Cyberstrike
Page 39
The general consensus is that these devices are an extremely useful addition to the armoury of the United States of America, and the use of UAVs and UASs – unmanned aerial systems, a generic term usually applied to unarmed reconnaissance vehicles – has been increasing in recent years. In fact, it’s been increasing a lot.
It’s been established that there are over a thousand American military bases worldwide, and for a drone to operate from one doesn’t require anything like the infrastructure that would be needed to operate conventional manned aircraft. A fairly short concrete or tarmac runway, a small hangar or other building in which the drone can be kept and where maintenance work, refuelling and re-arming can take place, a handful of qualified pilots and maintainers and suitable communications, and that’s about it.
But as well as bases overseas located in or near potential or actual trouble spots, there are drone bases in at least thirty-nine of America’s fifty states and UAVs are an increasingly common sight to observers on the ground and an even more common sight to air traffic controllers sitting in front of radar displays. Not all of these drones are operated by the American military. American Customs and Border Protection use Predators to monitor the borders of the country, the Central Intelligence Agency operates a small fleet of UAVs for classified purposes – almost everything the CIA does is classified, obviously – and the Defense Advanced Research Projects Agency – DARPA – frequently flies drones over the continental United States.
What is perhaps more surprising is the range of organisations that possess Certificates of Authorizations or COAs that allow them to operate drones over America. These include police departments, colleges, universities and even a few towns and small cities. What characterises these UAVs, however, is the fact that they are unarmed and are normally used for tasks like surveillance, photographic reconnaissance and mapping missions.
Drones operated in the airspace above continental America by the military, on the other hand, are normally armed, and some of the bases used are in surprising locations. As is stated in this novel, two of them are in New York State. Syracuse, New York is the location of the Hancock Field Air National Guard Base, which operates Reapers, and fairly recently the American Army base at Fort Drum, also located in New York State, began training missions using Reapers, initially operated by qualified drone pilots from Hancock Field.
SSR Secondary Surveillance Radar
One common factor relating to drones flying in either military or civilian airspace is the requirement that they be identifiable, both to ground-based radar operators and to other aircraft. And, just like manned military and civilian aircraft, this identification is achieved by means of SSR – secondary surveillance radar – transponders. This word is an example of a portmanteau, a word made up from two other words, in this case ‘transmitter’ and ‘responder’, which is precisely how it functions.
The transponder receives an interrogation message on 1030 MHz and sends a reply on 1090 MHz. What it replies depends upon the type of aircraft it is fitted to. Military aircraft can transmit an IFF – identification friend or foe – signal, a coded message that can be read by military radar operators and fighter aircraft, while both military and civilian aircraft can transmit a code comprising 4,096 different options in the form of four digits that use the numbers 0 to 7, so 0000 to 7777. This code can be converted by a radar station using a system called code/callsign conversion to display the aircraft’s callsign, speed, and altitude if a Mode C transponder is fitted, along with its rate of climb or descent.
Within this allocation are certain reserved codes used to silently indicate the status of the aircraft, the most important of which are 7500 (hijacking), 7600 (radio failure) and 7700 (emergency), all of which are shown as enhanced returns on radar displays.
For drones, the carriage of SSR transponders is essential because many of these devices are too small to be seen with the naked eye until a mid-air collision might be unavoidable. The other side of the coin, obviously, is that flying a Reaper or a Predator over the badlands of Afghanistan with its SSR transponder unambiguously announcing its presence to any hostile unit equipped with a suitable radar and a truckload of SAMs is clearly a recipe for disaster, so the ability to remotely turn the transponder off and on is essential.
Hijacking or taking over a drone
It would be reasonable to expect that as the Predator and Reaper drones and their lethal kin are as well armed as a modern ground-attack aircraft, the designers and engineers would have ensured that their software was impossible to hack and made certain that their transmissions could not be intercepted or compromised. That expectation, sadly, has proved to be somewhat optimistic. The reality is that data transmitted from any device can be intercepted or jammed or disrupted in some way and this applies equally to an airborne drone and to its base station.
In December 2009 the Wall Street Journal published a headline that probably sent shivers down the collective spines of the American government and much of the US military machine. The headline read: ‘Insurgents hack US drones: $26 software is used to breach key weapons in Iraq; Iranian backing suspected’.
