Dec. 17, 2011 -- There are unavoidable signs that the U.S. and Iran are engaged in significant covert actions against each other, including cyber war. Among the alleged covert activities that have been reported are:
Attacks on U.S. troops in Iraq and Afghanistan directed by the secretive Iranian Qods Force, often using Iranian designed improvised explosive devices;
U.S. manipulation, tampering, and contamination of parts and materials bought by Iran from other countries for use in its missile and nuclear programs;
An attempt by members of Iran's elite Quds Force to hire paramilitaries from Mexico's Zetas drug cartel to conduct a terrorist bombing in Washington;
The destruction of Iranian nuclear centrifuges by a U.S. computer virus, known as Stuxnet, and the creation of a cyber warfare unit by Iran to retaliate;
An unusually high rate of explosions at key facilities in Iran, including a missile development center, and at refineries and pipelines;
U.S. drone over-flights of Iranian nuclear facilities, and the Iranian response. Two drones were shot down over Iran before the recent Iranian capture of a U.S. stealth drone;
The discovery and arrest of a network of Iranians and Lebanese spying on behalf of the CIA, perhaps involving Iranian counter-intelligence agents breaking into a CIA covert communications computer network;
The assassination on the streets of Tehran of Iranian nuclear physicists, probably by agents hired by Israel;
The insertion of U.S. reconnaissance teams inside Iran.
It is against that backdrop of rumored covert action that Iran now claims to have captured a U.S. stealth drone, the RQ-170 Sentinel. Pentagon spokesmen quickly denied that Iran had outwitted the U.S., claiming that Iran had "lucked out" when U.S. pilots "lost control" of the RQ-170 and it just crashed in Iran. But is there a chance that Iran is right; how could Iran have done it? It might have happened something like this:
Iran could easily have learned where the U.S. RQ-170s are based in Afghanistan and might even have been able to notice when they take off and head toward Iran. They might well have guessed, correctly, that the RQ-170 was headed for an Iranian nuclear facility.
Iran could have stationed its newly acquired Russian Electronic Warfare (EW) truck mounted system, known as Avtobaza, near the nuclear facility. The Russian export is designed to manipulate the guidance and communications system of U.S. weapons. Using that system, Iran might have jammed the command-control link between the U.S. drone and the commercial satellite the drone uses to link back to its pilot.
When the drone can't talk to its pilot, after a while, it aborts its mission and goes home. To find its way home, the drone uses signals from the Global Positioning System (GPS) satellites. Unfortunately, the signal strength of the GPS satellites is relatively weak and a strong signal from something like the Russian EW systems can overpower it. This technique has been frequently demonstrated and allows something like the Russian trucks to "spoof" the GPS signal, pretending to be the satellite and providing false data to GPS receivers.
Iran Claims Electronic Attack Brought Down Drone
To avoid being spoofed, U.S. military systems listen to a different frequency than civilian GPS receivers, an encrypted channel from the satellite. How could Iran get around that? Iran could have gotten its hands on the encryption key used on U.S. drones, perhaps in the wreckage of the Reaper drones it has already shot down. Alternatively, Iran could have jammed the military GPS frequency, forcing the RQ-170 to shift to the civilian GPS channel.
If they did that, the RQ-170, unable to phone home, would have tried instead to fly home, but it would do so using a GPS signal that Iran was spoofing. By telling the drone that west was east and then giving it more detailed mis-directions, Iranian electronic specialists could have flown the aircraft to a base where Iranian intelligence officers were waiting for it. When the RQ-170 got to where it thought its home base was located, it would have landed on auto-pilot.
That's the story one Iranian official told the Christian Science Monitor (though other Iranian officials claim they did more than just "spoof" the drone.) Is the story plausible? Pentagon and U.S. intelligence experts say no, but they may underestimate Iran and overestimate their own systems. That kind of arrogance has happened before, when the U.S. was confident that the Soviet Union could not be reading the American Navy's encryption codes (but it was, thanks to the Walker family spy ring.). If the U.S. story is right, that the American pilot "lost control" of the RQ-170, the drone should have automatically flown home. It did not. If the U.S. is right and then drone just flew the wrong way and ran out of fuel, it should have crashed and been seriously damaged. In the Iranian pictures, the RQ-170 isn't badly damaged, or at least is made to look undamaged.
It is impossible for outside observers to know for sure which side's claims are right. It may even be hard for senior U.S. government officials to be sure that what they are being told by their experts is right. One lesson I learned over and over is that initial reports are almost always wrong. What we do know, however, is that Iran is seeking revenge for what it believes are CIA attacks, including the cyber weapon Stuxnet. And we can be sure that with both sides continuing to employ covert-action programs against the other, the risk of escalation and miscalculation increases, as does the risk of military hostilities.