The German Patriot air and missile defense systems, stationed at the Turkish border with Syria, have carried out “unexplained” commands allegedly issued by unknown hackers, according to a German media report since rebutted by the government.
The US-produced missile systems, belonging to the German Bundeswehr armed forces and based on the territory of NATO ally Turkey since 2013, have been compromised, according to a report in the German Behörden Spiegel.
As a result, the systems, consisting of six launchers and two radars, reportedly carried out “unexplained” orders, the publication claimed, providing no further information on the kind of commands.
A spokesman for the Federal Department of Defense however rebutted the report on Tuesday, saying that “there is no base data” for an extremely improbable attack, Die Welt newspaper reported.
According to the magazine, there could be two weak spots in the system, which was first used by the US army over 30 years ago. The first one is the Sensor-Shooter-Interoperability (SSI), which stands for the information exchange between the missile launcher and its control system. Another weakness could be in computer chips, which are responsible for the guidance of the weapon.
Compromising military systems is not something that an amateur hacking group would have the skills to do, or would want to admit doing, believes computer security consultant and former UK-based computer hacker Robert Jonathan Schifreen. He told RT that the “unexplained” commands from the hackers mentioned in the report, while “certainly worrying,” could not possibly be anything of much significance.
“These systems are not linked to public networks, they require special codes to fire the missile, which only a certain number of people have, and you generally need the code from two or three people to fire it, or to do anything that is of significance,” Schifreen said. “I don’t think it’s actually happened, which is not to say that some of these systems are not hackable in some way. It is possible in some way perhaps to detect the presence of it, but anything more than that is going to take some serious skills.”
“It is certainly the case that foreign governments, intelligence agencies do try to hack into these systems, and it may well be that the software built into the missile has been compromised in some way by some foreign government,” he added.
But the main risk, says security expert Billy Rios, stems from software upgrades that provide smart weapon capabilities to the weaponry, along with incompetence of local operators who have only basic understanding of how these military systems work and connect to each other.
“Each individual weapons system presents a different set of systems that someone would have to penetrate in order to take control of it,” Rios told RT. “It is surprising how these things eventually get connected to the internet or to the network. Normally it does not start off that way, normally it’s during an upgrade of some type. One day it’s not connected and the next day it is.”
“It is a good question for commanders to be asking themselves: Hey, are our systems connected? Are they somehow connected to the Internet? Have we had any recent upgrades that made these things smart, like smart weapon, where it can transmit data to and from other places?”
“And it’s probably a question they are not very comfortable asking themselves,” he added.
Meanwhile a former MI5 agent and whistleblower, Annie Machon, noted the reports of unauthorized access to US-made military systems “is a parallel with some of the disclosures that Edward Snowden has come out with.”
“The US based software is often very closed, very proprietary, nobody is allowed to see what their codes contain and the NSA has lent on companies to make sure that back doors are built in, which is for NSA to look at and its vassal states,” Machon told RT, talking on the vulnerabilities of the military hardware, governed by American software.
Last month, Germany announced that it planned to replace Patriot missiles with MEADS (Medium Extended Air Defense System), a new air defense system developed by the USA, Italy and Germany. The cost of the move is estimated at more than €4 billion.
“Who actually has their finger on the trigger? This is a basic problem for partners of the US. If they buy US software, if they buy US military hardware, do they really have control of it?” Machon wondered.
“Now, any country that is serious about its national security, its national interests should surely be building its own weaponry. And it should be making sure it’s developing its own population knowledge base, its skills base – to be able to do that, too.”