission with the nose buried in the mud. Turns out someone had forgotten to remove a behavior from an open-ocean mission. So the sub was now trying to dive down to 200 m in 20 m of water, without the safety behavior keeping it at least 10 m from the bottom.

I’m rather skeptical. You can’t just send a GPS signal telling the drone it’s in Afghanistan. GPS location works based on the time those signals arrive at the drone. To successfully pull this off would require tracking the locations of all the GPS satellites overhead at the time (they are moving at about 7 km/sec), correctly guessing at the drone’s location and velocity, then successfully spoofing the correct GPS signals at the correct time down to a few microseconds if not nanoseconds, while simultaneously blocking the real signals.

If you’re off by a few milliseconds, the GPS will say it’s over India. And if you’re off by a few nanoseconds, the GPS will tell the drone it’s flying sideways or backwards, or up or down. If you don’t transmit all the satellite signals correctly for the correct location and movement, the UAV will calculate one position from some satellites, a different position from others. Only 3 satellites are needed for a lock; any more are used to further refine the accuracy of the position. But if you don’t predict the drone’s location and spoof all these other satellites correctly, all these other spoof satellites would result in decreased accuracy, resulting in the AI deciding the GPS has failed and discounting the position it’s reporting.

All aircraft I’ve seen have multiple navigation systems (including inertial, which can’t be jammed), and any programmer worth his salt would put the UAV into a failsafe mode if the positions reported by these deviated significantly from each other. Large or inconsistent fluctuations in the GPS position would be grounds for the AI distrusting the GPS readings and prioritizing other navigational measurements like inertial. And to top it off, the military GPS signal is encrypted. You can jam it, but spoofing it is a whole nother ball of wax.

A malfunction still seems like the most likely cause. The spoofed GPS claim really sounds to me like BS by someone who’s never worked with navigation systems based on signal arrival times from beacons.”

[1] http://www.dailytech.com/Iran+Yes+We+Hacked+the+USs+Drone+and+Heres+How+We+Did+It/article23533.htm

[2] http://www.syssec.ethz.ch/research/ccs139-tippenhauer.pdf

[3] http://www.dailytech.com/article.aspx?newsid=23533&commentid=738000&threshhold=1&red=2520#comments

Andyhttp://youtu.be/rSLG3AS2YUw |

Public info
http://www.theregister.co.uk/2009/12/17/us_drones_hacked/ |
http://www.softpedia.com/get/Internet/Download-Managers/SkyGrabber.shtml
The Drone was not hijacked by GPS .It was a combination of ELINT ,HUMINT and a smart geek

Ray@Andy – the video downlink is an old issue we discussed on this forum a long time ago. That has nothing to do with the control and data links back to the operators.

Mathjis has made some good points about GPS hijacking. It might be possible if the ground reference transmitters were fed accurate information from a radar and the UAV was using C/A mode. Although C/A mode is normally as accurate as P mode, it can be degraded. GPS receivers make allowance for that degradation possibility. That gives a slightly larger margin of error for the spoofing. Normally, fast vehicles like aircraft have from six to twelve receiver “stacks” (originally separate receivers but now that separation is done in software). As Mathjis said, three satellites are used to obtain a fix – usually receivers use the three best signals (although geometry does enter into the calculation). The remaining receivers track other satellites so they’re ready when one of the top three is lost. Clearly, three ground reference transmitters are going to have the best signals. If the spoofing is done fast enough, the satellites they are “replacing” won’t be over the horizon before the receiver notices and the aircraft is not down. Of course, it’s possible that the receiver is programmed to accept ground reference transmitters – this is a common method to improve GPS in a local area. So far as I know, only commercial (C/A mode) receivers support this function.

Tony – Scot has a good writeup:
The RQ170 Affair: Spoofing, Jamming, and The GBAS
https://www.infosecisland.com/blogview/18912-The-RQ170-Affair-Spoofing-Jamming-and-The-GBAS.html

MAXIntel says Iran pointed a laser at the CIA satellite control node of the drone, and then used a program similar to skygrabber to lower the drone. Intel provides the Iranians picked up the crashed drone, after the satellite was jammed, and then used media to promote their propaganda it was intact when recovered. They also say they have a commander from Baghram Airfield they tracked from that air field that was an Iranian sent to penetrate into Iran for HUMINT data on this operation. I do know this. Irans capabilities as a military is growing innumerate. Do not underestimate a sale of laser jamming satellite equipment sold from Communist superpowers developing this technology. We are looking at a big mess here. While I have been away some things are not being resolved. I’m back. I suggest a team get on google chrome tv in the Iran media and get more data past what has been rebroadcast by Iran already to test our EWS systems. OK

We could start testing THEOL upwards instead of at missile ICBM’s.
Beware Iranian birds.
AngryBirds is coming to a THEOL drone near you.

Suj – I was wondering if the Iranians simply fried some of the key electronics. It was in their airspace after all. The UAV would simply come down reasonably hard — as it apparently did. What do you think?

