Keylogger Virus Hits U.S. Drone Fleet

Discussion in 'other security issues & news' started by hawki, Oct 7, 2011.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Computer Virus Hits U.S. Drone Fleet

    A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

    The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

    “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

    Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

    Full story here:

    http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/
     
  2. x942

    x942 Guest

    Hate to ask the obvious but why is there ANY connection to the public internet? Why don't they just fully isolate these systems? That way Even if they got infected it couldn't communicate to the C&C server.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Why would this "common piece of malware", if that's what it is, even be able to install or run on these systems? Is this system Windows with a default-permit security policy?
     
  4. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Houston we are at war, cyberwar that is.

    Thanks.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    And have been for a good long while now. Security is not as tight at these installations and on these networks as they'd rather have you believe. Low defense budgets, wasteful use of those low budgets, think tanks and desk-bound generals, all of these things have had an effect on security. Even international politics has a hand in it. It's real easy to pass blame onto the most visible targets if you haven't experienced all of this first hand. No one knows why jobs aren't being done better than the people assigned to those jobs, and they get shut up rather quickly.
     
  6. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    How come military publish this if it is true? What are their benefits? There must be a reason behind it :D
     
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    You need to read further. It's discs and removable drives that are the problem. How do you think Stuxnet got started? It has nothing to do with systems being on the internet you and I have at home.
     
    Last edited: Oct 8, 2011
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    The military would quite frankly rather you not know. Once a story is out though, there's this little thing called damage control. You can't hide everything in locked up file cabinets on remote bases though anymore, so this stuff gets out, gets on the internet, and the ~ Snipped as per TOS ~ hits the fan. On the other hand, the issue is likely over at the installations that they know were affected.
     
    Last edited by a moderator: Oct 9, 2011
  9. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
  10. x942

    x942 Guest

    Yes it does. If they werent on the "public" internet that implies they are isolated from it, as such even IF they were infected the malware could call back anywhere because it is isolated from the internet.

    Also Why don't they just block all usb devices? gpedit.msc lets you do it nice and easy, I do it.
     
  11. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    they did not mention which OS they used :D
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Their statement about it "may be a common piece of malware" tends to answer that question. "Common malware" doesn't target Linux, BSD, or other more secure systems.
     
  13. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    I suppose it's a case where the metaphor becomes literally true in the case of a crash.
     
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Military: Computer Virus Wasn't Directed At Drones

    Published : Wednesday, 12 Oct 2011, 7:56 PM EDT

    Associated Press

    WASHINGTON - The Air Force says the computer virus that hit the unmanned drone program last month was not directed at the military systems, but was common malware used to steal log-ins and passwords used in online gaming.

    Air Force officials said the virus infected ground systems that are separate from drone flight controls and did not affect operations.

    An Air Force Space Command spokeswoman, Col. Kathleen Cook, says the infection was found on a small, portable hard drive used to transfer information between systems at Creech Air Force Base in Nevada.

    The Air Force says the virus did not log computer keystrokes, but instead was designed to steal passwords from people who gamble or play games like Mafia Wars online.

    Pilots based at Creech fly drones remotely over Iraq and Afghanistan.

    http://www.myfoxny.com/dpp/news/military-computer-virus-wasnt-directed-at-drones-20111012-apx
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That confirms it, Windows. Too bad all the "advanced training" they claim to give the troops doesn't include equipping them wiith a better OS and teaching them to use it.
     
  16. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Yeah it's clearly the fault of Windows that the IT department didn't disable autorun on their installs of aging XP...... Where do they find these "techs" from? Just use Unix it will probably be cheaper than recruiting professionals.
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Military ‘Not Quite Sure’ How Drone Cockpits Got Infected

    More at Link
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Did they seriously try wiping (overwrite) the affected disks?
     
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    US Military not quite sure how infections happened

    More here, here
     
    Last edited: Oct 23, 2011
Loading...
Thread Status:
Not open for further replies.