Computers Controlling Military Drones May Be Infected

Wired reports that the US military found a keylogger on computers used to control drone flights.

The computers used to control Predator and Raptor drones used in Afghanistan and other war zones have been reportedly infected by a virus that captures the keystrokes of the pilots operating the unmanned aircraft.

Although detected two weeks ago by the military's network security systems, the military has been unable to purge its computers of the apparent keyboard logger, Noah Shactman reported Friday in Wired's Danger Room blog.

"We keep wiping it off, and it keeps coming back," a source familiar with the network infection told Shactman. "We think it's benign. But we just don't know."

According to the report, the virus hasn't prevented pilots stationed at Creech Air Force Base in Nevada--where the drone control center is located--from completing their missions. Nor has any classified information been lost or sent to an outside source, Wired reported.

No one knows how the malware got into the system or whether its arrival was deliberate or accidental, but it has infected both classified and unclassified machines. That means information nicked from the classified networks could be funneled to the unclassified networks where it could be leaked to clandestine locations on the public Internet.

According to Wired, the Air Force isn't commenting directly on the infection. A spokesman for the service's Air Combat Command, which oversees the drone program, said that that it doesn't discuss specific vulnerabilities, threats and responses to its computer networks because it can help intruders refine their attacks on military systems.

"We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover," the spokesman told Wired.

Although the keylogger appears to be harmless, some security experts found news of the intrusion alarming.

"This is bad in so many ways," Richard Stiennon, chief research analyst with IT-Harvest in Birmingham, Mich., told PCWorld. "It indicates that the military is using completely insecure operating systems and practices for the critical function of controlling drones."

"These are deadly weapons that must work as required and only when required," he continued. "To have their command and control corrupted by apparently common malware is inexcusable."

He maintained that the hard drives on the infected machines should be restored from a clean image. "A removal tool cannot be trusted to completely remove a virus," he asserted. "The fact that they attempted several times to remove this malware indicates the sorry state of protection within this critical military system."

John Bumgarner, chief technology officer with the U.S. Cyber Consequences Unit added: "It is highly troubling that the military computer systems used to fly classified Predator missions were breached by an unknown adversary. The security controls for these sensitive national security systems should have been held to a much higher standard by the Department of Defense."

Despite the sensitive nature of their operations, computer security hasn't been a hallmark of drone operations. In 2009, for example, the military seized the laptop of a Shiite militant in Iraq and found days of video footage intercepted from drones flying missions in the region. Since video feeds from the drones are unencrypted, the military explained, it's relatively easy for the militants to snatch them from the air with software that can be purchased off the Internet for $26.

Since the terrorist attacks on the United States on Sept. 11, 2001, drones have increased in importance as a tactical weapon. In the 10 years following 9/11, 30 CIA drones have been attributed with the deaths of more than 2000 militants and civilians. Another 150 Predator and Reaper drones operated by the Air Force patrol the skies over Iraq and Afghanistan. U.S. drones were also used to support NATO air attacks in Libya and were responsible for the death last week of Anwar al-Awlaki, dubbed by some as the "Osama of the Internet."

[Updated Oct 7, 4:04 PM with additional information]

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about etworkNATO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place