Electronic Weapons: Defeating Russian Electronic Warfare Systems

Archives

February 7, 2024: While fighting Russian electronic warfare (EW), Ukrainian forces have developed new electronic warfare systems faster than Russia can create countermeasures or attack methods. The objective of EW is to tap into enemy electronic signals and hijack or block them while preventing the enemy from doing the same to you. The electronic signals here chiefly involve radio for communicating with or controlling UAVs (Unmanned Aerial Vehicles). These signals can be blocked by the enemy or even hijacked so the enemy can take control of your UAVs. This can be done so that the owner of the UAV doesn’t realize it until the enemy suddenly takes control and uses your UAV against you.

The same method can be used with radar to either manipulate the signal so that it makes the enemy radar user believe nothing is out there or that what the enemy radar shows is not where it actually is or that there are multiple items indicated when there is actually only one. Radar jamming has become increasingly sophisticated, and aircraft can carry a container of EW equipment, like a bomb underneath a wing. These EW pods contain a wide variety of EW options. These pods are often updated to detect and manipulate certain signals. The Americans obtained current Russian EW equipment and scrutinized them. Their findings were shared with the Ukrainians and some NATO allies.

Combat operations are often thrown into chaos for those who are not prepared to handle all the EW operations they encounter. Ukrainian forces managed to cope and deal with the considerable EW capabilities the Russians used. This cost the Russians the element of surprise in some future encounter with the Americans or other NATO countries. The United States developed a lot of EW equipment and techniques during the Cold War but had little use for that since the 1990s. The Ukrainians receive military support from the Americans and other NATO countries, and this led the United States to bring back its Cold War era EW technology and, with Ukrainian help, update it.

During the Cold War the Russians built vehicles that carried a large assortment of EW equipment, as well as generators to produce enough power to keep EW equipment going. After the Soviet Union collapsed in 1991, Russia continued developing EW devices and techniques. The best and most powerful EW equipment were only used in situations where the opposition was dependent on electronic signals for communications, control, or surveillance. No matter what the situation, Russia employed some EW to gain an advantage.

In 2010 Russia deployed the Krasukha-4, truck mounted EW system and sent them to Syria and where the Krasukha-4 used its directed energy sonic cannon during 2018 to damage the electronics of an American AH-64 helicopter gunship, forcing the helicopter to land. In 2021 Israeli units operating near the Lebanese and Syrian borders had problems with Krasukha-4 signals and the more compact Sapphire EW system. In 2023 Russia began exporting Krasukha and Sapphire EW systems. After the Russians invaded Ukraine in 2022, the Ukrainians captured a damaged Krasukha system and gave it to the Americans, who sent it back to the United States for further investigation.

Since 2015 Russia has been using eastern Ukraine and Syria for testing new EW equipment and techniques under combat conditions to discover weaknesses and promote export sales as combat proven. Equipment still in development is also tested and sometimes modified on the spot. A recent example of that is the truck mounted Tirada-2 orbital jamming system that recently showed up in eastern Ukraine. Tirada-2 was seeking to hack the control signals and video feeds from American RQ-4B Global Hawk UAVs that regularly operated over eastern Ukraine. This would provide a look at what these UAVs see when they monitor Russian activity. Some RQ-4Bs are equipped with space satellite quality electronic sensors and the Russians were hoping to get an opportunity to monitor and perhaps hack those systems. Ukrainian and Western intelligence was aware of the existence of Tirada-2 if only because a less capable export model was being offered for sale. But now the more capable non-export Tirada-2 appears to have shown up in Eastern Ukraine but, as one would expect, no one was providing any details of who has been able to do what to whom.

Hacking and jamming satellites is nothing new. Even Islamic terrorists are active in this area. For example, in early 2015 TV5, a major French TV network was hijacked by hackers working for an Islamic terrorist group. Calling themselves CyberCaliphate, this group had apparently spent weeks getting past the formidable network security and did some major damage. TV5 satellite feeds sends programming to over 250 million households and businesses worldwide. All eleven TV5 channels were dark for three hours before a temporary data feed was established to put something on customer TV screens. It took over a week to clean the network of all the hacker malware and begin work on improving security. Other French media companies were informed of the threat and joint efforts were underway to improve security. Whatever enthusiasm there was for better security will probably not last because this was not the first time something like this has happened.

