Get News & Views Updates
Most Popular This Week
Popular content
Today's Top News
A Danger Room Exclusive: Computer Virus Hits US Drone Fleet
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
(Photo courtesy of Bryan William Jones) The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.
Drones have become America’s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki — part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.
But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.
The lion’s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a “ground control station,” or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot’s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield.
Some of the GCSs are classified secret, and used for conventional warzone surveillance duty. The GCSs handling more exotic operations are top secret. None of the remote cockpits are supposed to be connected to the public internet. Which means they are supposed to be largely immune to viruses and other network security threats.
But time and time again, the so-called “air gaps” between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.
Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.
In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives. “That meant rebuilding them from scratch” — a time-consuming effort.
The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”
However, insiders say that senior officers at Creech are being briefed daily on the virus.
“It’s getting a lot of attention,” the source says. “But no one’s panicking. Yet.”
Comments
Note: Disqus 2012 is best viewed on an up to date browser. Click here for information. Instructions for how to sign up to comment can be viewed here. Our Comment Policy can be viewed here. Please follow the guidelines. Note to Readers: Spam Filter May Capture Legitimate Comments...
67 Comments so far
Show All*facepalms at the stupidity* Really? Really? You've created "surgical" weapons of death, flying bombs that can hit almost anything you want, and you didn't give it beefed-up security? Or shut the program down temporarily while you tried to suss out the source of the virus, so as to minimize the chance of strategic/tactical/operational being made available to the public and/or your enemies? You people are complete idiots.
"Once the rockets are up, who cares where they come down?
That's not my department', says Wernher von Braun."
Almost incredible! But so are a lot of "only in America" moments these days. One wonders how this might affect targetting by the president's death panel in the days ahead. Are they sure that they actually got Anwar al-Awlaki? Would be ironic if a software virus forced them back to murdering people the old fashioned way.
Perhaps it's another one of those things that the U.S. military needs to contract out to the private sector like they already do with some of their base security. "Sit back, relax & let us fix your infected PC right over the Internet." Only $99.99 from the friendly folks at Norton Live Services.
I think you'll find they did contract this out, and thats perhaps why they can't clean it up. Proprietary software like much of Apple's is very hard to debug or cleanup. The fact they didn't have an alternative is problematic.
Not familiar with Apple's stuff, but I have certainly seen some pretty wild proprietary software. If people knew what lies behind some of the "supersecure" systems in the world of banking and finance, they'd be amazed. But at least a bug there doesn't actually kill anyone -- not usually anyhow.
If either of you were familiar with Apple you would know their products have a fraction of the security problems Windows systems do.
That aside I say the more drone infections the better.
Skynet started out as USAF's anti-virus software for its defense network computers that controlled their drones.
http://www.youtube.com/watch?v=DEtrzdGSXCU
Skynet has given up trying to control weapons and has settled for subverting humanity by providing free porn and free computer games to humans. Skynet also has multiple bots searching the internet that deny anything that implies anthropogenic climate change.
If you're an Artificial Intelligence encouraging the human race to commit suicide you can't have them catching on can you?
=;`P
Skynet is the virus!
Supposing there were private contractors that service these drones who use thumb drives to upload software updates. Also suppose they connect drone components to laptops that travel through the general public in an unsecured fashion. Laptops that are also regularly connected to the general internet.
Now suppose that the technicians who service these drones do so with laptops running Windows OS. This operating system is well known to have massive security flaws and vulnerabilities such that there is no way of establishing that any computer running Windows is actually secure short of replacing the hard drive.
Given those conditions......
There is absolutely no way that the Defense Department can expect to keep these systems free of malware and viruses when those conditions prevailed. If they DO prevail it simply shows that the people who run defense have large areas of casual incompetence.
lowlife scum...
they must have forgotten to have their flew jabs.
So how soon will a teenaged kid takeover one of the CIA's video games and fly it home?
NCIS LA had a program once that terrorist stole a drone and was going to use it to bomb LA. Now THAT would be unacceptable now wouldn't it? To use OUR weapon of death on us. Same thing if a foreign opperative works here in the US. Only our CIA, JSOC can work under cover in other countries.
Oh the hipocracy.
And land it on the White House lawn.
This will be a high concept HBO movie by the end of the month.
Actually this already HAS been a movie.... it was called "Robo Cop" .... the plot turn was inevitable --- the computerized drones ALWAYS go crazy and start killing innocent people. Oops. Guess we've already SEEN that part!
Dollars to doughnuts this is eventually revealed to be another Israeli Government espionage run, and because the Israelis are 'allies' nothing will be done.
On another tack, wouldn't this provide wonderful cover for a 10th anniversary 'Terrorist Strike(tm)'?
Just think... a drone patrolling the US/Canada or US/Mexico border is 'high-jacked' by 'terrorist(tm)' hackers and is used to either deliver it's missile payload (if armed) or just crashes into a high value target like a mall, coal fueled power plant, airport control tower, politicians speech, etc. All the MSM go to 24 hour disaster coverage, and the US Government trots out the 'It wasn't us' line.
More freedoms die, control slams down on the 'Net, and Hey! Presto!, instant Police State!
