Schneier on Security
A blog covering security and security technology.
« University Networks and Data Security |
| Facebook and Data Control »
September 20, 2006
Did Hezbollah Crack Israeli Secure Radio?
According to Newsday:
Hezbollah guerrillas were able to hack into Israeli radio communications during last month's battles in south Lebanon, an intelligence breakthrough that helped them thwart Israeli tank assaults, according to Hezbollah and Lebanese officials.
Using technology most likely supplied by Iran, special Hezbollah teams monitored the constantly changing radio frequencies of Israeli troops on the ground. That gave guerrillas a picture of Israeli movements, casualty reports and supply routes. It also allowed Hezbollah anti-tank units to more effectively target advancing Israeli armor, according to the officials.
Read the article. Basically, the problem is operational error:
With frequency-hopping and encryption, most radio communications become very difficult to hack. But troops in the battlefield sometimes make mistakes in following secure radio procedures and can give an enemy a way to break into the frequency-hopping patterns. That might have happened during some battles between Israel and Hezbollah, according to the Lebanese official. Hezbollah teams likely also had sophisticated reconnaissance devices that could intercept radio signals even while they were frequency-hopping.
I agree with this comment from The Register:
Claims that Hezbollah fighters were able to use this intelligence to get some intelligence on troop movement and supply routes are plausible, at least to the layman, but ought to be treated with an appropriate degree of caution as they are substantially corroborated by anonymous sources.
But I have even more skepticism. If indeed Hezbollah was able to do this, the last thing they want is for it to appear in the press. But if Hezbollah can't do this, then a few good disinformation stories are a good thing.
Posted on September 20, 2006 at 2:35 PM
• 40 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
IMHO it's more likely that Hiz were able to D/F the signals, and *maybe* follow the frequency-hopping [which is pseudo-random for essentially-limited values of random]. But that doesn't mean they were able to recover actual audio or data.
Civilian-grade cellphone conversations are an altogether simpler matter - and something that really shouldn't be used even in tactical battlefield situations. Even things like the Sectera phones aren't adequately secure for this.
"But I have even more skepticism. If indeed Hezbollah was able to do this, the last thing they want is for it to appear in the press"
I thought exactly the same thing so maybe it's just that they are very smart about some things and extremely dumb about other things.
A captured radio with full KEK and TEK (up to 5, I think) complement could probably have given them the same intel... At least for a while.
Or they're being made to look smarter than they are in order to scare certain audiences into specific reactions. Newsday is a Long Island newspaper. Long Island has a huge population of Jews - quite possibly the largest concentration of Jews outside of Israel itself. This story is a good way to make a lot of them, as one, react with paranoia and be willing to dig deep into pockets to fund and otherwise back the war machines of their choice.
The part I hold the most skepticism about is that Hezbollah got this interception technology from Iran. Iran is not in as good a financial position as, say, the UAE or Saudi Arabia. I keep saying it over and over again - to find the real bad guys, follow the money.
One way to detect disinformation is to know something about the audience being targeted, and the predictable reactions they are likely to have to such stories. Propaganda can be reverse engineered as much as anything else.
It may be the gaff is blown anyway, and the Israelis worked out what happened.
Or another point is that perhaps they haven't cracked the encryption, they've just worked out a way to track the radios- in other words traffic analysis rather than crytanalysis.
Or even more plausibly, somebody was spying on the Israelis and the Hezbollah concocted a fake cover story.
I'm not sure I agree with your analisys. Hizbollah are currently in damage control mode, where they are receiving a lot of flack from the Lebenese for starting the war. Their only saving grace is to show that meager Hiz "showed" almighty IDF. Such a statement can be beneficial to them for political reasons.
Then again, they might also be making the following calculations. The next full scale conforntation is six years away, assuming they don't have to submit to Lebanese jurisdiction, in which case it's indefinitely postponed. Revealing the edge does not cost them that much of a tactical advantage.
Having said that, when I was just finishing first year electrical engineering, a bunch of military equipment producers were trying to make us enthusiastic about working for them. At the time, they were demonstrating frequency hopping. The first thing that came to mind was that sampling the antenna at twice the maximal frequency used by the device (called the Nyquist frequency) will enable me to post-reception assemble the original hopping order.