It’s not that the threat was ignored or underestimated. Officially the hacker threat is taken very seriously by media companies, especially those who broadcast via satellite. Starting in the late 1990s, growing reliance on data networks and satellite distribution of programming resulted in more and more attacks on these networks by groups seeking to get some attention by briefly seizing control of or shutting down these systems.

These attacks reached something of a crescendo in 2007 when a Chinese satellite television channel was taken over by hackers. For about 90 minutes, the government had no control over the feed, which was replaced by anti-government material. The Chinese government tried to keep details of how this happened out of the news but because over 130 million Chinese then had access to the Internet, and even more had cell phones, it was impossible to completely black out details of what happened. Senior officials were quite upset, especially because since 2002 there had been over a dozen incidents worldwide of hijacking satellite television signals. Several of these took place in China, but until 2007 the government assured everyone that the problem was fixed. Eventually the problem was fixed, at least to the extent that large scale attacks no longer took place.

After 2000 the increasing number of incidents of space satellites being hacked was believed to be largely the result of an increase in the number of satellites up there, and the number of ground stations broadcasting information up into the sky. Many of these early hacks turned out to be satellite signals interfering with one another. Same with cases where people believe their GPS or satellite communications signals were being jammed. On further investigation, the real reasons tend to be less interesting and a lot more technical. All this usually had a large element of human error mixed in. But some of the disruptions were deliberate.

The 2007 China incident clearly indicated a security problem. If you have the proper passwords and security information, you can send commands to the satellite and do whatever you want. The Chinese had a security problem and to Chinese rulers that was more frightening than, well, just about anything. China has since greatly improved its satellite security but as TV5 discovered that is not always enough. Russian EW developers watched all this with great interest and considered the possibility of improving and weaponizing these hacking capabilities.

All of the accidental jamming demonstrated to hackers how easy it was to do it on purpose. There were a growing number of examples of that. In response, the U.S. Air Force has for decades been developing electronic tools for attacking and defending satellite communications, and the satellites operators themselves were already training people to attack and defend space satellites. This effort involved figuring out new or improved ways to jam satellites. Then you keep that information secret in case potential enemies have not figured this out themselves. Next, you work on ways to defeat the weapons developed. Most of this is playing around with the signals. You can unjam a jamming signal with another signal. However, a lot of trial and error is required, and you want to get that done way in advance of any actual war. When you do have to use this work for real, you have to expect that the enemy may well have come up with some angle you missed. Thus, there will be some rapid improvisation, and you will have more time and resources for this if you have worked out, ahead of time, the details of disasters you have already anticipated. No one releases much information about this, for obvious reasons. There isn't much discussion from any government unless there is a terrorist attack using these techniques. Now that has happened in a very public fashion, and it was done using clever and determined hacking of the ground-based networks that control the programming and the satellites.

Some satellite hacking problems have been solved. For example, it has been shown that if there is government jamming that could be identified as such. This was demonstrated back in 2003 and several times subsequently that when satellite broadcasters transmitting television shows to Iran found their signals being jammed. The source of the jamming was quickly traced to Cuba. A satellite signal is very difficult to jam as it comes down from the satellite. But if you are close to the ground station that beams the signal up to the satellite, you can more easily interfere with that. At first, it was thought that the Cuban government, using an old Soviet era electronic eavesdropping facility outside Havana, was doing the jamming as a favor to Iran, which bought Cuban support with supplies of cut-rate oil. Back then the Chinese had already paid Cuba a lot of money to take over and revive the old Soviet electronic monitoring facility. The Cuban government denied it had anything to do with the jamming and said it would find out where the jamming was coming from, and they did. Soon the Cuban government reported that they had traced the jamming signal to a suburban compound owned by the Iranian embassy. The Cubans ordered that jamming to be stopped, and it was.

There have been few additional efforts like this, mainly because it was obvious that you could not easily hide a jammer. Satellite broadcasters also took measures to make such jamming much more difficult to do. There were also efforts to improve defense against hackers, but for TV5 the defenses were not robust enough.

Russia quietly worked on ways to not only hack satellite control and data signals but to easily eavesdrop and monitor them. Encrypted signals can be decrypted and if you can do that you do not talk about it. But now the Russian satellite signal monitoring and hacking equipment is coming out of the development shadows and practicing on American equipment.