Not all cyber attacks have to destroy or disable.
A near-peer state could employ a ‘hacker’ team in Estonia. The team has the use of a botnet on compromised UK NHS computers. This botnet could be used to attack a software-defined radio on a mobile-phone mast in a military area of operations, and programme it to broadcast spoof GPS signals.
A botnet is a collection of compromised computers infected with malware allowing remote control. Botnet owners usually control infected machines through methods such as IRC (Internet Relay Chat) to commands malicious activities such as DDoS attacks or bulk-send phishing emails.
Military GPS Encryption: The P(Y) and c/A codes
It is possible to spoof un-encrypted civilian GPS signals, but military GPS receivers have exclusive access to use the encrypted P(Y)-code to communicate with satellites.
This code consists of a series of ones and zeroes generated at a rate of 10.23 million bits per second, ten times the frequency of civillian c/A codes. It is so complicated that at first, the signals would appear to be noise. When the P(Y) code is encrypted, it’s called “Y-code” and only military receivers with the encryption key can receive it.
Cyberwarfare: The Captured U.S. RQ-170 Drone
Although very uncommon, military GPS has been successfully exploited before. In 2012 a US RQ-170 Sentinel UAV (unmanned aerial vehicle) was captured by Iran’s Revolutionary Guards flying over the country’s airspace. Iran claims to have spoofed the drone’s GPS system with false coordinates, fooling it into landing prematurely near the city of Kashmar in northeastern Iran.
How was it done? Avoiding decryption
Despite their bold claims, the notion that Iran could have cracked the the p(Y) encryption should be faced with skepticism. In fact, it is possible that Iran could have captured the US drone without it.
GPS satellites transmit on two legacy radio frequencies – the C/A code transmitted on L1, and the P(Y) on both L1 and L2. If the Iranians were able to jam the encrypted military code and force the drone into autopilot, then the drone could default to the C/A code for GPS updates and directions. Without encryption, it would be much easier for Iran to spoof the C/A code and fool the drone into accepting a spoofed position.
Cyber- Beyond Shutting Things Down
Cyber warfare should be viewed as much more than shutting down computers. For example Wannacry was used to extort money, despite shutting down over 300,000 computers in the process. We will cover more examples in future blog posts.