Air Force Comments On Drone Malware 74
wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."
Haqqani (Score:2)
I wonder if he was told he won the Slobobvian Lottery before he was hit.
Re: (Score:1)
I wonder if he was told he won the Slobobvian Lottery before he was hit.
So there is an entire country for Slobs and the have a lottery?
/. now?
Why is this only being posted on
Re: (Score:1)
Re: (Score:1)
Slobovia is somewhere near BFE if I recall my geography correctly.
Possible typo. (Score:5, Informative)
A "feet of drones" is the proper collective noun only when they're on the ground. In the air they're known as a "bungle".
Re: (Score:2, Informative)
Fixed. Thanks for keeping us on our toes.
Re: (Score:1)
A "feet of drones"
Fixed. Thanks for keeping us on our toes.
I see what you did there!
Re: (Score:1, Offtopic)
A true Slashdotter is not permitted to admire Apple due to an incompatabilitiy between the GPL and Apple's "walled garden."
Sorry. Turn in your Mac for a Debian box.
Good idea, wrong thread.
Here is where we're supposed to bash the US Air Force.
Re: (Score:2)
A "feet of drones" is the proper collective noun only when they're on the ground. In the air they're known as a "bungle".
Prior Art!
A 'bungle' is a large group of politicians in flight from reality.
Re: (Score:2)
Although, thinking about it a bit further, a bunch of drones in the air and the aforesaid flight of politicians are pretty similar concepts.
Carry on!
Checks out (Score:2)
Re: (Score:1)
The drone itself may not be running a standard OS, but it's entirely possible that part of the flight control system might. More critical systems have been built atop Windows platforms before, and the DoD doesn't have a particularly good record with computer-related sensibilities, see: How all .mil domains are digitally signed by a CA that no web browser (including those on DoD computers) recognizes as legitimate.
Question! (Score:5, Funny)
If a drone running Windows 98 is destroyed, is it okay to re-use the license key on a new one?
Re: (Score:1)
It will hang into BSOD (Blue Sky Of Death) and stay in the air forever, so it will technically still be running licensed version, so - no.
Re: (Score:2)
Re: (Score:2)
Windows autorun strikes again. To nobody's great surprise.
Re: (Score:2)
Theoretically, it might require somebody to come back and collect it. Which is necessary in cases where there is a proper air gap even though it greatly increases the risk of being caught.
Re: (Score:1)
I think they're usually called "officer."
Does this suggest (Score:4, Interesting)
malware was found on portable hard drives approved for transferring information between systems.
Does that suggest that someone forgot to turn off auto-run? Or was it really only on the hard drive, and never actually infected the controlling computers?
Latest in AV Software... (Score:2)
Re: (Score:1)
99% of the usage is broken and misunderstood. I'd say that only 1% of the populace actually understand security, and a diminished number actually take steps to placate the problem. When I hear that someone thinks that sticky plaster Anti Virus - will be like a hand barrier cream I cringe. This is the nation state that had a hand in Stuxnet.
Apparently, the air force has deduced that they understand this malware, and its just a password stealer for online games. So that's alright then. /SARCASM/ off.
I work in
They don't see the irony either... (Score:2)
"It also underlines a fact I have known for years. Senior staff, officials, managers the political classes and military staff don't understand the technology at all."
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net] ... There is a fundamental mismatch between 21st cen
"Military robots like drones are ironic because they are created essentially to force humans to work like robots in an industrialized social order. Why not just create industrial robots to do the work instead?
Damage control? (Score:2)
Sounds an awful lot like media damage control to me. Downplaying the scale of the failure and misinforming the public once the full scale has became known and the utter mind-boggling disaster it was has became apparent. So far it was "We've got an embarassing problems", and now it became "If the press learns of the full scale, heads will fall like rain."
Re: (Score:2)
Sounds like you wouldn't believe any explanation that doesn't fit your theory of what happened.
Jumping the meat barrier. (Score:1)
Whitewash (Score:4, Insightful)
The implication is apparently that since it was only the ground control system, not the flight control system, there was no danger of the aircraft control being compromised. This is false. The ground control system is in fact in complete control of the aircraft, if it so chooses. The bottom line is, somebody should be put in the brig for allow Windows anywhere near a UAV.
Re: (Score:2)
It would also be arrogant to say simply switching operating systems will magically fix their problems.
