With the news of the USAF predator drone virus infection comes growing public concerns that the military is failing to provide adequate information security protections from malicious attackers. Hopefully, an air gap is being implemented which prevented this infection from sending its payload “home”, wherever that may be.
Unfortunately, knowing the scale of the US military and the fact that there is no patch for human stupidity, I can say with confidence that events of this magnitude happen far more frequently than the public knows. What makes this event special is that someone (who I am sure received a severe tongue lashing if not termination) leaked this information to a reporter.
While this news story should raise the public’s awareness of the vulnerability to a US cyber-attack from foreign sources, there are much larger threats to the nation, largely from public industry. Frighteningly, the same SCADA vulnerabilities that caused an Iranian nuclear reactor to spin out of control are present in every component of American infrastructure. For more information on the need to protect our Infrastructure, you can visit the FBI’s InfraGard website and even join as a member to receive the latest updates and participate in the discussion. Read on to get the summary from Sophos…
Malware compromises USAF Predator drone computer systems
by Graham Cluley on October 10, 2011 | sophos.com
According to a Wired report, malware has infected the control systems used by the United States Air Force to fly Predator and Reaper drones, logging key presses as the unmanned aircraft are flown remotely in Afghanistan, Libya, Pakistan and other conflict zones.
The malware intrusion is said to have been detected by the Department of Defense’s own Host Based Security System (HBSS), but attempts to permanently remove the infection from one of America’s most important weapons systems have proven unsuccessful.
Inevitably there has been some concern in the media that malware could interfere with the flight of drones that are not just capable of surveillance, but can also carry deadly missiles to remote targets.
Questions are understandably being asked as to whether a remote hacker could interfere with the drones mid-flight, or send information to a third party about the drone’s whereabouts or intended target.
Wired quotes an unnamed source familiar with the infection as saying:
“We keep wiping it off, and it keeps coming back… We think it’s benign. But we just don’t know.”
Hmm.. If I “just didn’t know” I would assume the worst. In computer security, it’s always safest to assume the worst possible scenario has happened and take the necessary steps until you have proven that it hasn’t, rather than assume everything is ticketyboo.
US Air Force Chances are that the malware is a common-or-garden key logging Trojan horse designed to steal banking information rather than targeting the USAF. But if they are having problems keeping their systems malware-free, and have not identified the infection accurately, they should presume that it is more serious instead.
Predator and Reaper crews fly their drones remotely from an airforce base in Creech, Nevada. The computer systems used to control the weapons are supposedly not connected to the public internet – to reduce the chances of malware infection.
However, any IT administrator will know that simply disconnecting a computer from the internet does not make it 100% safe. Malware can be introduced via other means, such as a USB memory stick, as astronauts on the International Space Station discovered in 2008.
And that seems to me to the most likely vector (USB memory stick I mean, not outer space..) by which malware could have infected the drone computers, as it’s known that drone pilots use memory sticks to upload terrain maps and mission videos.