More like this

Security

Israeli drones and jet signals slurped by UK and US SIGINT teams

Snowden docs reveal Project Anarchist

Israeli Heron drone

The NSA and Britain’s GCHQ have access to the video feeds of Israel’s fleet of drones and aircraft, according to new documents.

The spy agencies have intercepted data streams containing videos, pictures and GPS data from Israeli jets and drones since at least 2008, according to Snowden-supplied documents seen by The Intercept in a project codenamed “Anarchist". Drone feeds from Iranian aircraft have also been picked up.

Such signals are routinely encrypted, but GCHQ reported success in decrypting them using an open source tool designed for unscrambling cable feeds called Antisky. The pictures then need further refinement to produce a finer-grained image using the open source Image Magick code.

According to an Anarchist training manual the technique has been used on encrypted signals since 1998 and says it commonly bruteforces the encryption for simplicity's sake. There are, however, a “number of known attacks”.

“The computing power needed to descramble the images in near real time is considerable,” the manual says, but “it is still possible to descramble individual frames to determine the image content without too much effort.”

Cyprus

The surveillance is carried out using instruments on in the mountainous Royal Air Force base of Troödos on the island of Cyprus: its location giving it unparallelled access to signals in the Middle East and North Africa.

The team is a combined US and UK operation and Snowden documents show it is developing its operations. According to a March 2008 article in SID News, an in-house NSA newsletter, the Anarchist team successfully tapped into the video feed of its first F-16 jet flown by the Israeli Air Force on operations.

And then in a July 2008 memo, GCHQ told the team it wanted increased surveillance of drone traffic because of the worsening political situation in the Middle East. Targets of interest were the Golan Heights, the West Bank and Gaza Strip, and Israel’s borders with Lebanon and Syria.

“Due to the political situation of the region there is a requirement for Israeli UAV operations in certain areas to be intercepted and exploited so that assessments can be made on what possible actions maybe [sic] taking place,” the request reads.

Data in the Snowden documents shows multiple feed taps by the Anarchist team over the next four years, not just of the Israelis. In February and March 2012 the team intercepted video from an Ababil III Iranian-made drone flying out of a Syrian Air Force base that attracted “presidential interest.”

Not for the first time

This kind of drone hacking isn’t uncommon - reports suggest US drone video feeds were being hacked by Iraqi insurgents back in 2009. From the released documents it also appears that there are limitations - the team only managed to get 14 seconds of footage from the F-16 and some of the images are of questionable quality.

It's also not clear whether the Anarchist team still has the ability to read the feeds. A GCHQ report states that in April 2010 the team picked up a drone signal that had been upgraded to carry multiple video feeds and that this was causing some decryption problems.

"We currently have no collection systems capable of processing this signal due to the high data rate and the complexity of the underlying data," it states, but adds that there are "a number of SIGINT collections solutions," that could do the job if necessary.

GCHQ, the NSA, and the Israel Defense Forces declined to comment on the issue. The NSA acknowledged receipt of an inquiry but did not respond to questions by the time of publication. ®

Sponsored: Global DDoS threat landscape report