Robotron Drones Phone Home to China

This morning the Security
and Applied Science (SAS) Directorate and the Federal Bureau of Inquiry
announced this morning that they had shut down an automated espionage operation
being conducted by the PRK’s UGG (Uilyo Gong-Gyeog) advanced persistent
threat group. Their latest activity utilized hacked Robotron drones to collect
photographic and electronic information about critical infrastructure. “The UGG
effectively turned the fleet of Robotron BF 109 drones into a data collection
bot,” Nelson E. R. Donally, SAS spokesperson told reporters.

An analyst with the SAS who is
not authorized to speak to the press noted that: “While we were focusing on
removing Chinese made drones from US airspace, the UGG was targeting the largest
non-Chinese uncrewed aircraft manufacturer, Robotron Aero, to turn their
aircraft into Chinese data collection tools.”

Johnathan Quest, FBI
spokesperson, told reporters: “We have arrest warrants for three members of the
UGG leadership, but we do not expect that Chinese authorities will cooperate in
their apprehension and extradition. We do, however, have a programmer in
custody who worked on the Robotron project for UGG. He was arrested on a
federal warrant in Singapore and has been extradited.”

Donally told reporters that SAS
became aware of the use of Robotron drones when Barkhorn Aviation of Dothan, AL
approached the agency with communications logs from one of their BF 109’s. They
noted a large block of data being transmitted to an unknown phone number after
operations near Fort Novosel. We were able to track those communications
through a number of links to a small server farm two blocks away from the
Chinese mission in Atlanta. “We were able to seize those servers and use that
access to track information back to an additional 150 BF 109 drones in use
across the United States,” Donally explained.

A technician with Dragonfire
Cyber who was not authorized to speak with reporters told me that the UGG chip
was a communications control chip. The Robotron Aero design allows the drone to
communicate via FM radio, cell phone and Bluetooth and encrypts all
communications. UGG added additional communications monitoring capabilities and
a separate encryption method for selected data.

The SAS Technical Division was
able to isolate a single chip found in the BF 109 control system that allowed
UGG to establish a physical backdoor in that control system. That chip was made
in Taiwan by a manufacturer that was controlled by UGG. Quest told reporters
that law enforcement personnel in Taiwan were helping the FBI in their
investigation. “They seized customer records from that company,” Quest said; “We
are currently tracking down locations where similar chips are in use in this
country.”

Robotron Aero issued a statement
that reported: “We are working in partnership with SAS and the FBI to try to
determine how the electronic systems on our aircraft were compromised. We will
have a team available to customers to remove the offending chip once the FBI or
other regional law enforcement agencies have completed their forensic
examination of each aircraft. The BF 109 fleet is currently grounded pending
completion of those efforts.”

CAUTIONARY
NOTE: This is a future news story –Future ICS Security NewsRead More