Noah Shachtman at Wired News: "A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones."

42 Responses to “U.S. military drones hit by computer virus”

  1. Tyler Roy-Hart says:

    Shit just got super real in a hurry. Huge news very few ppl will notice.

    • Cowicide says:

      Shit just got super real in a hurry. Huge news very few ppl will notice.

      O_o

      I’m more alarmed at your alarm than the alarming news!  Ahhh!!  shit got reel!

  2. masamunecyrus says:

    From Wired’s commments

    David Banes: “I’m sorry but I’ve got 20+ years experience in the anti-virus industry (some of it running virus research for Symantec) so to see the comment “We keep wiping it off, and it keeps coming back,” in the text above just tells me that the person trying to remove this virus is not qualified for the job, which is very scary given where it is!”

    This.

    • Cowicide says:

      some of it running virus research for Symantec

      I’ve removed countless malware from Windows XP and now Windows 7 machines that were running Symantec products like Norton.  Dropping the Symantec name only makes me doubt how qualified that commentor is in judging others.

      • dxx says:

        Using Symantec products and working for Symantec’s virus research teams are two very different things. What you’re saying is akin to saying that everyone who worked on Windows ME is incompetent, when, really, it doesn’t matter how good you are at what you do – what matters is what the guy above you wants done.

        Regardless, that comment has a great point. Anyone who should be getting paid to do that job should not be making a statement like that. “It keeps coming back” is something I expect to hear my grandmother tell me when she says she needs computer help.

        • Cowicide says:

          Using Symantec products and working for Symantec’s virus research teams are two very different things.

          You missed my point.  I’m saying Symantec is inept.  Saying you worked for an inept company that produces inept products doesn’t exactly enhance a resumé in my view.

          I stand by my comment.  Saying you worked with Symantec doesn’t inspire any confidence.

          Regardless, that comment has a great point. Anyone who should be getting paid to do that job should not be making a statement like that. “It keeps coming back” is something I expect to hear my grandmother tell me when she says she needs computer help.

          A great point? I was hoping you’d say that.  To judge a situation and say that they are obviously unqualified because they merely admit the issue keeps returning… is a hasty judgment call and inept.  No wonder he worked for Symantec.

      • dragonfrog says:

        You can’t really blame Symantec, or any other AV vendor, for this.  Host antivirus has something on the order of a 70-80% hit rate for detecting in-the-wild malware – any AV vendor tends to be in that range.

        AV is a layer of defence.  Like anything, if it’s your only layer of defence, you’re hosed.

        If you have host AV, and are diligent with patching, and don’t read email and surf the web as as an administrator, and think critically about in situations in which you are asked to install software, and have good backup practices to address the odd case where all of the above fail you, then you’re probably in pretty good shape.

        Also, most of us don’t control missiles or machine guns with our computers, which makes the odd foul-up easier to accept.

        • Cowicide says:

          You can’t really blame Symantec, or any other AV vendor, for this.

          I don’t think you understand. I’m saying that I come in with other superior AV to clean up the mess Symantec leaves behind. I certainly can and do blame Symantec for this. They are inept.

      • AirPillo says:

        The security software they’re using (HBSS) is actually made by Symantec.

  3. CSBD says:

    Thank you China…

    If they are wiping the virus and it keeps coming back… have they bothered to check and see if it is embedded in the chips (like the CIA did to Iraq and the USSR)

  4. Cowicide says:

    Did it get the pilots’ credit card info from eBay purchases?  Better cancel those accounts.

  5. Pish. Those drones are just trying to get out of drone class for the day so they can stay home and watch the finale of Dancing With The Drones.

  6. Lobster says:

    They’ve been working on this for years.  Just wait until they learn the syntax and start overwriting existing commands, defining new targets.

    This is why manned aircraft will always have a place.  It’s very hard to steal a fighter out from underneath its pilot.

  7. Mister44 says:

    Inept government workers, in MY country? It’s more likely than you think.

  8. Mordicai says:

    Oh man this is the future & this is terrifying.

  9. SedanChair says:

    Welp, when they start bombing Wal-Mart parking lots I don’t think we will have a great deal of moral latitude to complain…

  10. Guest says:

    Their computer security procedure must be rotten to the core. Sounds like they allowed free transfer of files to and from the secret network via USB drives with minimal-to-none virus scanning. Not much point in having an “air gap” if you allow that.

    • Guest says:

      Much like Stuxnet, you’d have to write malware that targeted the cockpit systems and knew exactly what to do, then hope it somehow made its way there.

      • Guest says:

        Yeah, if they wanted to actually control the plane, then they’d need something targeted. From the article it looks like this particular virus could have been a generic keylogger. But even in this case, if the program stored keylogs or other data, and had a system in place to carry the data back across the air gap again via USB (not exactly standard virus functionality, but possible), you have extremely sensitive data escaping the system.

        In this case we just don’t know enough about the virus to know how damaging it could be. Nor do we know enough about the kind of data on the system. It’s quite possible that there’s data on the network more sensitive than just the drone control software – like data on future drone movements, or even on future ground forces operations.

        One good thing about the separate network systems is that even if contaminated data does make its way in, hackers wouldn’t be able to control the drones in real time because there’s no direct connection to the internet. However, it might be possible to program a specific set of commands (fire at nearest warm target, crash drone, etc.) to be executed when the virus file made its way into the system.