While I have not managed to actually confront anyone official about this, I have not managed to get a rebutal either. While a 1GHz A2D is not cheap, it is not prohibitly expensive either (1GHz digital scopes do exist, for example. What do you think Intel uses for logic analyzers for their CPUs?). As such, the frequency hopping part of the "encryption" never impressed me much.
My thoughts (from comments in another blog)
I suspect a lot was actually two sources:
Cellphones and LOCATION tracking.
Cellphones are obvious. ALthough the Israelis weren't supposed to be using cellphones for anything secure, even unsecure information, such as a call home to a loved one, would be a huge trove of information. Given how much else was a bit of a fiasco on the Israeli army's part, I'd worry about signal discipline.
THe other is simply location tracking. Although its hard to key in on a spread spectrum signal, its actually really easy to triangulate.
You have a bunch of receivers, with high precision, synchronized clocks. You record when you get pulses of communication, both start and end, on various frequencies. You can even have reference pulses sent out from known locations, if the clocks are too drifty.
Then you tie all the data together and the time of flight (Light is actually SLOW by the standards of modern electronics, 3 microseconds/kilometer, in the days when electronic clocks are in nanoseconds), and now you can track where the signal came from.
Just knowing and trakcing where all the transmitters ARE gives a huge wealth of information. Add in the types of transmitters and an enemy commander can see a wealth of information.
Such technology is effectively implementation: someone who's well educated (MS EE, signal processing) could design and implement such a system, be they in Taiwan, China, India, Iran, or the USA.
Breaking the crypto, on the other hand, would be a BIG deal. IF that happened, it was probably a case of bungled key management combined with one or more captured radios. Or relatively obsolete radios (64 bit keys are brute-forceable, 128 bit AES keys? forgetaboutit)
Also, even just an ON cellphone can trivially be used for location tracking. It would only take one reserve soldier who screwed up to make a whole unit trackable.
Your last paragraph says everything.
The key to this news is the device provider. Acording to the news, Iran provided equipment that was able to decrypt the "invencible army" devices. Sounds nice... however, if Iran has the capability to break something like the SINCGARS&stuff encryption, the LAST thing they would do is to provide it to Hezbollah. Doing so would expose a major technical advantage in a more serious battlefield.
It takes just few 2nd WW history books to realize how important was to the Allies to keep the secret of the secrets, the capability of breaking the Enigma. No wonder why the Poles destroyed everything they could related to the issue before passing vital information to UK and France.
However, if they did some tracking because of soldiers not following procedure than the solution is simple. More trainining!!
more than likely, this is either disinformation, as Bruce suggested, OR Hezbollah soldiers simply stole Israeli radio gear from captured or killed Israeli soldiers or vehicles.
of course, they could have simply jacked some cellular calls too. one of the guys i work with in Israel was called up to serve in the army at the beginning of the war. he's such a dedicated employee that he managed to call in for our weekly company management meeting, using his cell phone while he was fighting on the front line.
The simplest answer : inside job.
Anyway just Bin Laden can heard my mom here in my house at the bathroon , but Shhhhhh¡¡¡¡¡ dont tell anybody friends
"The first thing that came to mind was that sampling the antenna at twice the maximal frequency used by the device (called the Nyquist frequency) will enable me to post-reception assemble the original hopping order."
Could this not be addressed by broadcasting gibberish on the other frequencies? I've no notion as to whether they do this, but it's the first solution that comes to mind. I haven't done much EE, so there could well be something obvious I'm missing - but would be interested in hearing about it if so.
"I'm not sure I agree with your analisys. Hizbollah are currently in damage control mode, where they are receiving a lot of flack from the Lebenese for starting the war."
Interesting. Our media in the U.S. is portraying it as the Lebanese people are more supportive of Hizbollah than ever, praising them for reported humanitarian efforts.
Why would our media portray this? What is their stake in it to not just report the truth... that some Lebanese are angry with Hizbollah?
Not doubting the assertion, just curious why things seem so different looking out this window.
@ C Gomez
"just curious why things seem so different looking out this window."
Did you follow reporting on Fox and CNN simultaneously during the conflict? It doesn't seem surprising that there might be an even larger difference in media reporting between Israeli media and whoever you're listening to (assuming it's not the Israeli media).
