How Islamic Jihad Hacked Israel’s Drones
An alleged terrorist spent years peering through Israel’s eyes in the sky. And he didn’t need any high-end gear to get it done.
For at least two years, the Palestinian terror group Islamic Jihad could see what the Israeli military’s surveillance drones saw. That’s the accusation of Israeli prosecutors, who this week arrested a man they saw hacked into the drones’ video feeds. If true, the hack had obvious value to terrorist leaders as they planned their operations against Israeli troops and civilians.
Israeli authorities arrested the alleged hacker, 23-year-old Maagad Ben Juwad Oydeh, this year. On March 23 the Beersheba District Court indicted Oydeh on charges of spying, conspiracy, contact with enemy agents, and membership in an illegal organization.
The Israeli press has referred to Oydeh as a “master hacker.” But his alleged crimes were, on a technical level, probably far less impressive than whatever methods the Israelis used to appprehend him. In fact, American drones were for years succeptible to the same kind of hacks.
Israeli authorities have provided only the barest details of Oydeh’s background and alleged crimes. Press reports citing the indictment claim Oydeh first came into contact with Islamic Jihad while working in his father’s electronics store in Gaza.
The terror group reportedly provided Oydeh a satellite dish for picking up radio signals and a frequency counter for pinpointing the signals’ location on the electromagnetic spectrum.
It reportedly took Oydeh three tries to intercept the signals from Israeli drones flying over Gaza. On the third attempt in 2012, Oydeh was allegedly able to record the video that at least one of the unmanned aircraft was beaming to a military ground station.
The court claimed that during his alleged four-year terror career, Oydeh also tapped into ground-based security cameras belonging to the Israeli military and police—and also electronically infiltrated the data network of Israel’s Ben Gurion Airport.
The drone hack is possibly the most dramatic of Oydeh’s alleged crimes, if not the most useful for terrorist planners.
Viewing the video drone would have allowed Islamic Jihad leaders to determine where in Gaza Israeli authorities were focusing their attention—and possibly deduce from that information which of the terror group’s own operatives were under surveillance.
But intercepting a drone’s video feed isn’t exactly difficult. It’s actually much harder to tell when someone is illegally hacking a feed than it is to illicitly capture the feed in the first place. Indeed, for many years now insurgents, terrorists, and even professional spies have been surreptitiously tapping into America’s drone video streams.
In 2009, U.S. authorities admitted that Iranian-backed insurgents in Iraq had used consumer-grade hardware and software to intercept and record video feeds from U.S. military drones flying overhead.
More recently, whistleblower Edward Snowden—a former U.S. National Security Agency analyst—provided to The Intercept evidence that American and British spies based in Cyprus had tapped into Israeli drones feeds in 2009 and 2010.
That’s not hard to do because drones’ video streams are, by design, meant to be easily accessible. To that end, the feeds might be totally open and unencrypted.
That’s especially true of drones belonging to the Israeli Defense Forces, which tries to make overhead video available to as many frontline soldiers as possible. “It’s hard to make this feed both secure and conveniently accessible to any IDF forces who need it,” Todd Humphreys, a professor at the University of Texas’ Radionavigation Laboratory, told The Daily Beast in an email.
“With the right encryption and strict security protocols, there is no way even a ‘master hacker’ like Juwad Oydeh could get access to these feeds,” Humphreys added. “But sometimes the strict security put in place also keeps IDF Lieutenant X from seeing the feed when he desperately needs it. It’s a classic security-convenience tradeoff.”
To tap into an unencrypted video feed, all you really need is a satellite dish and a radio receiver. The frequency counter can help to speed up the hacking process. All these items “exist in the marketplace with no problem whatsoever to acquire them,” Richard Langley, a satellite tracking expert at the University of New Brunswick in Canada, told The Daily Beast.
Prop up the dish, tune the radio, pinpoint the signals from drones flying overhead—and voila. You’ve hacked the drone. What you’re likely to get is a stream of digital code. “You need to decode it,” Langley explained. “You have to figure our what protocol is being used to transmit the bits of information that make up picture or video that's being transmitted.”
But for convenience, most drone operators probably use the same video standards that, well, everyone else does. “There are standards such as MP4, which is commonly used by almost everyone to take video,” Langely pointed out. “You could certainly transmit that via drone.” And anyone with even the barest experience in software engineering could easily decode the raw data into a viewable video, Langely said.
But what’s missing from the video stream is arguably more important than what’s present—namely, the drone’s command signal, which is transmitted to the robotic aircraft from a single, secure ground station via a highly encrypted radio link.
Sure, any hacker can intercept a drone’s raw video, which the robot broadcasts for the benefit of potentially hundreds of soldiers and analysts on the ground. But that’s what Humphreys called a “passive hack.” You can see what the drone sees, but you can’t control the drone.
So yes, Oydeh allegedly tapped into Israeli drone feeds. But what’s really impressive is the fact that Israeli authorities caught him allegedly doing so. That’s because there’s no easy way to know whether someone has intercepted your drone video.
U.S. troops discovered the drone-hacking going on in Iraq only after apprehending an insurgent fighter—and happening across recorded drone video on his laptop. It took Snowden, arguably the world’s most notorious whistleblower, to reveal to the world that American and British spies had tapped Israel’s drone feeds.
It’s possible Oydeh blabbed about his hacking—in person, on the phone, or in an email—while Israeli agents were listening in. It’s also possible an Islamic Jihad double agent implicated Oydeh.
But absent that traditional tradecraft, there’s just one way that Langley said he can think of for Israel to have detected Oydeh’s intrusion. Recalling how the British government requires TV owners to pay a user fee, Langley explained that—to catch freeloaders—government officials drive around in specially equipped vans that can detect the oscillators inside unregistered televisions.
Oscillators help a device capture a signal. And—this is key—they emit tiny, nearly undetectable signals of their own, ones that can give away their own location. If the Israelis are using equipment similar to British T.V. enforcers, they could—in theory—detect the drone-video detector. “But you’d have to be pretty close to the receiver to pick up its local oscillator signal,” Langley said.
If the Israelis used this method to catch Oydeh, they were either acting on a tip—or they got lucky.
In any event, the Israeli government claimed it succeeded in blocking Oydeh’s electronic intrusion in 2014 —two years before authorities finally arrested the alleged hacker. Perhaps like their American counterparts, the Israelis have begun adding some encryption to their drone feeds.
But Humphreys warned that fully protecting drone data streams can be “hard and expensive.” Hackers just might adapt faster than the drone operators do.