Cyber in the Sky – RQ-170 Incident

On December 4, 2011, an American RQ-170 UAV crash-landed in northeastern Iran, bringing Iranian cyber warfare and electronic warfare (EW) capabilities to center stage. Since then, there has been much speculation about the cause of the malfunction in the UAV and possible Iranian involvement in bringing it down.

The Iranian government made an official announcement, declaring it had successfully taken over the UAV systems and landed the UAV intact.

But how did Iran do it?

While it was generally known back in 2011 that Iran possessed GPS jamming capabilities, the demonstration of this purported new capability to control a U.S. UAV and force it to land in Iranian territory sparked a whole new discussion regarding Iranian cyber warfare capabilities.

Experts on both sides suggested the possibility of GPS spoofing, thus taking it to another level.

While aircraft jamming is a known capability, albeit requiring a powerful-enough jammer, spoofing is what some would call the next level. It involves taking control over an aircraft navigation system and forcing it to land instead of following protocol and returning home when faced with enemy EW measures. Supporters of the ‘Spoofing Theory’ claim that the RQ-170 actually did follow protocol and returned to its ‘newly programmed’ home base – outside Kashmar in Iran.

According to several Iranian sources, this was an integrated attack combining a first stage of jamming followed by a second stage of spoofing.

Starting by disconnecting the UAV from its command center, the Iranians forced it to switch to internal guiding systems. At this point, the GPS system was jammed and misleading geographic data was sent to the UAV making it ‘believe’ that it was above the correct landing point.

It is important to mention that the idea of a possible disconnection of the UAV from its command center was noted by several sources but no references were made to the means by which this was achieved. It is unclear whether the disconnected command center was operating from the U.S. or from an American base in Afghanistan.

Although this scenario was suggested by Iranian sources and it is only one of several possible explanations for the incident, it is nonetheless important to consider the GPS spoofing as a very real option and be aware of the effect this ability can have on positioning Iran as a leading cyber warfare player in the Middle East.

RQ-170 Sentinel UAV
RQ-170 Sentinel UAV model as published by Iranian sources

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s