I would guess that some Lebanese are supportive and others not, and wouldn't be surprised if the most powerful, rich, and educated Lebanese are the least supportive. And what people say in public is not necessarily what they say in private. But this is solely a guess.
@Ia Ia Peter King Ftaghn
How much money is required to buy such equipment? I bet a wealthy private person can buy such equipment, it doesn't need budgets of countries to buy it. I wouldn't even be surprised if Hizbollah got such equipment from an Israeli Arms Dealer (if they actually have it).
It depends. If the actual communication is not encrypted (beyond the freq hopping), then the entropy is very low, and the redundancy can be used to assemble the correct channels.
If it is digitally encrypted then the entropy should be high, and this SHOULD be possible. Then again, it is not clear how this is different than simply encrypting.
I don't understand voice scrambling techniques to tell whether sending dummy channels would be effective there.
Understanding why different media choose different reports is really beyond the scope of any answer I feel qualified to give.
Israeli PM Olmert is receiving HEAVY flack for his role, so he has a clear interest in saying "look, Hizbollah have suffered political setbacks too". That's why I'm not using the media as a direct source. Esp. here (Israel), it is often too biased.
What I do use as sources are a bit of reading on blogs, mostly operated by Arabs (in or outside Lebanon). There are also impartial indications that Hizbollah (or, at least, Nasrallah) do not feel they have categorically won. The most obvious of these is the frequency in which they repeat that they have, and the "we won rallies". There is also the "we didn't see one percent chance of Israel reacting the way it did" speech.
It's more along sectorial lines in Lebanon. The Shia's are, generally speaking, for Hizbollah. Everyone else are, generally speaking, against. During the war, of course, Israel was the "Greater bad", and so the critics kept quiet.
>to find the real bad guys, follow the money
Disinformation by US defence companies wanting to hurry along the order for the next generation "unbreakable encryption" radios.
Or is that a bit too cynical!
Yep. I'm with you.
All the fancy encryption in the world is no good if the bad guys has a recicever. Turns out you make the recievers easy to use. Just get your hands on a reciever and code book. Much easier that "cracking" the encryption.
And the Sincgars system used by the Israelies is apparently late 70's technology, hardly state-of-the-art isn't it?
> If indeed Hezbollah was able to do this, the last thing they want is for it to appear in the press.
I think it can safely be assumed that Hezbollah leaks like a seive. It's a political organisation as well as a paramilitary group, I doubt that they have military standards for the treatment of classified information.
So if large numbers of people within Hezbollah were aware of this equipment, then Hezbollah probably doesn't get to decide whether or not it appears in the press.
Even if it didn't initially leak from Hezbollah, suppose that the hack did happen, and that the Israelis found out about it. I've heard it suggested that they would keep it secret that they had done so in order to feed misinformation to Hezbollah. I don't buy that. This is their everyday operational radio, so to use this tactic they'd have to leave the whole army open to eavesdropping - I think it's unlikely that this would be considered an acceptable price to pay.
So, if Israel found out about it and subtly made it known, perhaps in order to publicise that the equipment came from Iran, or perhaps just because they're trying to inform the public, or perhaps through a covert leak which pointed the reporters in the right direction), then again it doesn't matter whether Hezbollah *want* to keep it out of the press, they can't prevent it. And once the reporters turn up saying "did you do this, we have off-the-record sources in Israel who say you did?", then they might as well admit it.
So, I think that a leak (originating from either side) is just as plausible as a Hezbollah ruse (which is also plausible, although either the Newsday reporter or the "former Israeli general" quoted in the article would have to be playing along with the ruse).
For a moment let's entertain the idea that the claims are true.
"A captured radio with full KEK and TEK (up to 5, I think) complement could probably have given them the same intel... At least for a while."
Possible, but remember SOP would be to execute an emergency crypto change if the net was compromised, so the window of vulnerability would be very short indeed.
"Breaking the crypto, on the other hand, would be a BIG deal. IF that happened, it was probably a case of bungled key management combined with one or more captured radios. Or relatively obsolete radios (64 bit keys are brute-forceable, 128 bit AES keys? forgetaboutit)"
True. But remember that operators (especially poorly trained reservists) often have trouble getting the frequency hopping functionality working properly (speaking from long-ago experience of SINCGARS here) at which point they switch to single-channel which is a whole different ball game.
