Computer Virus Hits Drone Fleet
A computer virus has infected America's fleet of Predator and Reaper drones.
A computer virus has infected America’s fleet of Predator and Reaper drones.
Danger Room’s Noah Schachtman broke the news (“Exclusive: Computer Virus Hits U.S. Drone Fleet“):
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.
But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.
The Atlantic’s Alexis Madrigal (“This Is Bad: The US Drone Fleet Has Been Infected With a Virus“) wonders, “Even if — and from Shachtman’s reporting, it’s still an if — nothing nasty happens with this virus, what does it say about the state of our security infrastructure that this happened?”
Our own Alex Knapp, writing at Forbes, (“America’s Drones Have Been Infected by a Virus“) has apparently learned the lessons of Battlestar Galactica well: “The more that America’s security capabilities depend on data transmission and computerized weapons, attacks of this nature are inevitable, and computer security should be a significantly high priority. If keylogger software can infect these systems, how long will it be until another program captures more data from UAV surveillance missions? Or worse – enables someone else to take control of the drones?”
Amusingly, Fox News (“U.S. Military Drones Infected With Mysterious Computer Virus“) is trying to take it all down a notch:
It’s not immediately clear whether the virus hit the system intentionally or by accident. But the existence of ordinary-seeming computer viruses on what should be the most extraordinarily secure of military systems is far from shocking, said Anup Ghosh, a former scientist with the Defense Advanced Research Projects Agency (DARPA) and chief scientist with security company Invincea. They’re just computers, after all. “[The drones] are controlled by standard PCs,” Ghosh told FoxNews.com. “None of this should be surprising.” The system should be replaced or “re-imaged” with a virus-free, bit-for-bit copy of the data on the drive in order to get rid of the infection, he said. “If they are connected to a larger network they will be infected again,” he said.
A senior Air Force source with knowledge of the drone program and familiar with the virus that was caught in recent weeks told FoxNews.com that Wired’s story is “blown out of proportion” and “vastly overwritten.” “The planes were never in any jeopardy of ‘going stupid’,” the source said, and the virus “is not affecting operations in any way … it showed up on a Microsoft-based Windows system. We have a closed-loop system and heavily protected cockpits — the planes were never in jeopardy.” The virus was introduced when the Air Force was transferring data maps between systems using external hard drives, he said. Very quickly the Air Force protective network tracked the virus. “The system worked,” the Air Force official said.
Worth keeping an eye on but I’m actually inclined to believe the official disclaimer here absent more evidence.