Iran Captures another US Drone – But how did they get it?

Iran Captures US Drone

Iran claims they have captured another US drone, this time a sea launched “ScanEagle”. The US denies that any are missing, so how did they get it?

This morning Iran’s Al-Alam TV station showed video of what they claimed was a captured US drone. If true, this would be the second time a US drone has been captured by the Iranians. The first was an RQ-170 Stealth Drone that most likely crashed in Iran exactly a year ago this month.

The ScanEagle is a Navy launched autonomous surveillance drone. It has been in operation with the Navy since 2005, and as of last year, has totaled more than 500,000 combat flight hours in over 56,000 missions.

In the video released by Iran, you can see what appears to be a ScanEagle placed in front of a map of the Persian Gulf. The words “We shall Trample on the US” can be seen on the top of the map.

Downed Scan Eagle

The video also shows what appear to be two Iranian soldiers looking over the ScanEagle and then pointing at the map, possibly showing the alleged route that the drone was flying. Iran claims that they captured the Drone as soon as it entered into Iranian Airspace:

“The U.S. drone, which was conducting a reconnaissance flight and gathering data over the Persian Gulf in the past few days, was captured by the Guard’s navy air defense unit as soon as it entered Iranian airspace, such drones usually take off from large warships,” said General Ali Fadavi of Iran’s Republican Guard.

The US denies the claims saying that all ScanEagles are accounted for, none have been lost recently, and that they only operate in international water. Commander Salata of the US Navy’s 5th Fleet said, “The U.S. Navy has fully accounted for all unmanned air vehicles operating in the Middle East region. Our operations in the Gulf are confined to internationally recognized waters and airspace.”

But the ScanEagle may be an older one Cmdr. Salata explains, as over the years some “have been lost into the water”. But all current Scan Eagle drones are accounted for.

So this drone may have been most likely washed up on shore, or maybe even caught in a fisherman’s net. Only time will tell, and we may never no for sure.

At least Iran isn’t claiming that they downed the drone with their “Cyber Commandos” as they claimed last year.

Pentesting High Security Environments

I was checking out some of the videos on our friend Vivek’s excellent security resource – Security – again today and found an exceptional video on pentesting high security SQL systems. The video features Joe McCray’s (an awesome speaker by the way) presentation, “Big Bang Theory – Pentesting High Security Environments” at the 2012 Hacktivity Conference.

This is hands down one of the best presentations I have seen on both SQL injection and how much computer security… well… sucks!

Joe explains that many companies that are creating a web application presence on the web (or already have one) have two options, to write secure code, or write average or even unsecure code and just put a web application firewall and IDS in front of it to protect it.

In his presentation, he shows how SQL injection can still be done on a website protected by an IDS, and it does not even throw any alarms. He then shows similar techniques on a site using a web application firewall.

Joe was able to pull database information and even password hashes from a system, while the IDS system showed no SQL injection attempts at all.

None – Zero….

He then explains that these security systems are set to look for certain signatures, or attacks. Many are configured to stop low level attacks (ankle biter attacks he called them), but let more sophisticated attacks straight through. Joe also explains that commercial IDS systems many times “borrow” signatures from open source IDS programs. So hackers practice on open source ones, and if their attacks don’t trigger anything on them, the chances that they are picked up by a commercial product are very low.

Lastly, Joe shows the config file of a Web Application Firewall program and shows stunning settings that are set by default. These include IP ranges excluded from being scanned, old attacks being blocked – but newer technologies aren’t even filtered and how Outlook Web Access isn’t monitored at all…

The solution – People!

Get and maintain the people who know how to setup, test and configure these security features to protect your network!

Exceptional video, I highly recommend that you and your security team check this out. Then explain what he is saying to your boss!  🙂

X-47B UAV Passes Catapult Launch Test

Northrop Grumman’s X-47B stealth drone was successfully launched from a land based test catapult this week. The system simulates the stresses that the Unmanned Combat Air Vehicle (UCAV) will endure when launched from a real Air Craft Carrier. And as you can see in the video above, it seemed to do very well!