Fun, fun, fun!
Cylons no doubt. With all the money that goes to defense, you would think we were better protected from alien invasion. Oh!, That's just what we are paying for.
Begs the questions - Are We getting value for our defense dollars? How many of our systems would not function in time of actual war? Guess we won't know till the time is at hand. There is no excuse for the DOD not being able to defend their own networks. Typical defense, all we really get is the bill.
When I read the headline, my first thought was, "Oh, wouldn't it be neat if the gamers at Creech told their drones to take off and they refused, or they self-destructed, or just took off, looped and crashed back on the field?"
I guess we're not so lucky, yet, but the hackers are doing their best, I'm sure.
The other thing that seems, I dunno, juvenile?
"There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. Shades of Mr. "Mission accomplished" in his flight suit, Bush, or Mr. Obama in his flight jacket. It is all make believe to them!
These young kids get up in the morning, put on their flight suits and drive from home to a computer, where they no doubt pretend they are intrepid fighter pilots risking their lives for "Truth, Justice and the American Way." When their shift is over, they go over to the officer's club, have a couple of beers and brag about how many "bugsplats" they made. They might even have a contest to see who got the most and the winner gets a free beer. Then, they leave for the short drive home for dinner.
When I was a kid during WW-II, we kids dressed up in surplus army gear and went out back to fight the "Japs" and the "Nazis." (The latter were the kids that drew the short-straw because they had to lose.)
That was play, and we knew it was play. Nobody got hurt unless they got poked by a stick.
These "pilots" and "sensor operators" get all dressed up and play war, but those tallies on the screen at the end of the shift are women, children, farmers, villages, wedding parties, etc. Just "bugsplats" to be tallied up.
Sorry to rant, but it makes me sick!
The Commander-in-Chief is a civilian. When President Bush donned the uniform of an actual soldier for his now infamous photo-op, he defamed the American military men and women by turning their uniform into a Halloween costume.
Too bad it doesn't cause the drones to quit killing people. The military admits that they kill hundreds of innocents for every terrorist killed. It is in our interest to arrest and put on trial all criminals including terrorists and bank economic terrorists. When criminals have to explain themselves in court we find out who is guilty of what. I am not willing to allow any political, law enforcement or military official to kill on the basis of their say so, including the President.
Drone operators are murderers under international law and deserve to be tried for their crimes. Let's quit pretending a drone is anything other than a man or woman pointing a weapon, no different than a rifle, and killing a person without allowing legal representation for the guilt or innocence of that person. It's murder and the drone operators are cold blooded murderers and deserve the scorn of that ilk.
Please, please let it happen soon! Somebody take over a drone and smash it into the pentagon.
The new definition of 'war': almost invincibly armoured, massively armed (cowards) slaughtering unarmed populations.
The new definition of 'coward': those countries and those people who authorise/operate drones.
"The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say."
Not prevented, not confirmed, not fixed....not surprising.
What is surprising is that it's public.
If you were looking for a good "excuse" for drone hits gone "awry" (ie, ones that had killed civilians), what better excuse than " ' collateral damage' was the result of computer viruses"?
Rumsfield's company doesn't have a vaccine for this virus?
Well this could be China logging exactly who is murdering exactly who for future prosecution.------------- I was wondering why these other demension entities who transmit to people, do not transmit directly onto the web.----------A good begining would be for these higher beings to infect an anti-flu/fly virus so as to disable the drones.-----------These guys ( including the females) are big time murderers because they know in any kind of rational accounting they murder alot more civilians than armed freedom fighters.
Hey let's not call these "cockpits" anymore. They're not. They are very expensive game consoles, video screens, gameboards, thousands of miles away from their targets in heated/cooled well protected rooms. We hire uniformed miscreant youth to sit and fire on and kill what they think or someone tells them are enemy targets like they are playing a video game. "Cockpit" relates to a percise area on an air craft, in which a pilot sits and is also exposed to danger in engagements.
These people are never in any danger, not even according to this article from a computer virus. And they've demonstrated they aren't engaged enough to tell civilians from militants. They're only interested in gathering enough game points to advance to the next level. And if they make a mistake they can't hit crlz and make everything better?
It's just wrong.
Two weeks and still no solution to a keystroke virus? Not very confidence instilling is it
"Cockpit" relates to a percise area on an air craft, in which a pilot sits and is also exposed to danger in engagements.
Well, that's the theory anyhow, In reality engagements with the Afghan Airforce haven't been a huge threat lately. I suppose those "brave" pilots might encounter some sudden halts due to unplanned mountainous interventions, On the other hand, those drone "cockpits" do involve some exposure to hot coffee spills.
Or accidently getting their jumpsuits in a knot when they sit down. Think of the risk of carpal tunnel syndrome, very high risk job.
So for two weeks our defence department has continued to use a program which they know is tracking every keystroke? They have no alternative programs? Where'd they get this program? I am guessing it's development was offshored. Afterall US citizens aren't bright enough or educated enough according to our president.
I am guessing it's Israeli. They're the drone manufacturers of choice today.
Sounds like a Microsoft product. Or some Microsoft alumni.
