This morning the Security and Applied Science (SAS) Directorate and the Federal Bureau of Inquiry announced this morning that they had shut down an automated espionage operation being conducted by the PRK’s UGG (Uilyo Gong-Gyeog) advanced persistent threat group. Their latest activity utilized hacked Robotron drones to collect photographic and electronic information about critical infrastructure. “The UGG effectively turned the fleet of Robotron BF 109 drones into a data collection bot,” Nelson E. R. Donally, SAS spokesperson told reporters.
An analyst with the SAS who is not authorized to speak to the press noted that: “While we were focusing on removing Chinese made drones from US airspace, the UGG was targeting the largest non-Chinese uncrewed aircraft manufacturer, Robotron Aero, to turn their aircraft into Chinese data collection tools.”
Johnathan Quest, FBI spokesperson, told reporters: “We have arrest warrants for three members of the UGG leadership, but we do not expect that Chinese authorities will cooperate in their apprehension and extradition. We do, however, have a programmer in custody who worked on the Robotron project for UGG. He was arrested on a federal warrant in Singapore and has been extradited.”
Donally told reporters that SAS became aware of the use of Robotron drones when Barkhorn Aviation of Dothan, AL approached the agency with communications logs from one of their BF 109’s. They noted a large block of data being transmitted to an unknown phone number after operations near Fort Novosel. We were able to track those communications through a number of links to a small server farm two blocks away from the Chinese mission in Atlanta. “We were able to seize those servers and use that access to track information back to an additional 150 BF 109 drones in use across the United States,” Donally explained.
A technician with Dragonfire Cyber who was not authorized to speak with reporters told me that the UGG chip was a communications control chip. The Robotron Aero design allows the drone to communicate via FM radio, cell phone and Bluetooth and encrypts all communications. UGG added additional communications monitoring capabilities and a separate encryption method for selected data.
The SAS Technical Division was able to isolate a single chip found in the BF 109 control system that allowed UGG to establish a physical backdoor in that control system. That chip was made in Taiwan by a manufacturer that was controlled by UGG. Quest told reporters that law enforcement personnel in Taiwan were helping the FBI in their investigation. “They seized customer records from that company,” Quest said; “We are currently tracking down locations where similar chips are in use in this country.”
Robotron Aero issued a statement that reported: “We are working in partnership with SAS and the FBI to try to determine how the electronic systems on our aircraft were compromised. We will have a team available to customers to remove the offending chip once the FBI or other regional law enforcement agencies have completed their forensic examination of each aircraft. The BF 109 fleet is currently grounded pending completion of those efforts.”
No comments:
Post a Comment