15 November 2016

Information Warfare: How To Hack A Warship


November 9, 2016: The U.S. Navy recently confirmed that Chinese hackers had tried to hack into the network of an American Nimitz class carrier on July 11 thwhile the ship was in the South China Sea. The network security on American warships is pretty good but the hackers thought they saw an opportunity because foreign officials who visit these carriers are often given Internet access via the shipboard network. In this case the hackers used a spear fishing" (or "phishing") attack against one of the foreign visitors. The attack came in the form of official looking email, with a file attached, addressed to a specific person. This was an email the recipient wasn't expecting but from someone they would recognize. The attachment, if opened, secretly installs malware (a program that sends files and information from the email recipient's PC to the spear fisher's computer). These official-looking emails with attachments often ask for prompt attention. The navy would only say that the spear fishing effort failed but not why. To do so would provide the hackers with useful information. The navy did describe the specific malware used in the attack and what it was designed to do. That was done to let the hackers know that the U.S. Navy was on to them.

Since the 1990s American warships have increasingly relied on computer networks and after 2001 that accelerated because of the growing demand from the crews for Internet access. Navies and commercial ship owners were both discovering that Internet access at sea was not only good for morale but also for safe and efficient operation of their ships. That’s because the Internet has become a key tool for rapidly transferring useful data like engine and other equipment performance as well as quickly delivering detailed weather maps and other navigation alerts. Crew members were keen to have Internet because it meant email and telephone contact with family and friends back home. By 2010 crews were demanding even more Internet based services which require still more Internet bandwidth to deliver.

While communications costs are currently only .3 percent of operating expenses on commercial ships, it has been found that adding more Internet access pays for itself in more efficient (and less costly) ship operation. This includes lower crew costs because you keep people you want longer and lower recruitment costs. But having a constant Internet link between many ship systems and the manufacturers ashore helps make these systems more reliable and that results in fewer breakdowns and costly delays (especially for commercial ships) while repairs are made. The navy quickly became dependent on quickly receiving intelligence updates, including maps, as well as software upgrades and other useful data via an Internet connection.

Navies have seen this Internet demand coming and in 2010 the U.S. Navy purchased over half a billion dollars’ worth of satellite communications capacity (or "bandwidth") from Intelsat, the owner of the words' largest fleet of communications satellites (at the time 51 of them, and still evolving). That gave the navy five years of access to over $100 million a year in bandwidth per year. The ships of the fleet were then equipped with more powerful satellite communications equipment, to take advantage of the increased bandwidth needed to provide real-time video (from UAVs, aircraft or satellites) capability for major ships, as well as the ability to quickly transfer large data files with anyone on the planet.

The increased bandwidth also meant high-speed Internet ("fat pipes") service (subject to mission demands) for the crew. This was a big change for sailors. Between 2005 and 2010 the U.S. Navy equipped all of its ships with Internet access for the crews. As a result of that, the average carrier battle group, and its 8,000 or so sailors, were able to send and receive over a thousand emails an hour. Sailors could also surf the net, and conduct business online (like buying stuff.) But the seagoing Internet connection was via a low bandwidth satellite link. Most of the bandwidth was devoted to official duties, with only a small portion permanently allocated for use by the crew for personal use. Thus, while email gets in and out pretty quickly, going shopping was a tedious experience, because the large product images used by many shopping sites took forever to load. While you can often turn off the loading of image files, that often makes it difficult to figure out what you are buying.

Sites that specialized in sales to sailors at sea recognized the problem, and created "low bandwidth" versions of their sites. For example, the U.S. Navy Exchange Service Command sells uniforms for sailors. They created a low bandwidth site, which used low res images, or no image files at all, if possible, to make the site quick to access by sailors at sea. This also increases sales, which makes it all worthwhile for whoever's in charge of the budget.

The low bandwidth sites were only needed as a temporary solution. As bandwidth became cheaper new hardware and software enabled remote locations (like ships at sea and undeveloped land areas) to get affordable high speed satellite access. Navies found it worth the morale boost to give their sailors more, sometimes even regular his-speed Internet access that their civilian counterparts enjoy. In addition more sailors at sea can, as their army and air force counterparts have been doing for years, use video conferencing to connect with the folks back home. This is a big deal, and a major morale boost, especially for sailors separated from young children.

But during all these highly publicized upgrades the navy also quietly upgraded its network security. The recent incident with the Chinese hackers is not the first time anyone has tried to hack warship networks via the Internet connection. There have been a lot of attempts and apparently few successes, at least so far.

No comments: