Keylogger Virus Hits U.S. Drone Fleet

Computer Virus Hits U.S. Drone Fleet

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

Full story here:

http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

 

Hate to ask the obvious but why is there ANY connection to the public internet? Why don't they just fully isolate these systems? That way Even if they got infected it couldn't communicate to the C&C server.

 

Why would this "common piece of malware", if that's what it is, even be able to install or run on these systems? Is this system Windows with a default-permit security policy?

 

Houston we are at war, cyberwar that is.

Thanks.

 

And have been for a good long while now. Security is not as tight at these installations and on these networks as they'd rather have you believe. Low defense budgets, wasteful use of those low budgets, think tanks and desk-bound generals, all of these things have had an effect on security. Even international politics has a hand in it. It's real easy to pass blame onto the most visible targets if you haven't experienced all of this first hand. No one knows why jobs aren't being done better than the people assigned to those jobs, and they get shut up rather quickly.

 

How come military publish this if it is true? What are their benefits? There must be a reason behind it

 

You need to read further. It's discs and removable drives that are the problem. How do you think Stuxnet got started? It has nothing to do with systems being on the internet you and I have at home.

 

The military would quite frankly rather you not know. Once a story is out though, there's this little thing called damage control. You can't hide everything in locked up file cabinets on remote bases though anymore, so this stuff gets out, gets on the internet, and the ~ Snipped as per TOS ~ hits the fan. On the other hand, the issue is likely over at the installations that they know were affected.

 

From

Tom's Hardware

Ars Technica

 

Yes it does. If they werent on the "public" internet that implies they are isolated from it, as such even IF they were infected the malware could call back anywhere because it is isolated from the internet.

Also Why don't they just block all usb devices? gpedit.msc lets you do it nice and easy, I do it.

 

they did not mention which OS they used

 

Their statement about it "may be a common piece of malware" tends to answer that question. "Common malware" doesn't target Linux, BSD, or other more secure systems.

 

I suppose it's a case where the metaphor becomes literally true in the case of a crash.

 

Military: Computer Virus Wasn't Directed At Drones

Published : Wednesday, 12 Oct 2011, 7:56 PM EDT

Associated Press

WASHINGTON - The Air Force says the computer virus that hit the unmanned drone program last month was not directed at the military systems, but was common malware used to steal log-ins and passwords used in online gaming.

Air Force officials said the virus infected ground systems that are separate from drone flight controls and did not affect operations.

An Air Force Space Command spokeswoman, Col. Kathleen Cook, says the infection was found on a small, portable hard drive used to transfer information between systems at Creech Air Force Base in Nevada.

The Air Force says the virus did not log computer keystrokes, but instead was designed to steal passwords from people who gamble or play games like Mafia Wars online.

Pilots based at Creech fly drones remotely over Iraq and Afghanistan.

http://www.myfoxny.com/dpp/news/military-computer-virus-wasnt-directed-at-drones-20111012-apx

 

That confirms it, Windows. Too bad all the "advanced training" they claim to give the troops doesn't include equipping them wiith a better OS and teaching them to use it.

 

Yeah it's clearly the fault of Windows that the IT department didn't disable autorun on their installs of aging XP...... Where do they find these "techs" from? Just use Unix it will probably be cheaper than recruiting professionals.

 

Military ‘Not Quite Sure’ How Drone Cockpits Got Infected

More at Link

 

Did they seriously try wiping (overwrite) the affected disks?

 

US Military not quite sure how infections happened

More here, here