U.S. Drone Fleet Infected

Somewhere, a foreign intelligence service officer is getting mad props

The U.S. Fleet of Predator and Reaper drones are infected with an ingeniously wipe resistant key-logger virus. This is bad news for my team. The best that civilian news sources can figure is that the virus was introduced via removable hard drives at Creech Air Force Base, the Central UAV hub for both the CIA and the Air Forces intelligence missions (CIA operations drones are based somewhere else). The virus is proving difficult to remove, resisting multiple removal efforts.

Figuring out that Creech was one of the only military information systems that still used removable storage devices which carry the risk of leaking secure data onto the wider internet was clever. Then effecting a successful operation to breach that security and infect the target system is the mark of an intelligence agency and not something your run of the mill hacker could accomplish. Whoever did this likely put a lot of time and effort into this breach. Hopefully, American counter-intelligence caught this breach before the data was extracted. First there was the incident where Iraqi’s figured out how to pirate UAV feeds for $26 in electronics equipment, now this. When you computerize war, you open a brand new Pandora’s Box. A Predator is not something you want to lose control of, rather than sending out spam, missiles can’t be deleted.

(Source: Wired)


  1. Aliasalpha says

    So there was a single point of attack AND one that used removable media? I’m really hoping thats someone being intentionally vague because that sounds really really boneheaded

  2. lordshipmayhem says

    And let me guess – the OS being used is Windows. That’s just as bone-headed as using a single point of attack AND removable media.

    Stick to more securable OS’s, like Linux or BSD.

  3. ema says

    Hopefully, the part about the Creech techs trying to get the virus off the GCS machines by following removal instructions posted on the website of the Kaspersky security firm is just an attempt at a joke/disinformation.

  4. Art says

    The people the US fights are highly dedicated, invested, and largely undistracted by the modern consumer driven, media culture. They tend to learn quickly, adapt, and will exploit any technology they can get their hands on.

    A Vietnam vet had an observation that his guys generally only spent a few days, sometimes just a few hours, at a time actively mentally engaged in the fight. Then they settled down to reading paperbacks, writing letters to relatives, listening to the radio, playing tapes, and drinking and/or smoking dope.

    The Viet-Kong lived the struggle essentially 24/7. Every waking hour was focused on defeating their enemy, developing skills, thinking out new tactics.

    They pick up a new technology with the intent of exploiting it to defeat an opponent. They don’t have many distractions. They don’t often get leave.

    This is just as true in Afghanistan as it was in Vietnam. They meet the ten thousand hours requirement for skill mastery because they spend more time every day immersed in it. They are like prisoners left in a room with a few select manuals and no other distraction. Lacking anything else to do they end up pretty much memorizing the manual.

    I’m not advocating for longer tours or fewer amenities. US troops have it very rough by US standards and they need their free time. But people need to understand that the enemy is much more accustomed to deprivations and if they get their hands on technology they will pick it up it faster than we do because it is all they have to distract themselves.

  5. says

    lordshipmayhem, if this was done by members of an intelligence agency the operating system isn’t likely to make a difference. In fact it probably wouldn’t make a difference to the more sophisticated “amateurs.” Windows is the target of most attacks simply because it’s the most common operating system.

  6. says

    Harlon’s Razor applies here. Never attribute to malice what can be explained away by simple incompetence.

    While there are actors out there determined to penetrate DoD networks, likely this was somebody who got sloppy with his external hard-drive, copying over a PDF, PowerPoint, or video on an infected computer. The damage will be limited, since I would imagine the flight controls are on a separate computer not connected to the internet. They can log all the keys they like, they won’t be able to recover the data.

    Now, they might have gotten this onto the terminals that are used by the crew to talk to the rest of the Army. That’s dangerous, no doubt, but no more than the infection of any OTHER terminal. They can’t hijack feeds any more easily, and they cant hijack control of the drone. They could, if the worm can hack back out into the regular internet, pass data to a malign actor, but the same access could be gained even at an S1 shop downrange.