I'll hazard a guess that the IDF ground forces use SINCGARS or equivalent. Hezbollah could have acquired the hardware and the operator training to *potentially* intercept freq-hopping traffic using said equipment but would have needed the key material to actually intercept in a tactically relevant way.
So maybe they got ahold of the keymat by some other means and actually did intercept enough traffic to yield useful tactical intel.
the point of this story is the attempt to bring Iran into the mess: "[...] technology most likely supplied by Iran"
the rest is just filler to make up a credible 'story'.
alot of attempts by USA and Israel to bring Iran into the same state as Iraq, this looks very similar to the information war that was going on before the Iraq occupation got on its way.
It's not that big of a mystery. Capture one cell phone and you have the names and numbers of everyone in the unit. Call until you hit one, then use cell triangulation to locate it. If it's anywhere near the battlefield, keep tracking it. Pat yourself on the back - you've got a unit tracking system.
My feeling is that these releases are as much a play from the Israeli playbook to create an image of Hezbollah of not just being unstoppable but also being all-knowing. The Israeli image was the same after the various wars where they used superior technology and tactics to win against larger armies through all the Arab-Israeli wars of the 1940-1970's.
The goal will be the same as the Israeli model: Do not invade/mess with Iran/Hezbollah because they will know what you are doing and you can not defeat them.
Just out of curiousity what would the actual tactical advantages be? My understanding is that the battlefield was quite small so there wouldn't be such a large problem of locating anything or detecting mass troop movements. They could be detected by spotters. It's not like hezzbolah could call in airstrikes or even have accurate long range missile strikes. Their capabilities where strictly local.
GNU radio - good for SIGINT. No need to crack the crypto - just locate and track the emiters.
Maybe the Hezbollah have SIGINT@HOME running on 100s of desktops, to help in this task.
A few years ago, I read something by a senior Israeli officer, who wrote that the Israeli army uses cellphones a LOT, and that they knew this was theoretically a bad idea, but that it was just so convenient for them that they weren't doing anything about it.
Maybe now they will.
"With frequency-hopping and encryption, most radio communications become very difficult to hack. But troops in the battlefield sometimes make mistakes in following secure radio procedures and can give an enemy a way to break into the frequency-hopping patterns."
That's exactly how the Allied Forces cracked the Enigma code. Enigma was reasonably secure if it wasn't for operator errors...
Bull shit! The IDF's CNR-900/CNR-9000 tactical combat network radio system is tamper proof. It's frequency agile and provides encrypted voice and data. But the real problem was that the lowest echelons were equipped with the fixed frequency PRC-77 or PRC-624 sets with no encryption capabilities. The same happened to the units fielded with the Michlol tank radio, which operated in the fixed frequency mode.
Yeah, I mentioned this on SecurityMusings the other day ( http://securitymusings.com/article/81/... ).
My guess is that they traced radio signals, but didn't decode/decrypt anything... There are still lessons to be learned from this!
Just one point worth mentioning,
The assumption behind tactical frequency agile systems often called "Low probability of Intercept" systems (based on Direct Sequence, Frequency hopping, Hybrid Spread Spectrum) is that the potential evesdropper is at least as far away from your transmitter as is the person you are sending the message to. Therefore you gain somthing out of the "Spreading gain".
If however you are very very close to a Spread Spectrum transmitter with a wideband IQ receiver, then it is fairly much game over as you can pick up all the frequencies they are moving hopping on (from and to). Even if you cannot break the full hopping sequence, it is likley that you will be able to work out the Sync code sequence (if it's used). Also the channel spacing and a few other things as well.
The Sync Code Sequence is in older systems almost like a fingerprint for a radio net. So it is possible to work out individual nets from the cominality of their Sync Codes. In some early systems it was based around a matched fillter etched onto a lump of quartz so it was not that easy to change ;)
As was pointed out on this blog a little while ago, even university students can break Spread Spectrum PRN codes from a Satellite,
And there have been student papers published on this since the late 90's.
Also back in the last century Wirless World had a news item about a small UK company where one of the directors had worked out how to make some leading edge (for the time) DSP chips perform like a thousand or more narow band receivers spread across a significant RF spectrum (basically just the tool to pick up Frequency hopping Spread Spectrum systems). I will have a hunt around to see if I can find the artical but it might take a while.
