A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Push a little harder.
“We think it’s benign. But we just don’t know.” Those words worry me more than that they found a virus/keylogger.
Push harder indeed.
The opposition’s reply to stuxnet?
http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
I doubt it. From what I’ve heard it’s a pretty generic windows virus that made it onto the system via removable media. That’s what makes it probably benign – it can’t send back that data it collects.
Naw, no way this comes from removable media. We all know that DoD employees aren’t allowed to use removable media. Next thing you’ll tell us is that people bring firearms into “no guns” zones and commit crimes.
Silly Billy.
Kal
My understanding – and obviously if I actually knew anything about this that was confirmed, verified, etc. I wouldn’t be posting about it here – is that the systems are isolated but the maps they have need to be updated regularly and that these updates are large and are entered into the system by copying them from removable hard drives. The person I talked to thought this was how it got in.
I’ve seen other places now reporting that the ‘virus’ may be government software.
I really don’t know but the explanation about the hard drives made sense to me. I have no idea if we’ll find out whether it is true or not.
It can’t send back what it collects via *that* network, no. Virus’ like this are sort of aptly named — they infect and occupy not just what has touched that system, but every other system they come in contact with. That’s why they can’t eradicate it, they don’t know who is playing Typhoid Mary in their network.
I work data security for a credit card company, and it’s getting scary.
Worms and virus’ these days aren’t immediately scanning your address book and then sending that to an IRC channel. Lots of them wait, collecting, and send only an infrequent broadcast for help on out. They’re sleeper cells, waiting for contact. The one that does get communication upstream logs this and replies to those broadcasts. So sleepers collect data, send pleas for help, and the one time an agent capable of passing that info on goes active then out the door your data goes.
It’s easy to lock down a network — just don’t interconnect it to others or allow contact outside. Simple. But that sort of defeats the purpose of networks. And all it takes is one guy with a laptop plugging into the local net and the virus on his computer collects everything. That evening he goes home, fires up the wireless to his home net to check his fantasy football scores or work on that spreadsheet, and while he happily taps away your e-mail, perhaps your database access credentials, copies of those documents you were working on (or just had read access to on the corporate net) are being transmitted to an anonymous little server in Trashcanistan.
Used to be we worried about data access via the hard drives. We encrypted the drives, made certain laptops required fingerprint scans to even boot up their encrypted contents, in the server room there’s an EMP device we can trigger and failed drives go through a glorified degausser before they leave the building. There’s anti-virus on everything down to the fax machines and our firewall policy is you get to nothing not specifically approved and after proving who you are.
And at the end of the day that salesman or VP or manager takes his laptop home, and connects to an entirely unsecured network. Or he takes it to a trade show and accepts a pen-drive from a colleague containing the latest Powerpoint presentation and a more sinister payload.
When the goal is information, data, instead of money, it’s no longer enough to merely build a vault.
– Max
Stuxtnet Two?
http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
Time to bring out the ubergeeks, who read code the way some read poetry or equations. Really complicated equations.
Experts are a dime a dozen. Genius is quite a bit scarcer.
Maybe this time after the guy saves our bacon, we can get him something better than a floating drydock for a command…
Did I mention that bureaucrats hate geniuses? Now that we’re back to SERBing folk, maybe the ones who draw the short straw and get to pick lambs for the slaughter might keep that in mind. That whole only the highest fitrep grade thing may not have served us all that well last time.
Problem is, the SERB is pretty much all dyed in the wool bureaucrats.
But I digress…
Can’t they just put the computer in boiling water for 15 minutes? That should kill any virus.
Here is an idea… we take an airframe and put PEOPLE in it! Then, when the link goes down or the computer clanks up, the PEOPLE complete the mission!
Maybe we could take those old B-52s, put lot of little missiles on them, keep the cots and potty, and just let them orbit around. We would be teaching the old dog new tricks. That’s it! We could call it the “Old Dog Flight” or something like that.
Someone should write a book!
I see what you did there!
Dale Brown thanks you!
“Nothing to see here, move along. Praise Allah!”
As Corporal Hicks said in Aliens — “Take off and nuke the site from orbit. It’s the only way to be sure.” The malware writers have become very good at hiding their payloads in several hard to clean places — in the depths of windows, the boot sector of the drive, and even in the flash rom of the machine or a graphics card. Very often, you have to reformat the drive to know you’re starting clean, and then reflash the machine rom and pci cards. It sounds like the IT guys haven’t done that yet.
And there are group policy settings that prevent external drives from being used.
Actually, it was our lovely Ripley who made that statement…..but I agree with the sentiment.
dump windows and go linux or OSX.
Honestly, I cannot fathom why in the world these systems run on Windows. My guess is that development costs were less since things like DirectX and other API’s make the programming easier and, well, there’s a lot more people writing code for Windows than any other OS so the manpower figures were likely significant.
Still, it’s akin to buying a built-to-order automobile and then specifying the thing be made using only off-the-shelf parts from Lada and Yugo and never mind the door locks.
DoD really needs to take a look at the Gentoo linux project and learn something from it. In the case of Gentoo the goal was speed and optimization, but in a secure environment there is something to be said for a common operating system and programs that are compiled and loaded only from source code from a trusted source. It’s a lot easier to enforce security and broaden your contractor base when everybody is working off the same system and code. This eases collaboration in an open-source environment, it would do the same for a large entity like DoD that has thousands of contractors working on diverse projects.
– Max
Didn’t they have a movie about something like this? The Terminator, I think the name was…
Heh, remember a couple of years back when the insurgents were tapping into drone video feeds? Probably the exact same problem, wouldn’t be surprised if they never got a handle on that one.
We are surprised this is happening? I never was a big fan of the “UAVs are the panacea to our airpower needs.” The datalinks that enable them are vulnerable to jamming or spoofing. Shoot, the insurgents in Iraq were found to have tapped into the imagery with $26 software. Now the networks are vulnerable as well. There’s no substitute for a man in the cockpit. None.
We are surprised this is happening? I never was a big fan of the “UAVs are the panacea to our airpower needs.” The datalinks that enable them are vulnerable to jamming or spoofing. Shoot, the insurgents in Iraq were found to have tapped into the imagery with $26 software. Now the networks are vulnerable as well. There’s no substitute for a man in the cockpit. None.