Trojan Kill Switches In Military Technology

Nrbelex writes "The New York Times reports in this week's Science section that hardware and software trojan kill switches in military devices are an increasing concern, and may have already been used. 'A 2007 Israeli Air Force attack on a suspected, partly-constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars. Separately, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 8200.'"

Open Source

[toppavak]

Its a good thing the DoD is taking a stronger, more positive stance towards open source software. I guess the next logical step would be open source hardware.

Syria, you morons

[Anonymous Coward]

That's what you get for not building the hardware yourself. We on the other hand have been intelligent enough not to outsource our industries to foreign countr... Doh.

Lesson learned?

[miffo.swe]

Dont buy important technology from foreign countries, do it yourself. Especially if you ever under any way, shape or form could cross paths with said foreign country.

I think this should be a really big wakeup call to european countries that relies 100% on american tech, both on hardware and software.

Re:Open Source

[Anonymous Coward]

Just in case you are not aiming to a funny mod, Open Source (Software and Hardware) as good as it is, is probably not the end-all solution to this problem.

It takes HUGE amounts of resources (including time) and knowledge to do a full security audit that almost guarantees it's safe and killswitch free.

And sometimes it can be damn near impossible to figure out whether or not it really IS clean, since all it takes is a few subtle differences in behaviour to open up the door to attackers, which can go unnoticed to most people who aren't looking for them in particular.

Outsourcing

[whisper_jeff]

You get what you deserve when you outsource...

Seriously, I understand the cost benefits of going with the lowest quote and all but sometimes it's best to keep things "in house" to ensure quality and accountability. And that applies to companies all the way up to governments. In this case, when dealing with national defense, it especially applies to governments...

Don't buy weapons from your enemies?

[Seth Kriticos]

Seriously, if you are going to wage war, it is a very bad idea to buy non trivial weapons systems from your enemy or his allies. Actually it's a bad idea to buy it from anyone that is not 100% on your side. Best would be to build it yourself.

Those amateur war mongering folks down there. Still don't think that anyone is learning out of it, I mean, where are the chips for NATO equipment come from? Oh yea, who manufactures them cheapest. How does this make sense in the context?

Syrians have U.S. military hardware ?

[ivan_w]

Does that mean that the U.S. provided *Syria* with sensitive military hardware (ok.. with built-in kill switches) ?

If they didn't then it's not a kill switch and the U.S. simply provided their Israeli allies with electronic warfare technologies.

It was my understanding that syrian military hardware was russian based anyway..

So I'm not sure I understand the whole thing..

--Ivan

If they do...

[Anonymous Coward]

This the Syrians do have US military hardware, they should demand their money back.

Riiight

[Culture20]

I'm not usually a fan of conspiracy theories, but "signals to turn off radar" seems more like a coverup to protect the Mossad agents who really turned off the radar. You can theoretically only use a kill signal like that once, but Mossad agents are much more versatile.

Re:Lesson learned?

[MickyTheIdiot]

Lesson learned? You must be joking.

The military/corporate complex won't be happy until EVERYTHING is made overseas. It's better for their short-term budgets, you see. They know they would be first against the wall if there was ever any real problems here so why care if we're caught with our pants down militarily later on.

Re:Syrians have U.S. military hardware ?

[confused one]

Sure, it's possible the Syrians have US hardware. We sell to Country x. Country x ships to Country y. Country y sells to Syria. It happens. Sometimes, that works against the U.S. and its allies. Sometime... it works for the U.S. and its allies

Re:Lesson learned?

[OzPeter]

Dont buy important technology from foreign countries, do it yourself. Especially if you ever under any way, shape or form could cross paths with said foreign country.

And in TFA they say that only 20% of chips are manufactured in the US - so that makes it kinda hard not to buy goods from foreign countries.

However what you are suggesting is that 100% of goods used by the US military should be made in the US - and that might be a good reason in itself as that would certainly stimulate the US economy

Re:Syrians have U.S. military hardware ?

[ElectricTurtle]

Maybe some of the US hardware from Iran during the Shah era has flowed to Syria? That's the thing with military hardware, once you sell it to somebody, there's very little you can do to keep them from passing it to somebody else. In that context, kill switches are genius (assuming the 'enemy' doesn't hack your Gibson).

Dude, shut up!

[jafiwam]

That dude is going to get himself killed by Mossad if he's not careful.

What, did you think the Russians, Germans, Americans, and Chinese are going to risk facing their own stuff?

Morons. Of COURSE there are kill switches in all the things that are sold to the third-worlders. Duh.

Semiconductor Executive Should Be Investigated

[fwr]

So there's a semiconductor executive that is talking about classified information in an interview? His/Her clearance should be revoked, at least temporarily, until an investigation can be performed to determine whether any laws were broken, and how long the executive should serve.

Re:Lesson learned?

