Forgot your password?
typodupeerror
Security The Military United States News

US Drone Fleet Hit By Computer Virus 370

Posted by Soulskill
from the what-could-possibly-go-wrong dept.
New submitter Golgafrinchan passes along this quote from an article at Wired: "A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military's most important weapons system.'"
This discussion has been archived. No new comments can be posted.

US Drone Fleet Hit By Computer Virus

Comments Filter:
  • duh (Score:4, Insightful)

    by Aighearach (97333) on Friday October 07, 2011 @03:09PM (#37642466) Homepage

    Don't run windoze on bombs!

    Or aircraft carriers!

    Will we never learn??

    • Re:duh (Score:5, Funny)

      by Pentium100 (1240090) on Friday October 07, 2011 @03:12PM (#37642502)

      Why? Windows crash and burn all the time, isn't that what a bomb is supposed to do?

      Also, I doubt that this virus is just a random one, it most likely was created with the target in mind, so if Linux was used then the virus would have been created for Linux.

      • by Dr Max (1696200)
        Also when these drones become self aware I'll sleep a lot better knowing i have the arsenal of windows malware at my side, and for once in your life you might be grateful for a blue screen of death.
    • by Mes (124637)

      1. Bid for large military project
      2. Use Windows as the primary platform.
      3. Everyone Profits!

    • by vawwyakr (1992390)
      Are we sure they are even using windows? I mean in all likelihood they are but I couldn't find anything in the article (including the picture) to confirm.
  • This could just be the drones following their human pilots for when the drones start flying themselves. #skynet

    • Other way around (Score:5, Insightful)

      by Toe, The (545098) on Friday October 07, 2011 @03:25PM (#37642692)

      No, I sincerely doubt this is some mysterious computer intelligence taking over our military.

      BUT... this is clearly the path to skynet. What we are seeing is what pretty much all of us already understood: when you have increasingly autonomous killbots, disaster becomes a question of "when" not "if."

      • by Nadaka (224565) on Friday October 07, 2011 @03:36PM (#37642806)

        There is no more autonomous a kill bot than a human being.

      • by NiteShaed (315799)

        when you have increasingly autonomous killbots, disaster becomes a question of "when" not "if."

        You say this as if it's a problem. Everybody knows that each Killbot has a preset kill limit. I'll simply send wave after wave of my own men in against them until they hit their limit and then freeze in place. G'uh.

  • No anti-virus? (Score:4, Interesting)

    by Jeng (926980) on Friday October 07, 2011 @03:13PM (#37642516)

    Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?

    Yes, they would have to do updates manually, and it's a low risk situation, but it is a prime target for foreign adversaries and allies alike.

    • Who said there isn't anti-virus software on these computers? If keeping a Windows machine sterile was as easy as installing and keeping update AV software the world would be a slightly better, or at least less stressful, place.

      • Who said there isn't anti-virus software on these computers? If keeping a Windows machine sterile was as easy as installing and keeping update AV software the world would be a slightly better, or at least less stressful, place.

        Where does it say these machines are even windows machines? Other than in the comments (much like here) I don't see any reference to windows in TFA. Didn't see anything about OS on the wikipedia entry for them.

        • Re: (Score:2, Insightful)

          by mspohr (589790)
          If there's a virus, it must be Windows.
    • Re:No anti-virus? (Score:4, Insightful)

      by Nom du Keyboard (633989) on Friday October 07, 2011 @03:21PM (#37642626)

      Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?

      If these computers are never connected to the Internet, then how are they sending out the results of their logging?

      • Re:No anti-virus? (Score:5, Insightful)

        by MozeeToby (1163751) on Friday October 07, 2011 @03:30PM (#37642736)

        Unless someone really screwed the pooch, the results are never getting back to the virus writers. These computers are classified, that means no connection to the net, no writable media drives, many places even epoxy the USB ports so at least it's obvious if someone tries to use it. Specific steps are taken when moving data off them to prevent any data except what was requested is removed. At least, that is how it is in the private world working on classified material. Cases like Manning being able to get a dump of the entire international cable DB would indicate that the government holds itself to a much lower standard than it holds contractors.

        • by BitZtream (692029)

          Unless someone really screwed the pooch, the results are never getting back to the virus writers

          Unless of course the guy/girl who planted the virus is internal ... which of course is a safe assumption since you know, the virus clearly IS there, so it had to be brought in by someone internal ... unless it was connected to the internet.

          So either way, if a virus can be placed on the systems, the data can be snuck off the systems using likely the same method. Maybe not real time, but none the less it could come off.

        • Unless someone really screwed the pooch...

