Who or What Downed the RQ-170?

Saturday, December 17, 2011

Joel Harding



Iran is claiming that an electronic warfare unit downed a US RQ-170 by a “cyber attack“. I had to smile as I mulled through all the various permutations of how this could be possible. 

When I received a phone call from one of the smartest reporters I know, after I read through a hailstorm of other people guessing as to why it couldn’t be cyber, why it couldn’t be EW, why it had to be all sorts of reasons, and after I spent a very pleasant lunch reviewing a few of the reasons, I decided I’d like to wade in on this discussion with a blog.

Electronic Warfare: Most EW jams receivers, plain and simple. The idea is to overwhelm a receiver so that no data is received, or that data appears altered or indecipherable.  Let’s assume the drone was hovering at 40,000 feet, it takes a LOT of power to overwhelm the receivers on the top of an RQ-170, which are pointing up at satellites. The biggest obstacle is distance, radio waves actually do dissipate quickly – which means they fade out quickly. 

Next is humidity, then we have airborne air particles, then the troposphere/stratosphere (which bend radio waves), and so on.  Radio waves usually travel line of sight, which means in a straight line, especially the UHF, VHF and SHF bands normally transmitted by satellites, the radio waves do not bend around an object, especially one so remote as to be at least 40,000 feet away.  

I say usually, because there are exceptions, but highly unlikely those frequencies were used. The idea here would be to overwhelm a radio receiver, overload the system and cause it to go into what is most likely the default mode: “go home”.

One more small thing, the receiver is listening for a very discreet set of signals, so jamming most likely will be filtered out.  We’re talking a semi-sophisticated operation here, so if this was not a requirement built into the system, we should think about flogging the designer.

There is one exception in the world of electronic warfare and that is known as spoofing a signal, then again you have the same distance problems.  The key here would be to record a downlink signal from a satellite and retransmit it at a time and place of your choosing. 

If the signal is unencrypted it would be simple to manipulate the data and tell the system to land.  But, seeing as the UAV was reputedly a CIA asset, chances are the signal was encrypted.  This would make manipulating the signal highly unlikely.  Even rebroadcasting the original instructions would be saying “turn right” or “go to these coordinates” or “aileron up two degrees”...   definitely not “land now”.

Radio frequency: Satellites work on narrowband transmissions and they would have to have the exact frequency being used.  Predicting the frequency used is hit or miss, it frequently changes.

Cyber attack:  Oh come on now.  This would be a highly complex operation and I seriously doubt even the Russians have that capability.  First, you need to inject the proper commands into the system. “Land now”. 

Then, you’d have to establish a link through the Command and Control network from Beale Air Force Base or Creech.  We all know Creech was hacked, but the hack had no interface with the Command and Control network for the drones (I happen to believe what they’ve told us).  

I also somehow believe the CIA doesn’t use the Creech AFB facilities. But then again, who knows for sure?  So, step one is to establish the connection. Next would be to have the highly proprietary software needed to steer the aircraft. 

If the Iranians had that, they’d have to test it and don’t you think someone would notice?  If this was a first test and it was successful, kudos, but it’s highly unlikely. If the signal wasn’t encrypted, someone at the CIA needs to be publicly flogged…

More than likely the first explanation heard is most likely the truth.  Somewhere along the line, during the RQ-170s trip to conduct surveillance within Iran’s borders, the CIA lost control of the bird, most likely the result of an electrical or mechanical malfunction.  The drone shown in the newspapers is surprising mostly intact, only the landing gear is not shown.

If I had to guess the engine died and the bird slowly glided to the ground.  I can only guess, but most likely the Iranians have not figured out how to extend the landing gear. It also completely baffles me that there was no independent self-destruct mechanism, a public flogging would be in order.  Oh wait, we don’t live in Iran.  Scratch that.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Iran Military Cyberwar Drone Electronic Warfare RQ-170 Creech Air Force Base
Post Rating I Like this!
Max Yakov Agree in general with your view, except that it could have crashed hard in a flat spin as did the RQ-4 (YouTube video 'RQ-4 Crash at China Lake).

Also, we don't know what kind of self-destruct system it had, if any. Perhaps (if it had one), it failed for the same reason it crashed (ie. total loss of electrical power, for instance). If I were designing a self-destruct mechanism, I'd make it 'fail-safe'. That would be: 'fail-destructive'. I'd be tempted to make it entirely chemical/mechanical and not rely on aircraft power, once set. It would be triggered if the aircraft fell below a certain pre-determined altitude. The ground crew may not agree with such an approach, but could be ways to positively disarm it for safety.

It need not necessarily blow the aircraft into little pieces, but in this case, I'd bet that our intel folks and everyone else with us wish that such a device had.
Jason Blackstone I agree with everything stated above. I feel the safest solution is that the aircraft lost electric power and maintained its heading until slowly drifting to the ground. Any loss in communication is not conceivable as there are numerous catch all's established in small drones alone to combat these occurrences let alone a multi-million dollar aircraft. I assume the aircraft began to show issues and we turned it around toward "home" when the aircraft failed. An electronic issue is the only thing I can come up with as to why a self destruct feature was not utilized unless nothing of the sort was even installed. I again agree with Max when he requested a mechanical/chemical mechanism rather than electronic would have worked the best.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked