Pages

Sunday, January 31, 2016

The reason that Israeli drone footage could be intercepted - it wasn't encrypted!



Last week came the bombshell news that Israeli air footage was being intercepted by US and UK intelligence for years:

The United States and Britain have monitored secret sorties and communications by Israel's air force in a hacking operation dating back to 1998, according to documents attributed to leaks by former U.S. spy agency contractor Edward Snowden.

Israel voiced disappointment at the disclosures, which were published on Friday in three media outlets and might further strain relations with Washington after years of feuding over strategies on Iran and the Palestinians.

Israel's Yedioth Ahronoth daily said the U.S. National Security Agency, which specializes in electronic surveillance, and its British counterpart GCHQ spied on Israeli air force missions against the Palestinian enclave Gaza, Syria and Iran.

The spy operation, codenamed "Anarchist", was run out of a Cyprus base and targeted other Middle East states too, it said. Its findings were mirrored by stories in Germany's Der Spiegel news magazine and the online publication The Intercept, which lists Snowden confidant Glenn Greenwald among its associates.
The article in The Intercept that describes how they did it shows a shocking fact - Israel didn't really encrypt the communications. It merely scrambled them in a way that could be unscrambled using public domain tools.
According to GCHQ Anarchist training manuals from 2008, analysts took snapshots of live signals and would process them for “poor quality signals, or for scrambled video.”

The manuals stated that video feeds were scrambled using a method similar to that used to protect the signals of subscriber-only TV channels. Analysts decoded the images using open-source code “freely available on the internet” — a program known as AntiSky. The attack reconstructed the image by brute force, allowing intelligence agents to crack the encryption without knowing the algorithm that had been used to scramble the video.
Encryption is encoding information that cannot be seen without a "key" (or an error in the encryption algorithm.)

But Antisky (named because the original scrambling algorithm was used by UK's Sky network) doesn't decrypt in the real sense of the word. It figures out how to reproduce video scrambled with an algorithm caled Videocrypt. As its documentation describes:
Videocrypt rotates individual lines, or in other words, every line is cut at a secret point in two parts and then both parts are exchanged. I.e. if an original line in the pixtures was

0123456789

(each digit represents one pixel), then the rotated version (here with offset 3) looks like

7890123456

What the first step of the ANTISKY algorithm is doing is only to compare this rotated line in all 10 offsets

7890123456
6789012345
5678901234
...
9012345678
8901234567

with the previous line. The measure of how good this line compares in one particular offset to the previous one is the sum of the products between pixels in the same column. In the output picture, consecutive lines are rotated relative to each other, so that this measure is maximized. The first line is not touched.
Since virtually every line in a video is very similar to the line above it, the Antisky program reshuffles each line of video until is matches as closely as possible the previous line.

This is compute intensive which is why it cannot be used to descramble the signal in real time, but individual shots can be decoded with the right equipment in a few minutes. The leakers published a short manual on exactly what operators need to do to descramble signals using both Antisky and ImageMagick.

What this comes down to is that the Israelis relied on an old technology (at least from 1994) to obfuscate, but not encrypt, the video signals coming from the drones

There is one other leaked document from 2010 that seems to indicate a different method of extracting the signals that had been upgraded to digital, not the analog signals from the earlier drones (and other equipment.) But although that document indicates that they had not been fully successful at decoding all the signals, they were able to decode multiple video streams from the same drone, again indicating that there was no encryption of the signal - the analysts just had to figure out what algorithms were being used to digitize the data, and therefore how to extract each video from a larger data stream.

This is a major screw-up on Israel's part.


We have lots of ideas, but we need more resources to be even more effective. Please donate today to help get the message out and to help defend Israel.