          It's a weapons platform that's been compromised by mainstream malware. From that alone, the pooch is jolly well being gang-banged.

        • by sjames (1099)

          Obviously, somebody DID screw the pooch. Otherwise, how did the keylogger get on these machines in the first place. If there was a route for the virus to get on them, there is likely a route for the logged data to get off of them.

      • by Jeng (926980)

        I'd reply with a copy and paste from the TFA, but that would be around half the article, just read the TFA and it is explained there.

    • Obligatory: http://xkcd.com/463/ [xkcd.com]

    • by Zerth (26112)

      Why aren't they running off of livecds? Then every time they reboot, yay fresh system.

      Unless the system that is making the CDs is infected, but then you've just got one system to clean.

    • by blair1q (305137)

      They are supposed to have a procedure whereby everything that could be loaded anywhere gets scanned for possible infection. Standard practice for that sort of operation, in the military, government, or (competently configuration-managed) business.

      Clearly, someone wasn't following the procedure, or their scan didn't know about this bug, or the bug came in out-of-band.

  • by amiga3D (567632) on Friday October 07, 2011 @03:14PM (#37642526)

    The operating system should be embedded on a read only chip in these things. It's ridiculous to leave something like this vulnerable to a virus. It's aggravating to have to change the chip every time you want to upgrade but it's the best way of being sure it's secure. The system should be read only.

    • by Jeng (926980)

      The virus may be being spread by detachable hard drives that contain map information, they need to be updated frequently.

      Yes, it would be nice if the OS itself didn't get infected, but you still need to dis-infect the drives that you plug into it either way.

      • detachable hard drives

        This is, in and of itself, concerning to me. Where I work you will be reprimanded for plugging writable media into a classified computer (and that's assuming you can dig all the epoxy out of the port in the first place), the idea that it's standard practice doesn't bode well for their security quite frankly.

        • THIS

          I don't know what's scarier, the fact that these things run Windows, the fact that the ports weren't sealed off or the fact that some doofus who doesn't know how to check for Autorun viruses and/or wasn't a computer professional didn't see a problem with plugging a flash drive in there.

        • How do you propose to update maps or download mission data, then? If it's got the ability to transmit and receive information in any form whatsoever, then it's got the ability to be hacked, and without the ability to transmit or receive data in some form, a Predator or Reaper drone is less useful than my Air Hogs Hawk Eye helicopter...which for anything beyond goofing off inside my house, is pretty useless.
  • by Anonymous Coward on Friday October 07, 2011 @03:15PM (#37642546)

    “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

    If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."

    • If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."

      You don't know that. They're not Bank Of America. They may not be able to decide to take everything offline at once, or sufficiently partition the system to prevent reinfection. If the damage done by the virus is less important than keeping the systems online and keeping the drones flying, you keep them online, while you figure it out, even if it means you have to backtrack. Remember that Stuxnet was infecting computers from the PLC boxes outward. Not a typical infection vector.

    • Let's assume for a second that the guy is indeed competent (I know, it's a huge assumption on my part, but bear with me for a moment).

      What else could be happening? If it keeps on coming back, may be the virus (or a slightly different version of the virus) is already part of the back up that's being restored. May be, it was part of the original hardware all along, or part of the original image on the installation disks? Or may be, there is someone with access that keeps on infecting those computers over and

    • by couchslug (175151)

      The whole idea of "wiping it off" is silly. Destroy suspect hard disks instead of trying to save them. The cost is trivial.

  • Just to clarify (Score:5, Informative)

    by Baloroth (2370816) on Friday October 07, 2011 @03:20PM (#37642610)

    When they say the drones were infected, what they mean is that the computers controlling the drones (located in the US and which are, apparently, running Windows...) were infected with a keylogger, probably spread through flash drives. Whether this actually compromises security at all is unknown (keyloggers generally assume you are connected to the Internet, which these computers aren't.) They don't have much security on the drone computers because they aren't hooked up to the Internet, and they would (apparently) rather educate their users than bother with antivirus, for whatever reason (although they do have a security system on the network which detected the virus. I would imagine it also should have stopped the virus).

    • by Locutus (9039)
      I would think that such a system would be considered a "critical system" and therefore not allow any type of direct external data input unless through a secure and protected means. Oh wait, we're talking about US DoD contracts and back room deals so design is secondary and they think using Windows is using advanced technology.

      As the drones start dropping from the sky almost killing the ground soldiers, one soldier says pointing to the little girl, "Great! That's just great! Put her in charge then."

