Computer Virus Hits U.S. Drone Fleet

[Rydher Profile]

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

Drones have become America’s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki — part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.

But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.

The lion’s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a “ground control station,” or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot’s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield.

Some of the GCSs are classified secret, and used for conventional warzone surveillance duty. The GCSs handling more exotic operations are top secret. None of the remote cockpits are supposed to be connected to the public internet. Which means they are supposed to be largely immune to viruses and other network security threats.

But time and time again, the so-called “air gaps” between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.

Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives. “That meant rebuilding them from scratch” — a time-consuming effort.

The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”

However, insiders say that senior officers at Creech are being briefed daily on the virus.

“It’s getting a lot of attention,” the source says. “But no one’s panicking. Yet.”


Source: http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

[The57ironman Profile]

who dunnit...?

[Santaownsyou Profile]

Maybe stuxnet came back around to bite them in the ass.

[Svaha Profile Website]

Years ago I was for a few years system manager, I decided to test the security of our computers, I knew that a service modem was connected with the computers and I knew that only certain series of phone numbers were used for these purposes, so I phoned the modem, it asked me for a name/pwd and I simply pushed CTRL Z and was in the root of the computer

Since that time it only became more easy to hack your way into systems because the software is way too complicated, way too big, has many backdoors, many entry points.
I think it's a matter of time before for instance these drones are taken over by some hacker(s).
It's a weak point specialy in the US army.

[Chrisfryfyi Profile Website]

sounds like that virus u get from dodgy porn sites that pop up when u least suspect it, seems the army lads have been up to dirty tricks haha

[Teloc Profile]

its ghadaffi... hes playin with ze transponder...

[Rydher Profile]

True? I don't know but interesting...


Iran Didn’t Bring Down the RQ-170. A Chinese Cyber Whiz Team Did

After establishing the cause of the crash of the unmanned American spy drone, the stealth RQ-170, over Iran on Dec. 4, 2011, the US is continuing to use that type of UAV, Air Force Chief of Staff Gen. Norton Schwartz said on Jan. 13. Without disclosing the results of the investigation, he said, ”The key thing is that it’s an ISR system that we use to provide capabilities to the combatant commanders and we’ll continue to do so.”

US officials reject Iran’s claim that it brought down the Lockheed Martin RQ-170 Sentinel but remain tight-lipped about what caused the crash.

Both American sources, while insisting that the RQ-170 was still in commission, never said it was again flying over Iran.

DEBKA-Net-Weekly’s military and intelligence sources offer three disclosures to explain the publicity strategy pursued by US officials:
1. The Americans know Iran did not bring the RQ-170 down because their intelligence agencies discovered the culprits were a Chinese cyber warfare team which seized control of the drone; Iran was given the passive role of being told where and when to hold out their arms to catch it.

The Obama administration is keeping this information to itself so as not to compromise US economic relations with China, especially in a presidential election year.

- Republican contenders would seize on this information as valuable campaign ammunition against President Barack Obama. They already accuse him of being soft on North Korea and he cannot afford to have US inaction against China added to their campaign fodder.

American needs to keep China on its side

- The US is casting about for levers to bring Beijing aboard the oil embargo on Iran. Wednesday, Feb. 1, German Chancellor Angela Merkel traveled to China at Obama’s request to try her hand at persuading Beijing to at least reduce its crude purchases from Tehran, if not join the embargo. Getting into a row with China over the stealth drone would not help persuade its leaders to cooperate in sanctions against Iran but might risk bringing US-Chinese relations to an unprecedented low.

- Washington needs Beijing’s cooperation in the global financial crisis and even more, to shore up the dollar’s value as an international currency. China holds a large part of its reserves in US government bonds and dollars. A diplomatic falling-out between Washington and Beijing might well spur the Chinese to turn away from the dollar, as Moscow, Tehran and New Delhi are in the process of doing. They have indicated their willingness to take this course on past occasions.
2. US intelligence has not discovered whether the Chinese cyber warfare team is still in Iran or has gone, leaving behind instructors and high-tech equipment for Tehran to counter US drones and planes on its own. Another RQ-170 flight over Iran might provide some answers, but President Obama is flatly against this. If Iran – and China – were to get hold of a second advanced American UAV, he would have no option but to hit back at the Islamic Republic – or even at Chinese targets in Iran.

Source: http://glblgeopolitics.wordpress.com/2012/02/06/iran-didnt-bring-down-the-rq-170-a-chinese-cyber-whiz-team-did/

[Svaha Profile Website]

Imagine the near future, thousands of drones flying over America, being hacked, dropping bombs, firing at people, crashing / self destructing into ....

[Cosmine Profile]

Honestly i'm glad about this,and more should be done to stop those drones and their decendents like the real terminator prototype of boston dynamics before skynet becomes a reality.

PS:I'm not joking about the terminator, it's fcken real!