US Drone Fleet Infected with Computer Virus

Monday, October 10, 2011

Ron Baklarz

91648658a3e987ddb81913b06dbdc57a

 

I find it fascinating that a virus had found its way into computer systems associated with the US Drone Fleet as reported last week by Wired Magazine.   

Hopefully, Nevada-based Creech Air Force Base staff are more savvy than the article would indicate with quotes such as they "think it's benign" but they aren't sure and "We keep wiping it off and it keeps coming back." 

The article indicates the presence of a "keylogger and payload" affecting classified and unclassified system which sure doesn't sound "benign" at all.

The virus was discovered by host-based intrusion detection systems a couple of weeks ago but the infection has not seemed to have impeded the operations of approximately 180 Predator and Reaper drones. 

Drones have hit over 230 targets in Pakistan alone and were used last month to kill terrorist Anwar Al-Awlaki.

Still, one has to wonder how the infections have occurred by traversing alleged "air gaps" between public, untrusted networks and systems and the classified and unclassified systems that control the drone fleet. 

To fully eradicate the virus, ineffective malcode extraction tools were abandoned in favor of full disk reimaging. 

This is not the first time US Drone Fleet security has been breached.  In July 2009, captured Iraqi insurgent laptops revealed many hour's worth of captured drone videos.  

The insurgents used $26.00 software, "Skygrabber", to pilfer unencrypted transmissions being relayed from aircraft to ground controllers. 

While militants were not able to gain control of the aircraft, they could use the video feeds to eliminate elements of surprise and understand what areas were under drone surveillance.

In the case of the drone virus, we will probably never know how the infections occurred.  Were vendor support connections the cause?   Was an infected thumb drive or disk the culprit? Or, was an Internet connection used as the vector of contagion?

At any rate, these types of incidents underscore the enemy's desire to exploit cyber-security to their advantage. 

Possibly Related Articles:
12031
Viruses & Malware
Military
Encryption virus malware Military keylogger Drone Skygrabber
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.