      LoB
      • To be fair to the hardworking acquisition troops in DoD, the Predator and Reaper were demonstrated and fielded through a short-cut process for fielding new capabilities quickly. When the normally thorough system design process is "streamlined" (or bypassed) to rapidly field a new capability, bad stuff can and does happen. Thus, the acquisition axiom, 'When you want it real bad, that's usually how you get it." As an example, of all the recorded predator losses through 2009, only ~3% were lost to enemy act

    • Note that a system-wide keylogger pretty much has to work at a level low enough that it can inject input instead of intercepting it. So if they've got that kind of thing, they really got pwned - and next payload coming their way may be less inclined to play nice.

  • That is, no one should be allowed to load any program that is not vetted by the manufacturer.

    So I am betting that the manufacturer got hit, and had the virus infect them at the factory, possibly installing itself as an 'update'.

    It should not be that hard to remove - wipe and revert to an earlier version.

    Unless of course they lost the earlier versiosn.

    • Or if the drones can't talk to the earlier version. It's common with embedded systems to upgrade the remote firmware and PC software at the same time as your protocols change.
  • Skynet IS the virus!

  • by ShooterNeo (555040) on Friday October 07, 2011 @03:21PM (#37642628)

    Ok, so you get some interns in a room and ask them to draw on the whiteboard the things to consider when designing a remote controlled killer robot.

    What do you suppose the FIRST thing any intern is going to write up there in terms of things you need to worry about?

    Make SURE the enemy can't hack your robots and turn them against you!

    Well, when you start writing up how to accomplish that, you would want
                1. A completely secure system for authenticating commands sent from the control system. The only form of encryption that is completely secure is one time pad.
                2. NO POSSIBLE WAY for someone to load viruses or gain access to the control system!!! That means NO network access to anything but the systems that send and receive signals from the drone! And one heck of a hardware filter on those information packets!

  • by arielCo (995647) on Friday October 07, 2011 @03:23PM (#37642660)

    The big problem is that the drones keep ordering refueling boom enlargement kits, and four of them tried to fly to Nigeria to collect on a half-million gallons of jet fuel that was left there by a former Minister of Aviation.

  • by tmosley (996283) on Friday October 07, 2011 @03:23PM (#37642662)
    These drones are so vulnerable, their use in combat is totally laughable. Iraqi insurgents could intercept their communications with $26 software! Two years ago! Their shit is apparently totally unencrypted, and as such, has now been exploited to the point where they are now able to infiltrate the control software.

    http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hp_us_mostpop_read [wsj.com]

    Next thing you know, these guys will turn the whole damn fleet of drones against us. Just what I wanted my tax dollars going toward, free fucking aerial suicide bombers for al Qaeda, drug cartels, and script kiddies.
    • by Jeng (926980) on Friday October 07, 2011 @03:59PM (#37643010)

      They are not hacking the control software, all they are doing is receiving an unencrypted video feed.

      You do not get anywhere close to being able to hack a drone just because you receive something similar to a TV station. You wouldn't be able to hack a TV station though a TV signal and you can't hack a drone though it's video feed.

      • by tmosley (996283)
        They were able to receive the video feed two years ago. The same video feed received by the controllers. This means they had access to a data line going to the controller. In two years, they were able to exploit this widely known vulnerability to install a keylogger on the control station. What will happen in two more years, with all of the information gathered from there?

        All because they are so stupid they can't even encrypt their damn signal.

        Also note that you can't hack a TV station via a TV fe
  • ...of military security holes'n'breaches.
    It definetly deserves a read, or at least a glimpse. It's not just stuxnet and finely crafted computer warfare, it may be plain old viruses and tojans we deal with every day.
  • by bradley13 (1118935) on Friday October 07, 2011 @03:25PM (#37642698) Homepage

    This isn't exactly a new attack vector. Banks don't let people plug removable drives into sensitive systems - why does the US government?

    You know what happened - either Joe private plugged his private pr0n collection into a classified computer, or else he took a classified drive home to use privately. Either was, really bad news.

    If you've just got to have removable storage, then you pay for special connectors, so they are incompatible with anything else. Then you cast the guts in epoxy, so no solder jockey can change out the connector. This is not rocket science.

    • by mclearn (86140) on Friday October 07, 2011 @03:48PM (#37642908) Homepage

      Actually, TFA believes that the vector was a removable drive by which they periodically update their map collections.

      Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

    • by roc97007 (608802)

      Areed. We did the things you describe back in the eighties. (Although back then "removable" meant the drive was on a sturdy cart with wheels.)

    • As your system needs updates in data, it must have a system to constantly put data in it. Whatever you make it of, pen drives, network, punched cards, paper and scanner, it will be a vector for intrusion, and there is no way to turn it off.

