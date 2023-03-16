Comment on this story Comment Gift Article Share

Below: Law enforcement shutters a cryptocurrency mixer, and a finance regulator unveils new anti-hacking proposals. First:

A downed drone highlights a vulnerable technology

The U.S. military wiped the electronics of the drone downed over the Black Sea this week after an encounter with Russian warplanes in a bid to reduce its intelligence value, a U.S. official said.

Moscow said it would try to recover the wreckage. It’s just the latest incident indicating the potential for collecting information from drone electronics, which have a track record of being vulnerable to cyberattacks.

“[B]efore the drone was put down, operators took steps to wipe its electronics in hopes of rendering the wreckage useless for intelligence collection,” my colleagues Karen DeYoung and Dan Lamothe wrote in their story. “Yet while efforts were made before the crash to ‘minimize’ any useful content Russia might obtain from the drone, those steps are ‘not foolproof,’ [National Security Council spokesman John] Kirby said. ‘We did the best we could to minimize any intelligence value that might come from anybody else getting their hands on it.”

“The important thing to remember about drones is that they are a weaponized version of any other hunk of metal that has a computer in it” like a refrigerator or robotic vacuum cleaner, Tarah Wheeler, CEO of cybersecurity company Red Queen Dynamics, told me. “The truth is that any machine that has a computer in it has a lot of the same problems as any other hunk of metal with a computer in it,” she said. For example, they all have to apply security updates.

The drone in question, an MQ-9 Reaper manufactured by General Atomics, is primarily used to collect intelligence in support of reconnaissance and strike missions, according to the Air Force. The company did not respond to a request for comment about what kind of data might have been on the downed drone.

Footage published by the U.S. military’s European Command on March 16 showed the moment two Russian fighter jets intercepted a U.S. drone over the Black Sea. (Video: United States European Command)

Past drone incidents

The valuable information that military drones collect and process, in general, makes them appealing hacking targets. Industry officials say there’s an ever-growing demand for onboard data processors for military drones that handle photo, video, radar, electronic warfare information and more. Chinese dronemaker DJI, the world’s biggest manufacturer of commercial drones, suspended operations in Russia and Ukraine during their war, where drones have played a major role. DJI says its drones capture information like the drone’s flight path, as well as the photos and videos the drones took.

Experts warn that hackers could try to take over a drone entirely or intercept data transmitted between a drone and its pilot. For instance, Iraqi insurgents had intercepted video feeds of U.S. drones, “potentially providing them with information they need to evade or monitor U.S. military operations,” the Wall Street Journal reported in 2009.

In 2011, there were two significant cyber-related drone incidents:

Iran claimed it brought down a U.S. drone via a cyberattack. It later asserted it had penetrated the drone’s systems and was using it to build its own version. U.S. officials denied that a cyberattack downed the drone.

A computer virus infected U.S. Reaper and Predator drones, Wired reported , allowing any attackers to log all their pilots’ keystrokes. It’s possible, U.S. officials said, that the infection was accidental.

A 2016 academic study of cyber vulnerabilities in drones, also known as unmanned aerial vehicles (UAVs), said that “information received from UAVs is … vulnerable to interception and exploitation.” The study outlined several more cyber incidents involving drones. “Given the rapid pace of development of military UAV technology and the absence of more recent public exploits, it can be assumed that measures to prevent such simple interceptions are now in place,” it said.

But there have been other cyber incidents involving drones since, including — in a turnabout last year — the use of drones to conduct cyberattacks. In 2018, cybersecurity firm Recorded Future found a hacker selling stolen Air Force manuals for U.S. drones on the dark web. And Iran is nearing the capability to hack U.S. and Israeli drones, ClearSky Cyber Security CEO Boaz Dolev said in November.

Wheeler wrote an article with fellow cyber expert Bruce Schneier for the Brookings Institution think tank in 2021 warning that “hacked drones” are part of the wave of the future for warfare.

The Government Accountability Office has dinged the Department of Defense multiple times over cyber safeguards for the Pentagon’s weapon systems, including that same year, when it warned that “DOD is still learning how to contract for cybersecurity in weapon systems, and selected programs we reviewed have struggled to incorporate systems’ cybersecurity requirements into contracts.”

Wheeler and Schneier asserted that military software wasn’t likely to be any more secure than commercial versions. In addition to the fundamentally similar nature of commercial and military software, and the demonstrated track record of cyber shortcomings, Wheeler told me there was another reason for that.

“The private sector and the information security community have developed a very good method and set of norms and standards around how and why and when we report and expect vulnerabilities to be fixed,” said Wheeler, senior fellow for global cyber policy at the Council on Foreign Relations. “That process is not transparent at DOD.”

Without that, she said, some of the security issues for DOD products “will not have come to light when they could have or should have in a different process.”

The keys

DOJ, international law enforcement shutter cryptocurrency mixer

The Justice Department announced Wednesday it led an international effort to take down ChipMixer, a popular cryptocurrency mixing service that prosecutors said had been used to launder the proceeds of high-profile hacks.

The takedown operation involved seizing two domains, the ChipMixer service’s servers, more than $46 million in cryptocurrency and a GitHub account linked to the service. A Vietnamese national, Minh Quốc Nguyễn, was also charged in Philadelphia for money laundering and being connected to the service, the Justice Department said in a release.

ChipMixer’s website now says that the “platform and the criminal content have been seized,” Lorenzo Franceschi-Bicchierai of TechCrunch reports.

A press release from Europol said major ransomware groups including Zeppelin, SunCrypt, Mamba, Dharma or LockBit used the ChipMixer service. North Korean cryptocurrency hackers and Russian military hackers also used the service, according to the Justice Department. Europol said that Belgian, German, Polish and Swiss authorities aided in the takedown.

Russian hackers prepping new wave of cyberattacks, Microsoft reports

Russian cyber operators will continue conducting espionage attacks against Ukraine and its partners, according to a blog post and report released Wednesday from Microsoft’s Digital Threat Analysis Center (DTAC).

While Russia’s hybrid warfare attempts have not gone to plan, Moscow is adjusting its techniques to prepare for more destructive attacks in Ukraine and possibly beyond, DTAC general manager Clint Watts said in the blog post.

Meanwhile, Microsoft on Tuesday disclosed a now-patched Outlook vulnerability that has been used by Russian spies to infiltrate European military networks. Mandiant, which is owned by Google Cloud, said it believes “the zero-day has been used for almost a year to target organizations and critical infrastructure” and that the vulnerability may facilitate more attacks inside and outside Ukraine.

“This is more evidence that aggressive, disruptive and destructive cyberattacks may not remain constrained to Ukraine and a reminder that we cannot see everything. While preparation for attacks do not necessarily indicate they are imminent, the geopolitical situation should give us pause,” said John Hultquist, who heads Mandiant Intelligence Analysis.

Financial markets regulator unveils new anti-hacking, data theft policies

The U.S. Securities and Exchange Commission voted to release a set of new proposed policies aimed at protecting the financial system against hacking and data theft, Douglas Gillison reports for Reuters.

The vote now opens a period in which the public can submit comments to the agency about how to best craft rules for the policies. The policies would require broker-dealers and money managers to immediately notify the SEC of significant incidents, maintain breach detection and response programs, and notify victims within 30 days.

The vote is part of an SEC effort to govern how major financial institutions and intermediaries such as clearing houses and stock exchanges shield themselves from cyber intrusions and system failures, the report said.

