Military Hackers Turn To Commercial Electronic Attack Tools

Team Infidel

Forum Spin Doctor
By David A. Fulghum and Robert Wall
China’s integrated air defenses—based on cheap, sometimes stolen digital technology—are now considered potentially more threatening to the U.S. than Russia’s. The wholesale use of commercial products has made Chinese networks flexible, easy to upgrade and tough to exploit.
That opinion, rapidly taking hold in the U.S. electronic warfare community, is part of the tsunami of air defense ana­lysis following Israel’s demonstration of its ability to shut down Syria’s Russian-built air defenses long enough to conduct a bombing raid—and then allowed the radars to come back on in time to see the Israeli aircraft disappearing over the border (AW&ST Nov. 26, 2007, p. 2.
China’s air defense expenditures are calculated by aerospace officials as only one-tenth of what’s invested by the U.S. The Chinese systems are affordable, in part, because of the regular use of stolen U.S. technology—described as “Cisco in Chinese,” by one specialist. The telecom companies that conduct and exploit the thefts are run by former People’s Liberation Army generals. The low cost allows rapid updating and proliferation of these defenses, which is one of the best ways to confound attack planners.
“The Chinese, like many countries without billions to spend on defense, are figuring out how to leverage all that commercial technology into their military capabilities,” says Rance Walleston, BAE Systems’ director of information operations initiative and information warfare. “We’ve spent a lot of time looking at Chinese technologies. They’re not building many unique devices. Their integrated air defense system [IADS] uses commercial standards,” such as GSM and voice over Internet protocols (VOIP).
The Syrian raid—which involved air-to-ground and network-to-network electronic invasion of a Russian-built IADS—is convincing some that custom-built, highly specialized and expensive air defenses with long development times are decreasing in deterrent value. In fact, they have become victims of their own uniqueness. Because they were hard to develop and field, they aren’t often modified. That gives electronic warriors the time to conduct analysis and build countermeasures.
But last year’s events haven’t changed U.S. government views of the threat.
“A lot of the threat models used to evaluate whether new programs work are outdated,” says a participant in electronic warfare and network attack since the 1992-95 conflict in Bosnia. “They are Soviet-era models. Where are the people who are thinking about what the Chinese IADS really look like? The Israelis are already running up against different defenses now that they’ve highlighted some of the weaknesses in Syria’s air defenses.”
But some senior U.S. Air Force officials disagree.
“The Chinese have been spending significant amounts for years on their IADS, and while they do exploit commercial technologies, they also buy and co-develop advanced missiles and radars with the Russians and others,” says a former top USAF acquisition official. “Network attack has been an integral part of taking down an IADS for years and is integral to all of the major modeling activities.”
U.S. intelligence analysts point out that in air defense, like other areas, China is pursuing multiple paths that include embracing purchased systems as well as developing their own high- and low-end solutions. The same is the case in air defense, they note, where the Chinese are buying Russian systems and also developing their own versions based on what they learn from the acquired systems.
That inability to change quickly also is reflected in U.S. defense acquisition practices. For example, “the U.S. still insists on building a lot of unique radios when they could use the commercial infrastructure and then build their own gear to encrypt it for the last mile [of wireless communications in combat],” the EW specialist says.
“Why spend billions on [joint tactical radios and future combat systems] that they can’t make as well the commercial companies? Why build high-power, aerial standoff jammers when there are cheaper and more sophisticated ways to do that mission with finesse [using lower-power data streams packed with algorithms to disrupt, mislead or take over enemy systems]? If you believe the trend in insurgent or terrorist command and control is toward low-power communications, what is a B-52-based jammer going to do? If I stand off 100 mi., there’s no way I’m going to have any impact on these threats.”
Again, the Air Force official objects.
“Commercial standards have been an integral part of military systems for years,” he says. “The major standards coming out of the [Network-Centric Operations Industry Consortium] are all commercially rooted. The U.S. government builds unique radios for reliability and ruggedness, just as they buy unique computers that are commercial-based but rugggedized. Major programs like the Future Combat System are strongly network-based and fully exploit commercial technologies and standards.”
There also are some intrinsic benefits to using commercial technology for military networks.
The Chinese are using VOIP, which causes big problems for the U.S. because there’s no wireless signal transmitted that can be easily intercepted, say U.S. intelligence officials. Hezbollah has adopted the same system for communications in southern Lebanon so that they can’t be intercepted by Lebanese or Israeli analysts. The command-and-control network is then invisible in the RF spectrum. The move was necessary because the Israel Defense Forces have become adept at tracking cellular traffic.
European officials are watching the shift with interest, too, although with a broader concern about network vulnerabilities than specific VOIP issues. Military planners in Europe note that they may need to follow the U.S. Air Force lead in focusing resources on protecting against network attacks, particularly in the wake of last year’s efforts from Russia to shut down Estonia’s Internet connectivity over a political dispute.
But at some point, any tactical communication system has to go wireless. Therefore, another technology being pursued by the Chinese for military use is the High-Powered Cordless Phone. The country doesn’t regulate power output of the microwave-frequency phone. One benefit is that it can be used to communicate between buildings with just the cordless handset without bothering with a base station. That allows the devices to create private networks by using just the intercom mode. Because they can communicate over several miles, chains can be set up over long distances.
 
But there also are problems. The technology is being eyed as part of the target set for U.S. intelligence collecting. Moreover, the high-power microwaves can inflict long-term physical damage to the user.
“Network warfare has been done for some time,” says the intelligence official. “The difference now is that it’s being integrated as part of an overall combined operation. The Israelis’ raid on Syria wasn’t just about shutting down the radars and blowing up the building. There were a lot of integrated operations that had to happen to make the raid successful. Cyberwarfare information operations was one component of what went on there.”
The U.S. Marines, both aviation and radio battalions, have been quick to realize the value of being able to call up an electronic attack (EA) and create a “cone of silence” even at the squad level.
“The Marines are being very progressive,” says Walleston. “Now that they have all the experience fighting the asymmetric threat, they understand what they’re really up against. If you talk to the EW guys, they’re convinced that this is a commercial technology war because the [militants’] command and control could be any of a number of commercial technologies from cell and satellite phones and even cheap Motorola FRS [family radio service] hand-held two-way radios.”
Regarding the theme of going wireless for communications across the last mile of a battlefield, that jump opens up a vulnerability for anyone using a laptop or other wireless standards to connect with the Internet.
“Those are the threats the Marines are talking about,” says Walleston. “When they went into Falluja, they were up against a wide collection of commercial computer and telecommunications standards—a bunch of guys with PDAs [and] Blackberries that can communicate with multiple computer networks via some standard link such as WiMax.”
The wireless device transmits an RF signal, finds a connection and takes the user into the Internet. That’s called [crossing] an “air gap.” In the past, signals intelligence units were looking for tactical radios. Now they’re looking for commercial wireless devices that the enemy uses for command and control.
“The Marines figured out this local command-and-control approach very early,” says Walleston. “Now they’re trying to create electronic attack capabilities that can be used like digital munitions.” But they refuse to deal in typically classified capabilities and are employing an open architecture concept allowing full integration of air and ground forces. When we discuss capabilities we might have in the cyber-warfare domain, they say we only want to know about things we can use on the battlefield.”
One result is a joint concept technology demonstration called the Collaborative Online Reconnaissance Provider/Operationally Responsive Attack Link (Corporal). Northrop Grumman provides the network and BAE Systems handles the electronic attack piece. The system deals with a new domain called network-enabled electronic attack (AW&ST Sept. 3, 2007, p. 60; Apr. 9, 2007, p. 46).
“It connects nontraditional ISR systems with tactical-level EA capability and brings it to the point on the battlefield where it’s needed,” says Walleston. “Instead of having an electronic standoff weapon that only a few people understand and only sometimes gets used, they are giving the capability directly to the guy that kicks down the door. The platoon leader has a tactical PDA that gives him two-way comms and situation awareness from UAVs flying overhead.”
When the Marine with the PDA requests “digital fires,” he wants a cone of silence to be created over the immediate area that disables enemy communications, say U.S. Marine Corps officials. The network then would do asset synchronization to determine what ISR and EA assets are in the area. If there are none, it would redirect one, perhaps a UAV, to fly in and turn on the requested support. The capability to take on a wide range of telecommunication threats would be pre-loaded in the UAV. A number are already being used for experimentation, including the Shadow 200 and Predator.
The goal is to develop payloads for all the platforms that can perform all the required network ISR and electronic attack missions. As they come into the area of operations, they are logged on automatically to the network through a common antenna set that’s patched on the exterior of the airframe.
A network server keeps track of everybody, where they are and what capabilities they have. It might tell an F-15 to turn on its EA system as it flies by. It’s then replaced by an EA-6B, a helicopter or a UAV, each carrying the same small, multifunction payloads.
There will be a demonstration of network-enabled electronic attack for the Corporal JCTD within two years. An interim version, demonstrating PDA-controlled attack from a UAV, will be tested with the Marine Corps’ Wolfpack platoon in August.
 
Back
Top