Pic Source: http://defencetalk.net/threads/kargil-war-11-things-you-should-know.6602/
Now this article below takes me back in time to Kargil during OP Vijay. I was there as part of a RR unit a specialised counterinsurgency unit that was send as initial reinforcements. My unit was never launched in any attack but were deployed as reserves to defend Kargil town and I had a front seat view of the war as it unfolded. Now the Kargil war is another story for another time, but there was one small incident that left an indelible mark on me and gave me an insight into what is possible in a InfoWar context.
As my company was deployed for rear area security, I concentrated on training my troops as in war anything can happen and one has to be prepared for the worst. The areas I paid attention to was fitness in high altitude terrain and map reading in the mountains, for section and platoon leaders. We had all been issued with GPS navigators recently and I tried to train my troops on this new gadget with little success which I attributed at that time to my position in a narrow valley where maybe I could not get enough satellite signals. The Kargil war ended without much excitement other than the thrill of being bracketed by enemy shelling and having been in a war zone. Although little did I realise the significance of a short haired, television reporter who was always hanging around the STD booths in Kargil town and talking in a slightly loud, typical Delhi accented English about her Sat phone, the later to be famous Barkha Dutt the chief beneficiary of India’s first war in the television era . 🙂
The war ended on a happy note and I was one of the first to be send on leave, even before officially leave was opened for all ranks. I landed up at Srinagar transit camp and as usual went to the watering hole at the officers mess to catch up with others on news of the dead and wounded. There I met an officer in Naval uniform which seemed unusual and went to inquire from him on what he was upto at such distance from the sea during wartime. The Naval officer, I forget his name informed me that he was going to Kargil with some sensitive Russian equipment to check the GPS signals, as seemingly there was an anomaly in the signal and it seemed as if the Americans had modified the signal in the Kargil theater.
This particular incident made a strong impression in my mind and later on when I started taking interest in InfoWar, this incident made me realise that our entire ICT infrastructure was vulnerable and built on blind faith. This incident also gave me an insight much before the Snowden revelations on the true nature and dangers of acquiring equipment with built in code. The parallels between cyberspace and the real world wherein the OEM holds final control, depending on his intention and the need for building up indigenous capability in the information age being the only way to security were my takeaway from this episode.
What Would Happen If G.P.S. Failed?
BY GREG MILNER
With the right tools, a G.P.S. hacker could disrupt financial markets or make an aircraft fall from the sky.
.
The radio signal that is the lifeblood of the Global Positioning System originates from a constellation of twenty-four satellites, orbiting more than twelve thousand miles above Earth. When it reaches the ground, after about sixty-seven milliseconds, it is so weak as to be almost imperceptible. (G.P.S. experts often compare processing the signal to trying to read by the light of a single bulb in a city thousands of miles away.) The signal tells the receiver the precise moment at which it left the satellite. Given four of these cues, processed simultaneously, the receiver can extrapolate its position in three dimensions. A timing error of as little as a millisecond can throw its calculation off by nearly two hundred miles.
The United States Air Force, which runs the G.P.S. Master Control Station, in Colorado, calls G.P.S. “the world’s only global utility.” Wholly owned by the U.S. government, the system is available free to everyone, everywhere; an ISISterrorist glancing at his phone for a position fix benefits from the Pentagon’s largesse as much as a commuter on I-95. Since the first G.P.S. satellite was launched, in 1978, the system has steadily become the most powerful of its kind. (Other countries have navigation satellite networks, but none are as dependable or as widely available.) There are now around seven G.P.S. receivers on this planet for every ten people. Estimates of the system’s economic value often run into the trillions of dollars.
That’s a lot of responsibility for such a weak signal. The Pentagon’s Defense Advanced Research Projects Agency recently determined that, within thirty seconds of a catastrophic G.P.S. shutdown, a position reading would have a margin of error the size of Washington, D.C. After an hour, it would be Montana-sized. Drivers might miss their freeway exits, but planes would also be grounded, ships would drift off course, commuter-rail systems would be tied up, and millions of freight-train cars with G.P.S. beacons would disappear from the map.