    In truth, perhaps its time to look at a complete overhaul of our infrastructure and adding in compartmentalization onto the red-side infrastructure (more than now). Le Affair Manning should have taught us that. If some self-centered little shit can copy that much data, its time to start restricting access to all but the most essential areas.

  7. Lassi Hippeläinen says

    @tim gueguen: Windows is the favorite target, because it is the easiest system to break. It started as a single user system. Its user was expected to have full control of the hardware, so there wasn’t much point in thinking about security. Some security measures have been added later on, but as usual, afterthought is no substitute for forethought.

    Unix started as a multiuser system, and inherited many security features from Multics. Therefore breaking Unix is an order of magnitude harder than breaking Windows.

    That doesn’t matter much if this is a case of cyberwar, but I doubt it. A targeted attack wouldn’t have smuggled in a mere keylogger. They would have taken control of the drones.

  8. says

    Lassi Hippeläinen
    It started as a single user system.

    Mmmzt! Wrong! Thanks for playing…

    The current versions of Windows are all derived (to some degree) from NT, which was Dave Cutler’s version of “VMS lite” before it got microsofted to bits. It was, however, designed from the start with the target of being a multiuser, multitasking operating system. That stuff all got screwed up because things like the security executive got in the way, and the separation between the kernel and the GUI caused performance problems. In other words, there actually WERE security features but they got eroded in order to make stuff like plug and play device drivers work.

    And, breaking UNIX is -not- an order of magnitude harder than breaking Windows. For that matter, I found my first 4 UNIX vulnerabilities back before Windows (the first GUI atop DOS thing) was released. UNIX was, and remains, a complex mass of spew-code atop a brilliant design with tricky implementation bits that show true genius. The vulnerability landscape is almost entirely driven by the popularity of platforms, not some abstract notion of the quality of their codebase.

    I keynoted a security conference in Australia last year, and IBM was giving out 2gb USB drives at their booth. Nice. I took a couple. When I got home I plugged one in (to my OpenBSD 2.2 box) and wiped it. The other I gave to a friend, who plugged it in an had his laptop taken over by a piece of malware that had pre-infected it either while it was in IBM’s hands or at the thumb-drive manufacturer’s. Anyone who is familiar with the current state of computer security knows that you don’t just grab a piece of plug-in media and plug it in, even if it’s new from the manufacturer – because you don’t know whether the manufacturer was dumb, and some idiot there infected the master image without realizing it. This happens time and time again – I don’t see the hand of state-sponsored espionage; it’s just sloppiness. Introductory-level n00b sloppiness.

  9. says

    (Addendum on previous)
    BTW, one of the development targets of the NT kernel was to be able to comply with the DoD’s “C2 by 92!” mandate. So it had a full set of security features based on the orange book c2 evaluation target. Those features are still there and they still work; it’s just that nobody uses them.

    Because of Microsofts’ failure to make Windows system administration non-pathetic most Windows users run all their applications as local administrator. That means that any piece of malware they run can install drivers, move or modify system files, and even access the underlying bios of the motherboard. There’s a word for people who do all their Windows work as local administrator and it’s “lunchmeat” N00bs who do all their Linux work as ‘root’ are in the same boat.

    System integrators that are building critical systems like these need to understand security and build them so that they’re not going to fall over when the first gentle wind blows, even if they’re being run by trained apes.

  10. mas528 says

    I really hope the OS was DoD propietary.

    I.can’t imagine that drones would have anything but a custom embedded OS.

    And FYI, NT was not derived from VMS. Nor was it derived from Windows 3.x, 9x, or others.

    It was a completely new OS.

  11. Lassi Hippeläinen says

    @Marcus Ranum: Yes, the users are a big part of the problem. Users of old time Windows (pre-NT) got used to having access to everything. When NT restricted their rights they got angry, and often for a reason, because some of their legacy software didn’t work. It shouldn’t be a problem anymore, but the attitude persists. Windows has a legacy user problem that still makes it behave as a single-user OS.