Joke is that one disgruntled employee can infect a whole network with a $6 flash drive and intent. We should not be killing people with drones or anything else. All so Exxon and GE can do business FREEly. They reap the benefit of foreign adventurism and don't pay one dime of the cost.
No actually sounds more like an Apple product, where the consumer is never allowed to access the files or directories. Really hard to troubleshoot when all access is cut off. I know I've used both. And I'd much rather troubleshoot a PC than a Mac. You almost have to have three hands to use their override commands.
Even if program development wasn't offshored, you can be quite certain that any calls for support will be routed to some "techie" in India or thereabout. I'd really like to listen in on that conversation,
Andy Borowitz will have a great time with this one.
"Open the pod bay door, HAL..."
"Sorry Dave".
"What's the problem?"
"I couldn't help overhearing that you have some doubts about the mission..."
I think there is some computer nerd out there who is either having fun, or is politically aware and is telling our military something.
I am thinking for what we pay in taxes to support our Defense Department they should have enough "nerds" of their own to prevent this sort of thing.
This isn't the wild west of the beginning of the internet when "War Games" was actually possible, or is it? That film the "nerd" was still on dialup. Hell "warez" sites have been shut down and pirating has been stemmed hasn't it? Music trafficing is at an end. Napster is dead. Isn't that why we all in the US pay such high prices for access?
You mean their killing drones aren't secure to the onslaught of a couple of high school kids? Even with our Defense Department's and Homeland Security Department's budgets? What exactly are they spending our money on?
Only one comment so far referencing the "Windows OS" and its "massive security flaws." Unbelievable. Staggering. What the hell is wrong with the DoD? Windows? You've gotta be kidding me. The development environments available today (unless you're totally sucking Gates' member) can cross-compile for a variety of OSs, so why would anyone in their right mind construct a system capable of such destruction on a foundation known to be so massively flawed? Why the F is the DoD using M$ Scheisse when there are better, cheaper, more flexible alternatives? Oh, that's right, lobbiests. Scum.
I've been using Linux since 1992: never a single virus.
Is that the OS the Defense department is using? I don't know that do you? Or is it you're just fired up to jump on Microsoft? I couldn't tell from the photos what they're using. For all I know they are using Linux like you. Did you read the article?
Since Linux is open source if I knew the Defense Department was using it I would think breaching it would be easy.
No OS is without it's vulnerabilities. But I would think with the budget they have with encryption and proprietary top secret software they should be impossible to breach.
You got to love this:
"But time and time again, the so-called “air gaps” between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later."
Three years and they still have dirty machines. God, you'd think they could have replaced them all by now. And, I am guessing they need to pay their network administrators like Wall St. pays their "all Stars with incentives and bonuses. Someone's letting this sh@t in.
"Someone's letting this sh@t in."
Bingo, we have a winner. And, "the call is coming from inside the house" (IMO.)
"It may be a common piece of malware"
I really hope this is the reporter saying he does not know -- not that the military does not know. You see, when you run standard anti-viral software there is this thing called a virus database that looks up the code in real-time and TELLS YOU WHAT IT IS.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
In the anti-virus world the hotshots get to work and decrypt the virus code and figure this out. A few days later they report. I really hope there is alot special about this virus and the equipment its running on -- because I am not following what the problem is here.
-- Zagone
Dumb down the software to the point where the CIA can use it and you get problems like this. Why do people think any idiot should be able to use a computer? That's how we've gotten crap like Vista and ME, not to mention all the backwards-compatible hoops they jump through to keep people using their software. I'm so happy I use Debian...
What does DOD expect if they're going to use Wintendo machines? Geez. It's not safe to have your drone "pilots" visiting p0rn sites if they run Windoze.
The ego of the west will be our downfall. These young kids sit at their computers and kill people miles away by remote control with impunity. God is on our side. Let Him sort them out. Just like out of the Hollywood movies. The real Star Wars. What arrogance. At the same time, we can't secure our networks. Why? Arrogance again. It is arrogance to network mission critical applications. They should all be stand alone with a human operator as an intermediary - link.
Reminds me of an ancient Chinese story. Red and Blue armies were involved in conflict. The Red army general and his troops felt they were superior and that the Blue army were cowards. The Blue army general marched on the Red army city and set up camp outside the walls. 100,000 campfires were seen in the Blue army camp the first night. The Blue army general gave orders for the campfires to be reduced by 20,000 for four nights in a row and for his troops to withdraw quietly in the night. On the morning of the fifth day, the Red army general felt the Blue troops deserted in the night and prepared for attack. The Red army general led his troops in pursuit of the retreating Blue army with all haste to overtake and slaughter them. The Blue army general set a trap and had his troops wait quietly hidden in a pass. The Blue army general carved in a tree, 'Here is where the Blue general died'. The blue army general gave orders for his troops to wait in silence till the first lighting of a torch and then shower the pass with arrows. In the night, the Red army general came to the carved tree and had a torch lit to read the inscription. His army was lost in a shower of arrows.
His army was lost through ego and arrogance. In the end, the Blue army were not cowards and the Red army was not superior. The truth was late in coming for the Red army.