The X-47B is a demonstrator model for future carrier based UCAVs. The X-47B brings a lot more brains to the table than previous drones. According to reports this drone can be flown entirely by artificial intelligence.

Sea trials on a real aircraft carrier will be undertaken next year.

DARPA’s Foundational CyberWarfare Plan-X: The Roadmap for Future CyberWar

Personnel of the 624th Operations Center, located at Joint Base San Antonio - Lackland, conduct cyber operations in support of the command and control of Air Force network operations and the joint requirements of Air Forces Cyber, the Air Force component of U.S. Cyber Command. The 624th OC is the operational arm of the 24th Air Force, and benefits from lessons learned during exercises such as Cyber Flag 13-1. (U.S. Air Force photo by William Belcher)
Personnel of the 624th Operations Center, located at Joint Base San Antonio – Lackland, conduct cyber operations.  (U.S. Air Force photo by William Belcher)

In October, DARPA held a meeting concerning the direction the military should take in the development of cyber capabilities. They invited more than 350 cyber researchers to the meeting to discuss their research program, “Plan-X”.

But just what is “Plan X”?

According to DARPA, Foundational CyberWarfare Plan X “will attempt to create revolutionary technologies for understanding, planning and managing DoD cyber missions in real-time, large-scale and dynamic network environments,” and it will also “conduct novel research on the cyber domain.”

So basically it sounds like DARPA is calling on industry experts and researchers to help create a Roadmap for how Cyberwar will be fought in the future.

The program covers largely unchartered territory as we attempt to formalize cyber mission command and control for the DoD.” says Dan Roelker, DARPA program manager. And DARPA told FoxNews that “Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit and capability set in the planning, execution, and measurement phases of military cyber operations”.

From the released Plan X BAA:

“The Plan X program seeks to build an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time, large-scale, and dynamic network environments. Specifically, the Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit, and capability set in the planning, execution, and measurement phases of military cyber operations. To achieve this goal, the Plan X system will be developed as an open platform architecture for integration with government and industry technologies.”

Specifically Plan X is not funding new cyber weapons, but instead focuses on building a prototype system using the following five Techincal Areas:

  • System Architecture
  • Cyber Battlespace Analytics
  • Mission Construction
  • Mission Execution
  • Intuitive Interfaces

System Architecture

The System Architecture team will build the Plan X system infrastructure and support overall system design and development. This includes secure architecture design, development of application programming interfaces (APIs), and data format specifications. The System Architecture team will also be responsible for purchasing system hardware and maintaining the overall infrastructure.

Cyber Battlespace Analytics

Performers in this area will develop automated analysis techniques to assist human understanding of the cyber battlespace, support development of cyberwarfare strategies, and measure and model battle damage assessment. Data sets will include logical network topologies, and node / link attributes.

Mission Construction

Performers in this area will develop technologies to construct mission plans and automatically synthesize plans to an executable mission script. Performers will also develop technologies to formally verify plans and quantify the expected effects and outcomes. TA3 involves the development of cyberwarfare domain specific languages, program synthesis, and automated program construction from high-level specifications.

Mission Execution

Performers will research and develop: 1) the mission script runtime environment and 2) support platforms. The runtime environment will execute mission scripts end-to-end, including construction of capabilities and support platform deployment. The support platform research area focuses on building operating systems and virtual machines designed to operate in highly dynamic and hostile network environments. Support platforms will be developed to operate on all computer architecture levels, from hypervisor to sandboxed user applications.

Intuitive Interfaces

The Intuitive Interfaces team will design the overall Plan X user experience, including workflows, intuitive views, motion studies, and integrated visual applications. Coordinated views of the cyber battlespace will provide cyberwarfare functions of planning, execution, situational awareness, and simulation. Performers will work closely with all other technical areas to ensure that the needed graphical user interface (GUI) APIs are defined and provided.

Some interesting points mentioned include levels of autonomous operation, enforcing Rules of Engagement and a cyber operation “play book“.

They also want to create “Real-Time Cyber Battlespace views” which would will show an overview map of all ongoing cyber operations and plans and allow a commander to drill down into the data to see individual operation details.

The full 52 page Foundational Cyberwarfare (Plan X) can be found on