Joel-WAY too many assumptions here, poor open source intelligence and not enough attention to simple physics.

One jams receivers, it is nearly impossible to jam a transmitter, DEW being the sole exception. Jamming the satellite transmitters on the satellite is nearly impossible and to jam three or more transmitters from GPS satellites simultaneously would have been international news front headlines.

If a directional antenna points upwards, at a satellite, it is very, very difficult to overwhelm an intended signal from a satellite from a ground transmission. SHF, VHF and UHF frequencies from the birds are line of sight transmissions and ‘bleed over’ does not occur, and certainly not from a ground transmission.
Geolocating a stealthy (can’t say stealth) RQ-170 while in flight is very difficult, targeting it with multiple systems is nearly impossible.
Read my blog, I’ve listed a number of other ‘laws of physics’ problems with this scenario. Occam’s razor: the controllers lost control or the bird developed an electrical or mechanical malfunction and glided to a landing.

@Sujeet, you might have a point, but the downward pointing sensors are not connected to the flight controllers. Using DEW on the aircraft as a whole might have blinded or disabled the craft, but I have not seen reports of a successful DEW program in Iran.

Max, DEW includes laser, but the power needed to overwhelm a receiving antenna is much greater than you can imagine. The physics needed to get a receiver to process the signal is not complex, but at the beginning of the equation “power” is practically off the charts to do what I outlined above. Then we’re thinking exact frequency (not in the lazer’s capacity), harmonics and still using it as a carrier wave. It is not ‘wave of the hand’ physics.

Also, the bird was controlled by proprietary software, the signal encrypted and ‘skygrabber’ is not the appropriate program.

Gee, wasn’t that easy?

Lory – ok maybe joel is right but then how did the bird land right near a battalion of guards that were waiting for it to land?
next question – someone on the inside, seems like the wheel are gone, but now they can see the electronics and figure some things out , no?
third question – what now? besides give it back what are the dangers?

Joel – Thanks, Lori! That’s probably the nicest thing anyone’s said about me in years, ‘I might be right!’

‘curious… I haven’t read the report about a battalion of guards. Kindly share a source? I’d be curious as to what kind of guards, were they part of the ‘EW unit’?

My guess? A roving patrol found it. I don’t think they have seismic detectors in enough places to detect a hard landing. Bottom line, until we see more details we’ll be left with more questions than answers.

Again, my guess, they haven’t figured out how to lower the wheels. It sure would look cool to have that puppy held up by its wheels, it made it look like the nicknamed “Beast of Kandahar”. They’re supposed to be figuring out the code, when they figure out how to control the wheels I suspect we’ll see a new picture. Was it just me or did the RQ-170 seem a little off on height compared with the pictures from Qandahar?

No way in H-E-Double Hockey sticks we’ll ever get that puppy back. It’s going to be dismantled and pored over for years and then put into some really neat museum “look how good we are!”.

Paul – “near a battalion of guards that were waiting for it to land” It would be great if you could expand on this important detail. Please feel free to contact me.

Thanks for the comments everybody!

Lorythat was what was written in the Israeli papers

HI Paul,
See the original quote from the Israeli media with translation.
..
google translate:
The Air Force Commander of the Revolutionary Guards, General Amir Ali Haz’izda, claimed that “recently, information-gathering intelligence and our means of tracking the electronics in this plane revealed a plan to penetrate the airspace of the country for espionage. After it entered the eastern parts of the country, the plane fell into the trap of our armed forces and landed in Iran with minimal damage. ”

Hope that helps.

By the way, i am gaining expertise in this field and would be happy to take part in “think tanks”. I wrote some articles that may be of interest. Thank you Lori

TonyI remember seeing my hapless cat sitting in front of our large glass windows when a bird ran into them and dropped at his feet. He looked around, picked up the bird in his mouth, and trotted off happily as if he had just made the kill himself. Point: given the source was the Iranian RG, I would take that info with a pound of salt.

gAtO- Joel is wrong again. It’s a know fact for years that weak GPS signals can be over-written, you don’t need signal coming from the top (satellite) jamming is an old technology and every military knows of this. The reason why the RQ-170 Sentinel crashed was because the altimeter was incorrect as Matthijs explained about the sub with it’s nose in the mud. The military is working on a private military-GPS network to correct these problems. Just a few years ago you could buy of the shelf software for 30$ and capture live video feeds from drones as the Iranians show us.

Remote control devices can be hacked it’s the nature of the beast simple encryption of all telemetry data could resolve this problem. As Mr Freed said the cat got the bird and a cat smile is all were going to get from Iran. China and the Russian will pay big bucks to get a look at this drone. The Iranians military were waiting for the drone the right place but barometric pressure messed up the landing cycle.

from one source -http://www.ufppc.org/us-a-world-news-mainmenu-35/10757-news-how-they-did-it-iran-landed-supersecret-rq-170-drone-by-overriding-weak-gps-signals.html

“The GPS navigation is the weakest point,” the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran’s “electronic ambush” of the highly classified U.S. drone. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”

The “spoofing” technique that the Iranians used — which took into account precise landing altitudes, as well as latitudinal and longitudinal data — made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the U.S. control center, says the engineer.

Our satellites use old outdated electronics and the software is older. The project life of a satellite is over 3 years to build and then launch into space orbit, longer in some cases. If you simply apply Morres law in 3 years time the electronics of that satellite is absolete before they launch it. Red Tape is one problem. That someone can hack older technology with systems 3 times faster and better should not surprise us. I worked on 2 satellites and one had a navigation system that could only be certified with a computer that used boolean gates as schematic and all transistors for every AND, NAND and OR gate.

Other countries ramp up and if somethings new comes they try it. I know their failure rate will increase without these safe guards but we can do a better job with CIA operation.
http://uscyberlabs.com/blog/2011/10/11/predator-drones-hacked-again/

Joel -gAtO, as earlier stated, Skygrabber is one of the programs available to download video, etc from a UAV. I’m not disputing that unencrypted video can be copied. My contention is it is far more difficult to hack a signal emanating from a UAV and somehow magically hack back into a transmitter. Physically impossible, sorry. I wrote a textbook on Electronic Warfare and have been working in EW for many decades. Now, remembering the laws of physics, once again, that video signal is not being transmitted to a local ground station, as in the case of Skygrabber utility, but to a satellite. After a bounce or two it is downlinked to a ground station. Incidentally, that ground station is not in the US and not where you might guess, I just confirmed this with one of the engineers working near the project, but not on it.

The altimeter was incorrect? Cool. How? Again, in this formula, stating “and then a miracle occurs” will not suffice. How was it hacked? Putting on a wizard’s hat and thinking ‘make it so’ will not a hack make. I challenged my last class of graduate students, all IT and IA professionals, to explain exactly which exploit they would use to hack into a number of unclass systems, I gave them four months, and not one single hack emerged. Just because a conspiracy theorist says ‘they hacked the system’ does not make it true, and I trust an Iranian engineer’s obviously ‘unbiased and totally uncoerced’ musings even less. Anything and everything emanating from Iranian sources is widely regarded by most professionals as complete rubbish.

About the GPS signals, they’re currently in Block II and Block III is being fielded (completion in 2014). All the assumptions I’ve read about GPS jamming have been addressed – for all US Intelligence Community and military systems. “United for Peace of Pierce County” is not a credible source, the Iranian engineer in that article is out to lunch and after speaking with four different seniors in the IC and Pentagon in the past week, the Christian Science Monitor article is complete hogwash.

As for the spoofing techniques, once again, the signal the GPS for this particular bird uses is encrypted, I’ve confirmed that. How in the heck do you spoof an encrypted signal coming from a minimum of three and up to nine satellites in near real time?

gAtO – Joel:

Bread goes in toast comes out – You can’t explain that!

I put the garbage at the end of the driveway, Gone when I get home – You can’t explain that!

If evolution were true, Why are there still monkeys? -You can’t explain that!

I understand your cavalier stance that all Iranian sources are just camel herders and know nothing about computer, programing or hacking. People from the middle-east know nothing but wear burkas and go around with swords and cut peoples heads off. For an educated person and a professor you sure show bigotry, being born in another country you would of failed me because all Cuban are “mango munchers” and know nothing about the laws of Physics like your (I’ll make a guess) white students do.

Every person not from the US is wrong they are all dumb foreigner who know nothing. This is exactly what the enemy wants to see a bigot so tight in his perfect box that nothing can change, nothing can go wrong in his perfect world. But the facts are they (the illiterate, uneducated Iranian) got the bird.
capital I – for respect not all Iranian are evil, just like all American were not baby killers (from the Vietnam days).

“You have back access to confirmed this with one of the engineers working near the project”.

People in TS government project just talk to anyone and all this information you quote has been cleared for this forum. I’m just a dumb Cuban boy, that defies the laws of physics, I am not your TOP students with a 220 IQ. To tell you the truth I do have a GED education nothing more nothing less, so I’m a nobody that knows nothing and will learn from my betters like yourself.

“That particular bird uses is encrypted, I’ve confirmed that”

Boy you seen to have all sorts of people that work on secrets project that blab to anyone and they post it on LinkedIn, that’s scary to throw government secrets out like that.

I guess I’m a wizard with a hat (sombrero) and hacked, the FBI, CIA, State Department, US Sanate, The Pentagon, Lockheed, RSA (ever heard of these guys) and many other companies that have such a secure network that they had a RAT in the DOD for over 2 years. Oh by the way some of these were 15-18 years old kiddies (LuzSec) with no knowledge of the “Laws of Physics taught by you” They just hacked them.

If you think everyone else is an idiot and your the only one right then – -I can’t explain that!

Drone goes up crashes down in enemy territory, -I can’t explain that!

You got gAtO – -I can’t explain that!

gAtO is sometimes a jerk, ah well.. mEoW mEoW