[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Military Hackers Turn To Commercial Electronic Attack Tools


By David A. Fulghum and Robert Wall
Aviation Week & Space Technology
Jan 20, 2008

Chinas integrated air defensesbased on cheap, sometimes stolen digital 
technologyare now considered potentially more threatening to the U.S. 
than Russias. The wholesale use of commercial products has made Chinese 
networks flexible, easy to upgrade and tough to exploit.

That opinion, rapidly taking hold in the U.S. electronic warfare 
community, is part of the tsunami of air defense analysis following 
Israels demonstration of its ability to shut down Syrias Russian-built 
air defenses long enough to conduct a bombing raidand then allowed the 
radars to come back on in time to see the Israeli aircraft disappearing 
over the border (AW&ST Nov. 26, 2007, p. 28).

Chinas air defense expenditures are calculated by aerospace officials as 
only one-tenth of whats invested by the U.S. The Chinese systems are 
affordable, in part, because of the regular use of stolen U.S. 
technology - described as "Cisco in Chinese", by one specialist. The 
telecom companies that conduct and exploit the thefts are run by former 
Peoples Liberation Army generals. The low cost allows rapid updating and 
proliferation of these defenses, which is one of the best ways to 
confound attack planners.

The Chinese, like many countries without billions to spend on defense, 
are figuring out how to leverage all that commercial technology into 
their military capabilities, says Rance Walleston, BAE Systems director 
of information operations initiative and information warfare. Weve spent 
a lot of time looking at Chinese technologies. Theyre not building many 
unique devices. Their integrated air defense system [IADS] uses 
commercial standards, such as GSM and voice over Internet protocols 

The Syrian raidwhich involved air-to-ground and network-to-network 
electronic invasion of a Russian-built IADSis convincing some that 
custom-built, highly specialized and expensive air defenses with long 
development times are decreasing in deterrent value. In fact, they have 
become victims of their own uniqueness. Because they were hard to 
develop and field, they arent often modified. That gives electronic 
warriors the time to conduct analysis and build countermeasures.

But last years events havent changed U.S. government views of the 

A lot of the threat models used to evaluate whether new programs work 
are outdated, says a participant in electronic warfare and network 
attack since the 1992-95 conflict in Bosnia. They are Soviet-era models. 
Where are the people who are thinking about what the Chinese IADS really 
look like? The Israelis are already running up against different 
defenses now that theyve highlighted some of the weaknesses in Syrias 
air defenses.

But some senior U.S. Air Force officials disagree.

The Chinese have been spending significant amounts for years on their 
IADS, and while they do exploit commercial technologies, they also buy 
and co-develop advanced missiles and radars with the Russians and 
others, says a former top USAF acquisition official. Network attack has 
been an integral part of taking down an IADS for years and is integral 
to all of the major modeling activities.

U.S. intelligence analysts point out that in air defense, like other 
areas, China is pursuing multiple paths that include embracing purchased 
systems as well as developing their own high- and low-end solutions. The 
same is the case in air defense, they note, where the Chinese are buying 
Russian systems and also developing their own versions based on what 
they learn from the acquired systems.

That inability to change quickly also is reflected in U.S. defense 
acquisition practices. For example, the U.S. still insists on building a 
lot of unique radios when they could use the commercial infrastructure 
and then build their own gear to encrypt it for the last mile [of 
wireless communications in combat], the EW specialist says.

Why spend billions on [joint tactical radios and future combat systems] 
that they cant make as well the commercial companies? Why build 
high-power, aerial standoff jammers when there are cheaper and more 
sophisticated ways to do that mission with finesse [using lower-power 
data streams packed with algorithms to disrupt, mislead or take over 
enemy systems]? If you believe the trend in insurgent or terrorist 
command and control is toward low-power communications, what is a 
B-52-based jammer going to do? If I stand off 100 mi., theres no way Im 
going to have any impact on these threats.

Again, the Air Force official objects.

Commercial standards have been an integral part of military systems for 
years, he says. The major standards coming out of the [Network-Centric 
Operations Industry Consortium] are all commercially rooted. The U.S. 
government builds unique radios for reliability and ruggedness, just as 
they buy unique computers that are commercial-based but rugggedized. 
Major programs like the Future Combat System are strongly network-based 
and fully exploit commercial technologies and standards.

There also are some intrinsic benefits to using commercial technology 
for military networks.