[EvilBudMan]

--They know they would be first against the wall--

No they don't know that or they wouldn't be doing this in the first place. I agree with your other assessments of short term thinking but they think they will get away with it and we will be left holding the bag. How many Nazi war criminals got away percentage wise? Few? Half? Most all of them?

The Chinese and Windows

[kurt555gs]

I understand why the Chinese don't want to use Windows in their defense systems. I am sure there are back doors to encryption, and remote access, and all kinds of sneaky things that the CIA can do to anyone using Microsoft products.

Microsoft can say , no, its fine. Without the source code, how could you trust them?

What about a Trojan "Launch" Switch

[cpu_fusion]

Turning off your enemies defenses is one thing, but what about when stuff like this is used to make the enemy seem to be on the offensive?

Re:Open Source

[GargamelSpaceman]

I wonder if people from 2050 er 2060 where did the decade go? from 50 years in the future came back in time to now and dropped their latest microchip, if it would even be useful? Sure, they have picometer circuits, but so what? We still don't know how to make them.

Re:Open Source

[captaindomon]

Ok, I admit watching Iron Man gives you some false impressions. But I am also well acquainted with folks who work every day on the tech side of the defense industry. To take modern weapons systems and try to even think of equating them with your little toy rocket is ignorant at best, and flamebait at worst. That's like saying it's easy to put a man on the moon because you have a scuba diving suit, and a spacesuit is the same thing with a fishtank over your head. Or a CS undergrad saying they can write an OS from scratch because they have played around with assembly a bit. What you think is exactly what many warlords think, and build their own little toy rockets that they have to point at an enemy, until they are wiped out by some of our niftier stuff without even seeing it coming. Give some respect where it is due, please. /end rant/

Idiots

[fineghal]

You know what's absolutely hilarious about this? A kill switch requires a COMMAND to activate. OP probably believes in one world order and a secret cabal of jewish-mason-opus-dei members. 1) Activation requires communication with the kill switch. - A fair portion (missiles spring to mind) of military hardware is shielded from this kind of thing. Can't have a stray emp field junking your hardware in a combat zone can you? 2) Activation requires communication. Stop and think about that. This isn't some craptacular residential cable modem that's connected to the internet 24/7. You're trying to tell me that "they" can magically get line level access to the hardware? - Just like in regular computer security - if "they" have physical access to the machine, you're already screwed. 3) Activation requires communication. Let us suppose that there IS magical over-the-air access possible to some random device. Every single method EVER requires some type of input at the least. Do you really think that NO ONE is going to notice a radio or IR reciever being added to a chip or hardware? 4) Do you really, truly believe that this hardware is preconfigured from the manufacturer for the military? People Telco's (in the us at least) don't even do that! You're trying to tell me that any firm (military or otherwise) is going to tell their manufacturer "Hey, while you're at it, I want you to add this access code algorithm." 5) And finally: Obviously the military/anyone is NEVER going to compare their original designs with what was delivered from manufacturer.

uhh...Russian technology

[Nidi62]

How do Israelis manage to build in kill switches on technology developed in Russia and provided to Syria through Iran? That would involve some deep penetration, which I doubt even the Israelis can do. The Russian did pretty much invent counterespionage, after all.

Re:Open Source

[tibman]

I'm sure the EE guys who built the Syrian's air defense system thought the same way as you. "I'll use all this great off-the-shelf tech, it's just so easy". Ohhh, it had a backdoor in the hardware... damn.

I do get what you're saying, but i think it applies differently to platforms of war. When your opponent owns the companies that built half the parts for your weapon systems... can you really trust them?

I have no doubt you could build some nifty weapons to seige a neighbor with but not a local government. The bomb techs would have analyzed the debris and come up with a short list for an investigator to pin down.

One of my fav military techs is round return radar... even though it is simple and old. There's nothing like hearing outgoing fire before the first incoming round hits!

Re:Open Source

[Cyberax]

Yes, toy rockets won't be reliable. Yes, they'll often fail. Yes, it's hard to scale the production.

But they're more than enough for one-off operations like assassinations or terror acts.

Re:Semiconductor Executive Should Be Investigated

[Maximum Prophet]

Unfortunately, an investigation/trial might reveal more secrets than the good it would do.

The first rule when you see classified information splash across the front page of the New York Times, it to keep your mouth shut. Running around, arresting people, only confirms that the information is true. You start a secret investigation and covertly limit the information that the people suspected of the leaks have access to. Then, when the brouhaha dies down, use special rendition to disappear the perp in the middle of the night.

Usually when someone's clearance is revoked publicly, it's because they broke a rule, not because real secrets were reveled.

Re:Open Source

[2obvious4u]

I think you missed the point. Yes military grade guidance systems that are accurate to with 1 meter and travel 500 miles are very advanced and a hobbyist couldn't build that from hobby store parts. However, if your goal is to indiscriminatingly kill people it is very easy to do with off the shelf components, if you are so inclined.