    • Why on earth does plugging a flash drive into a USB port necessarily need to cause a security compromise? Just don't execute anything from the drive. It really isn't that hard.

  • by gestalt_n_pepper (991155) on Friday October 07, 2011 @03:28PM (#37642720)

    At least, that's the word on the street.

  • It seems like there's this cultural attitude out there that cybersecurity (hate that term) is a bit of an overblown joke, and that the worst malicious agents could do is steal our nation's porn collection or some such. Really, between stuxnet and now this, I really hope that people take home the message that targeted computer security threats can do a lot of damage in the national-security sense.

    I really would be surprised if it turns out that this looks like it was developed by insert-country-that-doesn't
  • It's easy enough to fix. All you have to do is shut down the drones, flush the systems, and then restore from the protected archives in the core!

  • Nope never ever would I have expected the deployment of remote controlled anything to become suseptible to tamper. I also would have never ever expect the MIC to come up with anything other than hardened systems especially when human lives are on the line. This must have been a fluke...
  • Let's get past the pro/anti Windows bias just for a moment. Clear your mind, see operating systems just as operating systems and not religion.

    Now, if most (certainly not all, but most) computer virii were written for a particular OS, why would you use that OS in a secure surveillance or weapons application? Why would you not specify an OS that did the job, but had far fewer (or no) viruses already out in the wild? Wouldn't that go further towards avoiding infection than procedures regarding removable dri

    • Can't resist: (Score:4, Interesting)

      by Dunbal (464142) * on Friday October 07, 2011 @04:10PM (#37643114)

      box of Kleenex $4

      USB key $5

      Satellite military uplink $150/hr

      Hellfire missile $68,000

      Predator MQ-1 Drone, $40 million

      Being able to rain firey death from 10,000km away onto unsuspecting Afghan targets while a the same time masturbating on the internet: priceless

    • Because if they were iDrones they'd cost us 50% more, really not be any more secure from someone determined to get in, you'd have to have someone with even more special training to work on it, and you'd have to send it back to the manufacturer to get the batteries replaced.

      Course, it would *look* cooler....
  • Whether or not those computers run Windows is not the issue. The issue is, how on Earth did that virus get on specialized and restricted US military control systems?
  • So in The Terminator, humanity is destroyed when the power-mad AI "Skynet" launches nuclear missiles. That's been the popular conception of computer-driven destruction ever since.

    Here we have computers controlling flying killer robots. Said computers have been compromised by malware. This was detected weeks ago, the malware is still a threat, and they're still flying them .

    I'm starting to really believe that WarGames will be the more accurate prediction. Humanity won't be destroyed by machines which tr

  • They can be hacked...

  • Each pilot sits in a small room with a rack full of gear wheezing away all day? Eech. This is why I don't move my desk into an IDF closet.

    I remember hearing an interview on NPR not more than a few weeks ago which raised this exact issue, and in which it was brushed aside as utterly impossible, of course... "We have AIR GAPS, nothing can cross the air gaps!" Or something to that effect. I think they were talking about the video interception at the time. Meanwhile, they could ask Pfc Manning about ho
  • by PolygamousRanchKid (1290638) on Friday October 07, 2011 @04:21PM (#37643202)

    “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection

    Unintentional pun . . . ? I think not!

  • "Infected via flash drives." "Educate the user."

    Oh bullshit! Never, _ever_ trust a user.

    Seriously, I worked IT at a call center. The first thing you did with the machines when they came in was log in to the BIOS, disable ports like COM & USB, and set a BIOS password. If the thing was shipped to us with a floppy or cd/dvd drive (they were ordered bare but sometimes Gateway f-d up), we would remove the hardware before putting them in service. They were also imaged for whatever floor they were scheduled to be on (outsourced call center - Comcast, ATT&T, Sprint, Hughes Sat.) and out they went.

    Once, a Bell South supervisor memo'd and called upper management and said he had to have USB to save and transfer reports, etc. And BOOM, a virus went through the Bell South floor like shit through a goose. That was the end of "educating the user."

    Never, ever trust a luser.

  • The only explanation for this is that those drone pilots were surfing porn in another window while their drones were on their way to and on the way back from bombing runs. Everyone knows that if you don't look at porn on your computer, you'll never get viruses or malware.
  • by geekoid (135745) <dadinportland&yahoo,com> on Friday October 07, 2011 @04:51PM (#37643516) Homepage Journal

    you write your own OS for military hardware.

Aren't you glad you're not getting all the government you pay for now?

Working...