The Chinese are using VOIP, which causes big problems for the U.S. 
because theres no wireless signal transmitted that can be easily 
intercepted, say U.S. intelligence officials. Hezbollah has adopted the 
same system for communications in southern Lebanon so that they cant be 
intercepted by Lebanese or Israeli analysts. The command-and-control 
network is then invisible in the RF spectrum. The move was necessary 
because the Israel Defense Forces have become adept at tracking cellular 

European officials are watching the shift with interest, too, although 
with a broader concern about network vulnerabilities than specific VOIP 
issues. Military planners in Europe note that they may need to follow 
the U.S. Air Force lead in focusing resources on protecting against 
network attacks, particularly in the wake of last years efforts from 
Russia to shut down Estonias Internet connectivity over a political 

But at some point, any tactical communication system has to go wireless. 
Therefore, another technology being pursued by the Chinese for military 
use is the High-Powered Cordless Phone. The country doesnt regulate 
power output of the microwave-frequency phone. One benefit is that it 
can be used to communicate between buildings with just the cordless 
handset without bothering with a base station. That allows the devices 
to create private networks by using just the intercom mode. Because they 
can communicate over several miles, chains can be set up over long 

But there also are problems. The technology is being eyed as part of the 
target set for U.S. intelligence collecting. Moreover, the high-power 
microwaves can inflict long-term physical damage to the user.

Network warfare has been done for some time, says the intelligence 
official. The difference now is that its being integrated as part of an 
overall combined operation. The Israelis raid on Syria wasnt just about 
shutting down the radars and blowing up the building. There were a lot 
of integrated operations that had to happen to make the raid successful. 
Cyberwarfare information operations was one component of what went on 

The U.S. Marines, both aviation and radio battalions, have been quick to 
realize the value of being able to call up an electronic attack (EA) and 
create a cone of silence even at the squad level.

The Marines are being very progressive, says Walleston. Now that they 
have all the experience fighting the asymmetric threat, they understand 
what theyre really up against. If you talk to the EW guys, theyre 
convinced that this is a commercial technology war because the 
[militants] command and control could be any of a number of commercial 
technologies from cell and satellite phones and even cheap Motorola FRS 
[family radio service] hand-held two-way radios.

Regarding the theme of going wireless for communications across the last 
mile of a battlefield, that jump opens up a vulnerability for anyone 
using a laptop or other wireless standards to connect with the Internet.

Those are the threats the Marines are talking about, says Walleston. 
When they went into Falluja, they were up against a wide collection of 
commercial computer and telecommunications standardsa bunch of guys with 
PDAs [and] Blackberries that can communicate with multiple computer 
networks via some standard link such as WiMax.

The wireless device transmits an RF signal, finds a connection and takes 
the user into the Internet. Thats called [crossing] an air gap. In the 
past, signals intelligence units were looking for tactical radios. Now 
theyre looking for commercial wireless devices that the enemy uses for 
command and control.

The Marines figured out this local command-and-control approach very 
early, says Walleston. Now theyre trying to create electronic attack 
capabilities that can be used like digital munitions. But they refuse to 
deal in typically classified capabilities and are employing an open 
architecture concept allowing full integration of air and ground forces. 
When we discuss capabilities we might have in the cyber-warfare domain, 
they say we only want to know about things we can use on the 

One result is a joint concept technology demonstration called the 
Collaborative Online Reconnaissance Provider/Operationally Responsive 
Attack Link (Corporal). Northrop Grumman provides the network and BAE 
Systems handles the electronic attack piece. The system deals with a new 
domain called network-enabled electronic attack (AW&ST Sept. 3, 2007, p. 
60; Apr. 9, 2007, p. 46).

It connects nontraditional ISR systems with tactical-level EA capability 
and brings it to the point on the battlefield where its needed, says 
Walleston. Instead of having an electronic standoff weapon that only a 
few people understand and only sometimes gets used, they are giving the 
capability directly to the guy that kicks down the door. The platoon 
leader has a tactical PDA that gives him two-way comms and situation 
awareness from UAVs flying overhead.

When the Marine with the PDA requests digital fires, he wants a cone of 
silence to be created over the immediate area that disables enemy 
communications, say U.S. Marine Corps officials. The network then would 
do asset synchronization to determine what ISR and EA assets are in the 
area. If there are none, it would redirect one, perhaps a UAV, to fly in 
and turn on the requested support. The capability to take on a wide 
range of telecommunication threats would be pre-loaded in the UAV. A 
number are already being used for experimentation, including the Shadow 
200 and Predator.

The goal is to develop payloads for all the platforms that can perform 
all the required network ISR and electronic attack missions. As they 
come into the area of operations, they are logged on automatically to 
the network through a common antenna set thats patched on the exterior 
of the airframe.

A network server keeps track of everybody, where they are and what 
capabilities they have. It might tell an F-15 to turn on its EA system 
as it flies by. Its then replaced by an EA-6B, a helicopter or a UAV, 
each carrying the same small, multifunction payloads.

There will be a demonstration of network-enabled electronic attack for 
the Corporal JCTD within two years. An interim version, demonstrating 
PDA-controlled attack from a UAV, will be tested with the Marine Corps 
Wolfpack platoon in August.

AVIATION WEEK Copyright 2008, The McGraw-Hill Companies, Inc. All Rights 

Subscribe to InfoSec News