The Christian Science Monitor is reporting that the RQ-170 was hijacked by the Iranians using a well know exploit that sure seems to me to be a lot like an old and well known cyber attack known as "the man-in-the-middle" attack.
Using intelligence gleaned from previously downed and less sophisticated drones, an Iranian engineer, identified that the global positioning system (GPS) is the weak link in the drone's security posture.
The "electronic ambush" begins by jamming the drone's communications forcing the plane into autopilot whereby it loses its "brain". From there, the Iranians were able to "spoof" and interject landing coordinates to get the plane to land where they wanted it to land.
In the pictures we have seen of the downed RQ-170 there is apparent damage to one part of the wing and the underbelly of the plane itself and landing gear as it is shown resting on boxes.
Apparently, the Iranians attempted to land the drone at a similar altitude as its home landing base. Due to a slight difference between the two landing sites, the drone was damaged in landing.
While it is reported that intercepting unencrypted drone communication data streams had first been known to US military since the mid-1990's, examples of these types of exploitation continued on into 2009 where militant laptops were found with drone data and unencrypted video feeds from Predator drones pilfered using inexpensive, off-the-shelf software.
According to the article, other Iranian officials are describing tactics more advanced than simply "jamming" whereby deceptive techniques could be used to re-direct missiles from their intended targets to target coordinates input by the Iranians.
If this account is accurate and the explanation seems entirely plausible, the exploitation of drone technology in this manner is astounding and speaks to the need to build security in at the beginning of a project rather than later as an afterthought.