So is it possible that Hezbollah did it to a certain level, then the answer is most definatly yes.
However you then need to ask "did they need to" to which the answer is probably no.
Likewise did they need to break any encrypted radio trafic hopping or otherwise, again probably not.
The terain the battle was in actually favours guriller tactics, after all most tanks can be heard from a mile or more away in a quiet environment such as an (almost at the time) uninhabited scrub desert... The terain also forces tanks into predictable patterns which makes ambushing etc far easier.
I in no way intend to diminish what Hezbollah did as they where in military terms vastly out numbered. They did however raise an interesting issue, if you have an army that is heavily reliant on technology how do you fight them, the answer almost appears to be by the use of basic guriller warfare tactics.
This should be of significant concern to most modern armies. If you think back to Somalia where again a High Tec Army was ousted by guys runing around and in pickup trucks with at best heavy machine guns... Perhaps this explains the recent pushes towards "Stand Off" wepons and the thinking behind "Air only Conflict" and of targeting civilian infrustructure.
I guess Iran bought the stuff from Niger.
@Ia Ia Peter King Ftaghn:
You might be right that Iran does not have the funds of UAE or Saudi but they are unlikely to fund a Shiite organisation like the Hezbollah. Especially the Wahhabis in Saudi probably hate the Shiites no less than the Jews.
So to add some gee-wizz information about the reported type of radio the Israelies were using:
The SINGARS Tactical radio has features for over-the-air keying and publishing frequency hops... Depending on how the units maintained tactical security in particular to their SOI and keys/hops it is highly likely that the failure was based in radio security dicipline. The SINGARS radio can be loaded with hops and comsec material 2 ways:
1. The most common way is to use a loading device to load the material into the radio via a shielded cable. It is standard practice to change callsigns, comsec keys, and hops every 24 hours.
2. NCS (net control station) can push out the keys and hops over the air in a pinch. (obviously not a good idea)
My assumption is that they did not keep their keys safe and did not change their keys/hops on a daily basis. This is basic secure communication procedure. I doubt the technology failed (for reasons we don't need to discuss), it is however most likely the processes for maintaining communications security did.
Having worked for the maker of SINCGARS, I am not aware of any sale of the system to the IDF. Israel has it's own comms company and they prefer to use it instead of a foreign system. The IDF radios although Freq Hopping are not based on the SINCGARS model in anyway.
A group of russians intercepted SINCGARS radio traffic 2003 in the Iraq war. Read more about it here:
The machine mentioned in the article is commercially available and a similar (or perhaps even the same) machine could have been used by Hizbollah to intercept Israeli radio traffic. Read the article for the gory Technichal details about what is and what is not possible.
I don't think so. It would require quantities of ciphertext and computing power not available in practical terms in the operational theatre to crack military radio. The average radio transmission is 2-6 words, and a significant incidence of 1 word - 'ack' - as at least 10% of that. Doesn't help you find enemy tanks, unless you ignore content and concentrate on traffic analysis.
Also with various key structures even if one succeeded in cracking 3-DES or AES within 23 hours on day x, the solution is invalid on day y, even assuming Israeli military changes their operational cipher keys only once per day. Doubt it. It's two clicks and Send to refresh the dynamic (operational) cipher key on the whole fleet on systems I have worked on. Why wouldn't you do it twice a day, or once an hour? You could, and spend the other 59 1/2 minutes having a coffee.
The only decent method of eavesdropping on a modern secure radio (digital or hybrid) system is to steal or capture valid radios and use them for as long as possible before they are remotely stunned or killed by the enemy's Command Centre. Valid radios get key updates as long as you can keep them charged. Much much easier than doing hard crypto. As a piece of disinformation it's cool though - "we cracked your crypto" makes every one feel nicely insecure. And of course, undisprovable. But impractical.
The reality - "we stole your radios from the corpses in your shelled tank" - is much less clever, but much more effective.
The main crux of these discussions seems to be about the INTERCEPTION of comms that utilise Frequency Hopping schemes. Engineers have been aware all along that the system is not bulletproof (Hence LOW probability of intercept, not ZERO probability of intercept). If the probability of intercept is zero, then there would be no need for additional encryption.