    Unix users are more comfortable with limited rights, because they learn the system that way. I have three “users” (for admin, work, and hobbies) in my home Linux box, all for myself.

    @mas528: The drones weren’t hacked, only their ground control machines.

  12. geocatherder says

    @mas528: DoD looks to save costs on their systems as well as anyone else might. I’d be surprised if the OS was proprietary. That’s an AWFULLY expensive OS. I worked on several simulator systems in the ’80s and ’90s with proprietary OSs — PC OSs were new and untried then, by military standards, and UNIX was suspect because of its open nature — and when we were lucky, we could talk them into DEC machines using VMS, but that was rare. Generally we got some minicomputer OS that we had to hack, or some lame attempt at making a microcomputer (e.g. embedded specialized PC) behave itself. Despite all that, we produced some bitchin’ simulators…but as a taxpayer, I was annoyed. As a senior engineer, I’d had enough exposure to finances that I could tell when the DoD was being cent-wise and dollar-foolish.

    I’ve seen one commercial attempt to create an OS for an entertainment system that actually worked — well — but the company lost it’s last round of funding in ’01 and died. OK, actually, they were acquired in bankruptcy by another company that in two months killed the entire product line. I was laid off in the process, so it’s somewhat personal, But there were some good contracts in the works. If they’d gone out on a limb, they could have made some money. But so it goes…

  13. says

    Can’t really comment too much on the drones since much of it is Red Net, but IMHO stupidity might not be the cause. Those hard drives get routinely screened are tracked, the unclassed computers that they connect to are blocked from anything other than DoD unclassed sights.

    The DoD gets thousands of hack attempts daily and that doesn’t count the massive phishing that goes on against users. If I was the person trying to penetrate and knew the system I was going for, I would phish though fake AKO sites (there are dozens) until I got a random guy’s AKO (the main army website that most everyone uses) login info. So that when the tainted drive got to an unclassed system, it could send that info out through the stolen AKO.

    Now my ear will be on the ground to see what comes out on Red Net, but since I am always scared of leakage, I won’t comment further on what I see come out of that until/if the press gets a hold of it and then only will link to the press report. If you have access to Sipr, drop me a secure email and I will forward you the source info on my secure blog.

    Another possibility is that someone tried to get out some footage illegally for their own use in a “hooah’ video and just carried a virus in on his personal drive. If that is the case, then Manning will have a new cell mate before the month is out.

  14. says

    My programmer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the costs. But he’s tryiong none the less. I’ve been using WordPress on various websites for about a year and am worried about switching to another platform. I have heard very good things about blogengine.net. Is there a way I can import all my wordpress content into it? Any kind of help would be really appreciated!

  15. says

    Wow, fantastic blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your website is fantastic, as well as the content!. Thanks For Your article about U.S. Drone Fleet Infected | Assassin Actual .

  16. says

    Whats Taking place i’m new to this, I stumbled upon this I have discovered It positively helpful and it has aided me out loads. I’m hoping to give a contribution & aid different customers like its aided me. Good job.

  17. says

    I’ve been browsing online greater than three hours nowadays, but I by no means found any attention-grabbing article like yours. It is lovely worth sufficient for me. In my view, if all web owners and bloggers made excellent content as you did, the internet will likely be a lot more helpful than ever before.

  18. says

    Interesting blog post. The things i would like to contribute is that personal computer memory must be purchased in case your computer still cannot cope with whatever you do along with it. One can deploy two random access memory boards with 1GB each, as an illustration, but not certainly one of 1GB and one having 2GB. One should check the car maker’s documentation for the PC to ensure what type of ram it can take.

  19. says

    Wow, awesome blog format! How lengthy have you ever been running a blog for? you make blogging glance easy. The whole look of your website is excellent, let alone the content material!

Leave a Reply

Your email address will not be published. Required fields are marked *