Hezbollah cracked Israeli codes?

| Comments (6) |
A while ago I came across the claim that Hezbollah had compromised Israel's battlefield communications:
"We were able to monitor Israeli communications, and we used this information to adjust our planning," said a Hezbollah commander involved in the battles, speaking on the condition of anonymity. The official refused to detail how Hezbollah was able to intercept and decipher Israeli transmissions. He acknowledged that fighters were not able to hack into Israeli communications around the clock.

The Israeli military refused to comment on whether its radio communications were compromised, citing security concerns. But a former Israeli general, who spoke on the condition of anonymity, said Hezbollah's ability to secretly hack into military transmissions had "disastrous" consequences for the Israeli offensive.

"Israel's military leaders clearly underestimated the enemy and this is just one example," he said.

...

Like most modern militaries, Israeli forces use a practice known as "frequency-hopping" - rapidly switching among dozens of frequencies per second - to prevent radio messages from being jammed or intercepted. It also uses encryption devices to make it difficult for enemy forces to decipher transmissions even if they are intercepted. The Israelis mostly rely on a U.S.-designed communication system called the Single Channel Ground and Airborne Radio System.

This probably needs some unpacking. There are two technologies in play here, frequency hopping and encryption.

Let's start with the encryption. In any communication security environment you want to be able to ensure that attackers can't get access to the data you're transferring (confidentiality), that they can't insert data that you accept as valid (data origin authentication), and that they can't modify your data in flight (integrity). We have fairly well-developed cryptographic techniques for providing these services provided the cryptographic keys are handled correctly. The particular unit the Israelis are using (SINCGARS was designed by the NSA--which knows what it's doing. It would be very big news if Iran knew how to break NSA-designed crypto.

Even if the NSA had screwed up, you'd expect Israel to have caught it. Israel has some of the best cryptographers in the world. I'd be pretty surprised if the Israeli military is using crypto that hasn't been properly vetted. Obviously, it's possible that Hezbollah got their hands on a few crypto units, but you'd expect the Israelis to change their code keys in response. It's hard to believe that they broke the cipher per se.

The frequency hopping system is a different matter. The general idea behind a frequency hopping scheme is that the sender and receiver have synchronized pseudorandom number generators and use those to constantly adjust what frequencies they're transmitting and receiving on. This makes the signal both hard to jam and hard to intercept (more info here). It's easy to believe that the Iranians developed technology to make it easier to intercept this kind of communication for instance by monitoring all the candidate channels and using signal-processing techniques to reassemble the signal (disclaimer: I'm not an RF engineer, which is why that's a bit handwavy).

Of course, even if you were able to recover the signal, you'd still have only ciphertext, but that would still let you do traffic analysis, localization, etc. which could be very useful in a battlefield situation, even if you don't know the actual content of the communication that's being transmited.

6 Comments

Also, you don't need to break the spread spectrum pRNG to do all that groovy signal analysis in terms of localization, activity, etc.

You just listen on a bunch of frequenncies, and at a bunch of different points. You see the spread specturm receivers hopping on and off, and can triangulate them based on timing.

Funny joke with Meganet...

Another theory I've seen is that some Israeli troops may have used civilian cell phones while at the front. That could enable direction-finding and ranging, if perhaps not full eavesdropping. I don't know enough about the geography involved to know if this is plausible or not (i.e. would cell phones have been in range of a suitable base station).

Either your scenario, the cellphone one, or captured radios and not updating the keys fast enough make sense. I'd put Iran breaking the crypto far lower in probability, but I wouldn't entirely rule it out. There are a lot of things that can go wrong with a cipher in practice (bad cipher, bad key management, bad RNG, bad surrounding protocols), and you don't need a huge stock of first-rate cryptanalysts to break something--one is enough, if he's good enough.

I'd actually bet it was a host of things. Four come to mind, which give a HUGE amonut of information on a communication/wireless heavy army like the Israelis or US, going against a well prepared defensive foe.


Triangulation setups. A bunch of systems (Heck, Gnu Radio would be perfect platform for it) spread around at geographically known locations and connected by landlines.

Any 4th year signal processing EE undergrad should be able to tell you were every emitter seen is by triangulation of timing, including spread-spectrum senders.

It actually might make a very good class project! (Remember, 10 microseconds is 3 km of travel, but is 10,000 clock cycles. 100M resolution should be 'good enuf' (333 ns precision))


Cellphones. Just having cellphones left ON gives instant triangulation information, as they are very good at broadcasting "I am here" messages on a continual basis. And even the "nonclassified" phones-home across the border from some nervous draftee to his mother gives a wealth of information.


No crypto radios. Its unclear whether it is crypto "all teh way down", or if squad level tactical radios were unencrypted.


Bad key management & captured radios.

My hypothesis: for an Israeli army command that's been heavily criticized for botching the Lebanon invasion, "Hezbollah cracked our cryptography" is a much more appealing excuse than "our campaign was so poorly planned and clumsily executed that Hezbollah was easily able to figure out what we were doing at any time, using standard reconnaisance methods, and counter it to devastating effect".

If Hezbollah/Iran had really cracked the Israeli codes do you think they'd be publicly announcing it?

Leave a comment