The suggested implications were frightening. If the Iranians genuinely had hacked their way into the control systems of the then $4 million Predator UAVs and were able to redirect the drones to release their missiles and bombs against Western targets, none of the Allied forces in Iraq and Afghanistan would ever be safe again.
Fortunately, like most claims of this sort made by the media, the headline was both hysterical and factually inaccurate in almost every single respect. There had been no hack, nor had there been a breach and as far as it could be established the Iranians weren’t involved in any way, though the Russians were, albeit indirectly. In fact, the only thing the headline actually got right was the price of the software involved: it cost $26 in the shady backstreet black markets of Baghdad.
What had actually happened was that an insurgent with a fair degree of technical know-how had obtained a piece of software produced in Russia called SkyGrabber, a program that was not designed to assist hackers in any way or to be used by them. In fact, it’s specifically intended to allow users to download televised football matches and movies and other stuff from satellite television channels without the inconvenience and expense of actually paying for them.
The insurgent loaded the software onto a computer, hitched the computer to a satellite dish and then began scanning the skies until he locked into a stream of video data being transmitted by a Predator drone. Unlike the transmissions and responses used in controlling the UAV, the video feeds from its cameras were not encrypted, so all that had actually happened was that an unauthorised individual had managed to log on to and record a transmission he wasn’t supposed to see.
So no breach, no hack and no Iranian involvement. All good news.
Unfortunately, almost exactly two years later the Iranians certainly did become involved with an American drone.
On 4 December 2011 American CIA operators lost contact with a Lockheed Martin RQ-170 Sentinel unarmed UAV, allegedly while over the airspace of Afghanistan though the Iranians claimed they had detected it some 140 miles inside their borders. The following day the Iranian government announced that its cyber warfare unit located in north-eastern Iran at Kashmar had taken control of the drone and had successfully landed it.
Western news sources initially stated that the Sentinel had been shot down, but this was obviously not the case as the Iranians quickly displayed the apparently intact UAV: if it had been hit by a missile or gunfire and had then crashed there would have been little left to put on show. Clearly, the Iranians had somehow taken control of the drone and managed to make it do a soft landing. The obvious question was how?
According to an unidentified Iranian engineer, they had successfully jammed both the satellite and ground-based control signals and then carried out a GPS spoofing attack that sent incorrect GPS data into the UAV’s navigation system. This data suggested to the drone’s n
avigation system that it was near its home base in Afghanistan and instructed it to land. The obvious problem with this suggestion is that the primary navigation aid on almost all of America’s manned and unmanned military vehicles, including the TLAM (Tomahawk Land Attack Missile), the MQ-1 Predator, the MQ-9 Reaper and the RQ-170, isn’t GPS but inertial navigation. This is the case because GPS signal jamming and spoofing is a fairly simple technique to employ, whereas the INS, the inertial navigation system, is internal to the craft and cannot be compromised.
But however they had done it, it was obvious that the Iranians had somehow managed to establish control over the Lockheed Martin drone at least to the extent necessary to persuade it do to a soft landing. Or soft-ish, anyway. If they did manage to feed incorrect GPS data into its system and had been able to generate a landing instruction, the drone’s controlling software would have assumed that it was landing on its home-base runway rather than some anonymous stretch of desert near Kashmar. There were some suggestions that the drone had suffered some damage, presumably on landing, which the Iranians had hastily patched up before putting it on display.
What is beyond dispute is that the Iranian government did take possession of the Lockheed Martin RQ-170 Sentinel, a fact unofficially acknowledged by the Americans on 6 December 2011. A somewhat optimistic request for the return of the drone by President Obama was haughtily rebuffed by the Iranian government, along with a complaint to the UN Security Council about the American violation of Iranian airspace by the UAV.
Having obtained the intact or largely intact and undamaged RQ-170, the Iranians then set about reverse engineering it to produce their own version. This was shown on Iranian television in May 2014 but was widely dismissed by Western observers as a mock-up rather than a working UAV. This was followed in November 2014 by claims by the Iranians that it had made a successful test flight and in September 2016 a statement that a UAV called Sa’egheh had entered service with the Iranian military.
Critics and disbelievers of these claims were silenced in February 2018 when Israeli forces shot down a Sa’egheh UAV. Examination of the drone showed conclusively that it was primarily derived from the RQ-170 UAV and that the design was both advanced and embodied Western technology.