Even more arrogant to deny that it would be a good start.
Re:Whitewash (Score:4, Insightful)
Wrong. Someone does however need to explain why systems like this don't have SRP (Software Restriction Policies) or AppLocker Policies enabled with a ridged white listing rule set.
Servers/Drones/etc like these should NEVER allow any account permission to run non-whitelisted applications. The fact is, barely any code should be allowed to execute, and itâ(TM)s completely inexcusable for them to not be using the whitelisting rules that are part of Windows/Active Directory. In an environment like this where there are ridged policies for doing practically anything related to production software, preventing rogue code execution should be mind boggling easy for one moderately skilled administrator.
Re: (Score:2, Troll)
The real question is how can someone build drone piloting software that actually works well on Windows?
I just don't see any type of Windows platform offering the kind of precision & computing speed needed to control a UAV 100 to 10,000 miles away.
Seems like something you would want done in the fastest language available, not some hodgepodge of .NET & Silverlight.
(I think I just threw up in my mouth a little)
Re: (Score:2)
If you RTFA, you would have determined that the flight control system is not infected, and the the systems that are in question are ancillary information systems. Think of a monitor with google maps...
The reason they use removable HDD's is probably so they can model the necessary mission data offsite, and then "replay" it at mission time.
Re: (Score:1)
I just don't see any type of Windows platform offering the kind of precision & computing speed needed to control a UAV 100 to 10,000 miles away.
Do you know anything about Windows programming, or even Windows itself?
Re: (Score:2)
Re: (Score:2)
Or just don't let Windows anywhere near deadly weapons, how about. Never has been secure, never will be, not in any real, shipping form, except according to cynical apologists with their hands in the cookie jar.
Re: (Score:2)
This virus can't be a thread with no Internet. (Score:2)
Re: (Score:1)
Have you forgotten about Stuxnet?
That virus was designed to sabotage industrial equipment that was not connected to internet. It was designed to propagate though removable drives and local networks. And Stuxnet did reach its target and sabotaged it successfully without even causing suspicion.
Imagine that the Chinese/Russians modify Stuxnet (I've read it is quite modular) to infiltrate the UAV control. Imagine that they add module that activates only when the drone enters GPS coordinates of China/Russia. Thi
What I don't understand (Score:2)
Why don't they allow only signed software that is on a whitelist to run on their computers?
Sure, whitelists are highly undesirable for ordinary consumers (to say the least..), but for the military or other domains with high security demands they seem to make sense to me. Shouldn't their software be audited and signed first anyway? Shouldn't they run a custom BIOS and an operating system that can check signatures before running code? Are there technical reasons against this?
Just wondering.
Re: (Score:2)
you assume the hardware / OS is sufficient for the function you described. How many hacked up versions of Windows CE do you know that can be properly software secured? I still remember bypassing whitelists by renaming Netscape to Notepad. :)
Re: (Score:2)
This however does not fix some underlying problems with remote distributions. Datasets have become too large to be easily handled on standard CD/DvD's, so many organizations have resorted to using hard drives to pass information. I still see potential problems. When mounting an 'untrusted' drive many things happen, n
How much longer consumer OSes on military systems? (Score:2)
This is a farce. Neither windows, nor linux or OS/X or commodity PC hardware should be let within 100 miles of these systems. Wtf are the military playing at? Is their trillion dollar budget not enough to afford some proper kit and in house software FFS?
Re: (Score:2)
The military has been told by GAO and OMB and other bean counters to use COTS --- it's also more expensive to get things developed on proprietary systems and that runs into single source issues.
Arguably everyone should use NSA's security-enhanced Linux:
http://www.nsa.gov/research/selinux/ [nsa.gov]
Or similarly secured systems.
Re: (Score:3)
Animal House (Score:2)
What the keylogger captured (Score:2)
All that the keylogger captured was a bunch of sequences of "IDDQD" and "IDKFA" typed over and over again.
2-Part Attack? (Score:2)
Make the datalogger very infectious but otherwise look harmless.
The datalogger dumps the information back into someplace like say the portable hard drive that brought it into the secured area to begin with. It sets up shop and makes a gazillion copies of the data it was designed to ferret out but it does nothing but log the data.
Then the portable hard drive gets walked out of the building and used on other hosts, at least one of which is infected with a transmission vector which picks up the payload and for
I don't mean to point out the obvious here.. (Score:1)