Fortunately, a worldwide G.P.S. failure is unlikely. A hacker or terrorist would require either a weapon powerful enough to destroy the satellites or a way to infiltrate the heavily fortified Master Control Station. The bigger worry is spoofing, the transmission of a bogus G.P.S. signal that nearby receivers mistake for the real thing. Although localized, such an attack could have profound consequences. The U.S. Department of Homeland Security classifies sixteen infrastructure sectors—including dams, agriculture, health care, emergency services, and information technology—as critical, and therefore particularly vulnerable to sabotage. All but three require G.P.S. for essential functions. Most use the system for timing, not positioning. The atomic clocks aboard the satellites, synchronized to within nanoseconds, are used to link clocks over large geographic distances. G.P.S. time allows cellular calls to bounce flawlessly between towers, regulates the measurement of power flowing though electrical grids, and time-stamps financial transactions—particularly important in the era of high-frequency trading, when milliseconds are worth millions.
Security officials have been concerned about the susceptibility of G.P.S. to spoofing since at least the early two-thousands. Fourteen years ago, a team at Los Alamos National Laboratory, in New Mexico, built a spoofer by modifying a G.P.S.-signal simulator (a legal device that tests receivers’ accuracy) and aiming it at a stationary receiver more than a mile away. The receiver’s display revealed that it believed it was zipping across the desert at six hundred miles per hour. The world’s most powerful spoofer, however, wasn’t built for another six years. It began as a graduate-school project by Todd Humphreys, now an engineering professor and the head of the Radionavigation Laboratory at the University of Texas at Austin. Humphreys believed that the government was underestimating G.P.S.’s vulnerability to the Los Alamos team’s spoofer, but he also felt that the device would be readily detected in the real world. So he set about building a more covert version. An expert in software-defined radio—the modification of radio signals with a computer, as opposed to mixers, amplifiers, and other hardware—Humphreys used a general-purpose processor to build what he calls a “formidable lying machine,” a box that “listens” to the G.P.S. signal, gradually builds a bogus signal that aligns perfectly with the real, and then slowly overtakes it.
Humphreys’s team débuted its spoofer in 2012. In front of an audience of military and government officials, Humphreys fed faulty G.P.S. coördinates to a test drone aircraft from a third of a mile away, causing it to plummet. (He would later hear that officials were “shocked” upon reviewing video of the demonstration.) A month after that, he testified before Congress. The good news, he said, was that there were, at most, a hundred people in the world who could build a spoofer as mighty as his. For the moment, it was probably beyond the reach of organized crime or terrorist groups but “well within the capabilities of near-peer nation-states.” He spent the next few years documenting how his spoofer could induce the kinds of clock errors that might undermine power companies, telecoms, and financial firms. The last of these, Humphreys thinks, are particularly vulnerable to attack. Although he believes that the major trading houses, such as the New York Stock Exchange, have installed strong anti-spoofing measures, he worries about individual traders, who often use their own timing feed, jacking directly into the unsecured G.P.S. data stream. A spoofing attack on these targets could have disastrous ripple effects: blackouts, communications breakdowns, and market failures akin to the “flash crash” of 2010.
Humphreys’s spoofer consists almost entirely of code. Even if nobody in the world has the expertise to recreate it, it is still vulnerable to so-called script kiddies, hackers with enough skill to steal and install it. In the three years after Humphreys testified, F.B.I. agents regularly visited his office to check that the code was secure. Last August, he gave them bad news. The hackers hadn’t gotten to him, Humphreys said, but they now had other options. A Japanese researcher had recently uploaded a software-defined G.P.S. simulator to the online repository GitHub. Humphreys assumed that the researcher’s intentions were good—hardware simulators, used by engineers to design and test G.P.S. equipment, can cost hundreds of thousands of dollars—but that the larger ramifications had probably not occurred to him. “He was uploading a spoofer,” Humphreys wrote in an op-ed for the journal IEEE ComSoc Technology News. “He was handing his code to the script kiddies.” That same month, at DEF CON, a hacker conference held annually in Las Vegas, a team from a Beijing-based cybersecurity company showed off a new G.P.S. spoofer, which it had built by cobbling together publicly available code. Suddenly, it seemed much easier to tell a formidable lie to G.P.S., the technology that runs the world. How long before a terrorist or a script kiddie decides to aim one at a cell tower or electrical substation, just to see what happens?
Excellent article Pavithran.
I’m awed by your grasp of global issues of cyber info War and putting across so succinctly that as layman I could comprehend the magnanimity of the risks of technology falling in Wrong Hands.
– My best wishes to you –
So this is the pen ultimate objective of of the Paul Wolfowitz doctrine of Full spectrum dominance ! Superply written piece and eloquently conveyed to lay reader !
Well researched article, presenting the stark facts to the layman on the street and also to the yop bosses in the security establishment in the country.
I hope our govt is aware if these facts and is taking counter measures.