The primary goal of frequency hopping is resistance to jamming. Regarding the link posted above, about interceptoin of SINCGARS traffic using broad-banded spectral analysis; sure you can listen to all 2320 frequencies available (for SINCGARS), can you jam all 2320 simultaneously? Assume it takes 100 watts to jam a single frequency, this would require 232 Kilowatts. The IR signature alone, i.e.waste heat from the Jammers Power Amplifier, would be strong enough to overload the IR sensors of the fighter patrolling overhead. This type of jamming is called barrage jamming. Barrage jamming might have worked for the Soviets in WW3, their ECM assests would have probably have been heavily accompanied by air defense missles, etc.
Now is not the case. Modern Laser and GPS guided bombs cannot be shot down by Johhny Talibans handheld Anti-Aircraft missle before target impact.
Another factor to consider is the RF clutter in a modern battlefield. Sure Hez may intercept a snippet, but that frequency may have been used by more than one radio net. Hey, if the Brigade Admin Net is not using frequency X at Y moment in time, whe not let the Forward Air Control Net use it? I am not sure if this is the case now, but it is safe to assume it will be in the future. Individual hopsets are not issued in a vacuum, but from a common authority (i.e they can be coordinated so no one transmission walks over another). To do this an absolute time source is required, done courtesy of GPS. Even if one individual snippet is lost, error corection can take care of that.
Also, it cannot be assumed that each and every individual transmission is intercepted. The laws of propagation and process gain do not favour one side or another.
About Over the Air Rekeying (OTAR). Remember, the new crypto vaiable and hopset itself is encrypted. The occurance of OTAR is so infrequent compared to actual traffic that a brute force attack is practically impossible, and possibly mathematically impossible.
Does the enemy have one of your radios? In the future, if not now, it may be possible to have a cryto variable that can be altered so it is only usable to radios that are valid. Well then why not spoof that radio? First the enemy has to break open the radio, its IC's (some of which will zeroize if the case is broken open), and then reverse engineer a 1mm x 1mm silicon die as to its configuration. If those of you who claim
you can do it actually have the required knowledge, then you would be potential billionaires.
"The primary goal of frequency hopping is resistance to jamming. Regarding the link posted above, about interceptoin of SINCGARS traffic using broad-banded spectral analysis; sure you can listen to all 2320 frequencies available (for SINCGARS), can you jam all 2320 simultaneously?"
I disagree with the first part of the statment but I will let it go.
"sure you can listen to all 2320 frequencies available"
Yes you can and it tells you a lot about your oponent in an almost pasive way (which is the best mode for guriller tactics).
In the type of battle that was being fought it would not have been in any way advantageous to Hezbollah to make active attackes against the Israeli radio nets.
Back in the 1980's I was involved with using IQ broadband receivers to look at SS DS/FH systems and you would be very surprised at how badly they do with the "sync problem". This would still appear to be an issue with legacy systems as well as with new systems that have to work with legacy systems.
You go on to say,
"Another factor to consider is the RF clutter in a modern battlefield"
As I pointed out in the case of this particular conflict 99.9% of the R.F. came from the invading Israeli side, so it actually makes things easier for meaningful interception especialy if the defending guriller troops knew (as in this case) pretty much what the attacking side where going to do.
In this particular conflict I very much doubt that Hezbolla would have any need to,
A, Break either the chip code or any encryption of the Israeli tactical radio system.
B, Activly attack (jamming / spoof) the Israeli tactical radio system.
All they would need to do was use reasonable direction finding and wideband recievers. Simply being able to identify moving radio sources by the output would have been sufficient for nearly all they had to do (ambush and avoid).
Also I suspect that the Israeli ground troops where not practicing good radio security. From (publicly) available information the average Israeli soldier has little or no respect for their oponents likewise the current crop of Israeli politicians.
So it is quite likley they spent long periods of time on "chit-chat" and other activities such as "long command overs" and short "subordinate replies" which would enable Hezbolla to identify command posts and forward troops etc.
I suspect that the Israeli are going to have a long think over this and re-evaluate their "chosen oponents".
Hezbolla on the other hand have shown that the best way to prosecute a war against Israeli is to fight them on your own terms in your own battle ground with stand-off wepons and the media. Saving guriller tactics for slowing down the ground forces in your chosen terain.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.