        If we examined mp3s on popular file sharing networks, I wonder how much malware we’d find targeted specifically to military software, like the program that controls these drones?

        • kjh says:

          >to carry the data back across the air gap again via USB (not exactly
          standard virus functionality, but possible), you have extremely
          sensitive data escaping the system.

          Predator drones communicate by radio.  If the keylogger was crafted it could broadcast its logs by radio.

          • Guest says:

            So theoretically a virus on these controller computers could do a file dump of the entire contents of the computer/network via drone feeds to people on the ground in Afghanistan? That could be devastating.

            I guess it depends on how good their security systems are within these drone programs. Considering the quality of their security in general, I’d be pessimistic.

        • Guest says:

          If we examined mp3s on popular file sharing networks, I wonder how much malware we’d find targeted specifically to military software, like the program that controls these drones?

          MP3 isn’t the most likely vector for malware because a) they aren’t executable or scriptable to start with and b) streaming formats are tolerant of garbage and don’t tend to allow buffer overflows and similar ways of getting shellcode to execute. Worst case, they give up and just stop decoding until the next sync mark.

          Just don’t get me started on why formats with rich metadata aren’t a good idea…

    • Cowicide says:

      Their computer security procedure must be rotten to the core. Sounds like they allowed free transfer of files to and from the secret network via USB drives with minimal-to-none virus scanning.

      Sounds like that, but that could also be far from the truth.  Scan for untraceable malware all you want; you won’t find them.  And, there’s no solid evidence it came from the USB drives yet; it’s a good guess, that’s all.

      • Guest says:

        “Use of the drives is now severely restricted throughout the military.
        But the base at Creech was one of the exceptions, until the virus hit.
        Predator and Reaper crews use removable hard drives to load map updates
        and transport mission videos from one computer to another. The virus is
        believed to have spread through these removable drives. Drone units at
        other Air Force bases worldwide have now been ordered to stop their use.”

        Whether or not this specific virus came via this security loophole, the fact that they hadn’t banned USBs at that facility back then is a pretty clear indication that their procedures were terrible.

        • Cowicide says:

          Whether or not this specific virus came via this security loophole, the fact that they hadn’t banned USBs at that facility back then is a pretty clear indication that their procedures were terrible.

          I would agree with that to a point.  It may or may not mean their other procedures were terrible, but it certainly looks bad.

  11. AsylumWarden says:

    Speaking from experience. These virii come from sub-contractors and then the UAV owners don’t know or realize they need to clean the ground control stations (gcs) when they get them back.  The virus just speads like crazy.  One client actually allowed their archive of controller software to be infected by a gcs that came back from a sub-contractor.  The arvchive manager didn’t scan the device and all of the images were infected.  Those images then got installed on other gcs devices and spread around.  When the problem was discovered by yours truly(the unit had more than 30+ infections of 5 different keyloggers running on it!) they had to clean their archives and all gcs devices.  I always check incoming hardware before plugging anything into it which saved the day in this case.  It was a huge pain for the client that could have been avoided by using something more powerful than Norton and forcing virus checks before plugging into their office network.

  12. Brainspore says:

    Even bets on Cylons or Skynet.

  13. Listener43 says:

    It’s the Rise of the Machines!

  14. kjh says:

    Two things I find very worrying: 

    1. They’re using windows in a critical (one might even say life and death) application. 

    2. The US military is working with a Russian company to try and remove viruses from their own systems.

  15. Purplecat says:

    Hmmm. Doesn’t this mean that the real story is that much worse.

    I mean, this is the story that they let Wired get a hold of.

  16. Dear Dog in hebbin, the US military actually uses MS-Windows  for mission critical systems?

  17. ookie says:

    Right , BUT, if you use a WTF interface with MS-Windows , all encripition and access is on a need to know basis… virus proof… until someone manualy lets in ( or plants  ) the worm .. DUHHH !! easily trackable .

  18. Jim Saul says:

    How is it possible that these systems are not air-gap isolated?  Why would the drives even be compatible with unsecured systems?  If you were to design computer security with the kind of budget the US defense department has, wouldn’t the very first step be to establish hardware and software standards that are incompatible with any foreign or commercial standards, especially the data-structure on storage devices?

  19. Nick Gold says:

    October 7th, 2011 — It is revealed that the bulk of the US airborne attack drone fleet has been infected with an incurable computer virus

    October 14th, 2011 — Apple launches “Siri,” the personal artificial intelligence assistant

    October 21st, 2011 — Judgement Day

  20. social_maladroit says:

    They call these drone controllers “pilots,” call the individual drone operation stations “cockpits,” and have the drone operators wear flight suits when they’re operating them? Now that’s funny. There goes the cachet of being a pilot.

    The title of this blog post is misleading. The drones themselves haven’t been “hit by a computer virus”, the computer systems in the so-called ground control stations (now, isn’t that better than “cockpit”?) have been infected by a virus.

    Kind of stupid of them to know they have a virus infection and not to shut the whole thing down until they figure out what it is and how to permanently get rid of it, i’n't it?

    • Nick Gold says:

      “Kind of stupid of them to know they have a virus infection and not to shut the whole thing down until they figure out what it is and how to permanently get rid of it, i’n't it?”

      Are you kidding?!  There’s brown people to be blown up, dammit!

Leave a Reply