Non-nuclear electromagnetic pulse weapon (NNEMP)
Known as an explosively pumped flux compression generator bomb, or more commonly as a non-nuclear electromagnetic pulse or NNEMP, or even just as an E-bomb, the weapon had its roots in a suggestion by theoretical physicist Arthur Compton back in 1925. Compton believed that the high energy photons generated by electromagnetic energy would be capable of freeing electrons from lighter elements, those with low atomic numbers, and that those freed electrons could then interact with the Earth’s magnetic field. That would produce a fluctuating electric current, which would in turn induce a very powerful magnetic field. This became known as the Compton Effect.
Nearly three decades later, in 1951, a Soviet physicist named Andrei Sakharov came up with a variant of this idea. He suggested that a non-nuclear electromagnetic pulse could be produced by using an explosively pumped flux compression generator, basically employing an explosive charge as part of a weapon to create fluctuating electric and magnetic fields. His work, and all parallel work on NNEMPs, remained classified for some years.
The idea surfaced again in September 2001 in an article in Popular Mechanics magazine which covered the design and concept of a flux compression generator bomb or FCG, a relatively simple but potentially devastating weapon that wouldn’t even be particularly expensive to manufacture. Such devices would be short-range weapons, with only about one millionth of the power of the EMP produced by a nuclear blast, but because of their comparatively small size they could be positioned close enough to their intended targets to ensure that they were effective.
It is known that the American military includes certain types of EMP weapons in its arsenal, and of course it is well known that very powerful EMPs are associated with the detonation of nuclear weapons. However, it is also well established that for some years the United States has concentrated on what are known as HPMs, high-power microwaves, weapons that have a similar effect to a NNEMP but use a different mechanism to achieve the same result.
The HPM, as its name suggests, is essentially a kind of hugely scaled up and focused microwave oven, the idea being that the device could be carried as part of the weapon load of a drone or cruise missile and the beam of microwave energy could be focused on ground targets, again disrupting or completely destroying electrical and electronic systems. This would allow the weapon to be reused, whereas an E-bomb only produces its EMP when it explodes, so it’s a one-shot device.
Acknowledgements
With thanks to Dame Janet Trotter CVO, Nicola Whiting MBE, Richard Berry, Cameron Rogers, Hal Evans, Angela Edwards and Barbara Spooner MBE.
The Ben Morgan Thrillers
Cyberstrike: London
Cyberstrike: DC
Find out more
About the Authors
James Barrington is a trained military pilot who has worked in covert operations and espionage. He has subsequently built a reputation as a writer of high-class, authentic and action-packed thrillers. He lives in Andorra, but travels widely. He also writes conspiracy thrillers under the pseudonym James Becker.
Richard Benham is best known globally as a pioneer in the world of Cyber Security, Artificial Intelligence and Cyber Warfare. As an academic in 2014 he created the first MBA in Cyber Security that was launched at a cross party event at The House of Commons and received the personal support of the Prime Minster. In 2016 he formed the charity The Cyber Trust to help protect vulnerable groups using technology. In 2017 he was nominated for the UK Digital Leader of the Year for his Cyber4Schools initiatives which has been adopted nationally by the National Police Chiefs Council. He is a council member of The Winston Churchill Memorial Trust, an Ambassador for The Diana Awards and the co-author of the Cyberstrike series.
Also by James Barrington and Richard Benham
The Ben Morgan Thrillers
Cyberstrike: London
Cyberstrike: DC
First published in the United Kingdom in 2021 by Canelo
Canelo Digital Publishing Limited
31 Helen Road
Oxford OX2 0DF
United Kingdom
Copyright © James Barrington and Richard Benham, 2021
The moral right of James Barrington and Richard Benham to be identified as the creator of this work has been asserted in accordance with the Copyright, Designs and Patents Act, 1988.
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher.
A CIP catalogue record for this book is available from the British Library.
Ebook ISBN 9781788639576
Print ISBN 9781800323940
This book is a work of fiction. Names, characters, businesses, organizations, places and events are either the product of the author’s imagination or are used fictitiously. Any resemblance to actual persons, living or dead, events or locales is entirely coincidental.
Look for more great books at www.canelo.co