Another thing you are forgetting is that we built atomic bombs with minimal computing power. The first computers had trouble doing ballistic tables. Now you could make ballistics tables as an iPhone app. The level of information processing available to the public is staggering. There really isn't much that an individual so inclined couldn't produce.

Re:Open Source

[kent_eh]

Ummm. I think you guys are trying to make slightly different points.

The parent was (I think) trying to refute the "you need secret stuff to build a machine that kills people" type claim.
Which in no way contradicts your experience based statement, which I interpret as: "you really do need lots of advanced hi-tech to build an accurate, advanced, effective killing machine"

Re:Open Source

[mpe]

Building a missile, bomb or anything that kills people is NOT HARD. I can get the relevant documents needed for anyone with a mild training in electronics to build a guidance system for a missile or a homing system for a rocket.

However building a missile which destroys an invading warplane is rather harder. If you are in Syria, Lebanon, Iran (or quite a few other places) then this is the kind of missile you are likely to need.
The claim here is that the attackers were somehow able to disable the SAMs which would otherwise have made their attack considerably more risky.

Re:Open Source

[Bakkster]

However, if your goal is to indiscriminatingly kill people it is very easy to do with off the shelf components, if you are so inclined.

In general, only non-state actors want to kill people indiscriminately. Nations (Syria included) have to worry about their own people, diplomacy, UN resolutions, etc. If you're a terrorist organization, simple technology can fulfil your requirements. An IED is effective for an insurgency, but not for full-scale war.

However, on the nation-nation level, it would be incredibly difficult, if not impossible, to carry out long-range warfare without comparable technology to your opponent. This stuff doesn't come easy. Sure, a simple radar can be built by anybody, but it won't do you any good against a stealth fighter with an advanced electronic warfare suite. To be effective, your technology must not be easily countered, and hobbyist stuff doesn't fit the bill if you need to perform anything more complex than just exploding.

Re:Open Source

[gentlemen_loser]

Yes, watching Iron Man has given you many false impressions. To address this:

... Or a CS undergrad saying they can write an OS from scratch because they have played around with assembly a bit.

Do you mean like this guy: Linus Torvalds [wikipedia.org] It started with something small:

Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. Any suggestions are welcome, but I won't promise I'll implement them :-) Linus (torvalds@kruuna.helsinki.fi) PS. Yes – it's free of any minix code, and it has a multi-threaded fs. It is NOT portable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.

Its douche-bags like you that help to keep the general population convinced that they are incapable of anything special. News flash: Everyday people, with dedication, determination, hard work, and the proper application of intelligence and education are capable of doing huge things. The people working for the DoD are the same CS and EE majors working at IBM, OnStar, and Verizon.

Re:Open Source

[Anonymous Coward]

Give me a break.

It doesn't matter if a third world despot can see a cruise missile coming because said despot doesn't have the equipment to shoot it down. Even if he could, we could launch so many of the things at him that we'd overload any defense most tinpot revolutionaries can put up. The same goes for aircraft, artillery, you name it. This is why we're so effective at steamrolling conventional forces, and also why we perennially fail to counter asymmetric tactics without taking a scorched earth approach. (Our strategies most often assume the enemy is having a clusterfuck orgy of some kind and that they'll smile for the camera on the end of that missile flying toward them while they do it.) We have more stuff! If plan-A fails, plan-B is to repeat plan-A so many times (often simultaneously) that it works. One missile/air strike/bombardment didn't work? Try five, or ten. Maybe twenty.

I posit that the Gulf War could have been won with World War Two era technology just because we could ram so much of it up Saddam's ass that he wouldn't be able to stop us. When we finally did knock his regime over, what did we do? We threw bombs into his war machine until it choked. Better technology might mean fewer of those bombs have to be used and that collateral damage is less likely, but the strategy hasn't changed a bit. At some point, quantity does win out over quality, and our modern military is living proof of that.

You're also missing the GP's point, which is that the barriers to entry for making relatively advanced military hardware are lower now than ever before. The same goes for space technology, which you also brought up. It's not a cakewalk and not every idiot could do it, but with adequate information (which is everywhere now) and the right parts (also everywhere) you can make all kinds of lethal toys. Whether or not you would achieve parity with the stuff on the field is another story, but if you want to do some damage and do it with a high degree of accuracy and reliability? Yes, you can, and for less money and effort than you probably think. The GP knows that building a guided missile that could deliver a payload is less difficult than it sounds. The warlords you mentioned assume this single missile will magically win wars for them.

Re:Open Source

[CharlyFoxtrot]

Oh, yes -- most chanraids are exactly that, because there's no real impetus to organize on a large scale. But Chanology showed that if you give a bunch of randomly disorganized people sufficient motivation they will efficiently organize just the way you say, without a centralized organizing force.

Just because there's no command authority pointing everyone in the same direction doesn't mean that there's no organization. There was in fact an elaborate system of forums and subforums and IRC channels and wiki pages keeping things organized during the whole thing.

Anarchy in action. Organization without hierarchy, just informal committees created to perform a specific task and disbanded afterwards.