Hacked: Predator and Reaper Drones and Networks Infected with a Data-Logging Virus

A few days ago, Wired reported on an Air Force-wide virus that was infecting the networks that control our Predator and Reaper drone systems.  Originally it was misidentified as a keylogger, a virus that tracks all commands issued to a machine and reports it back to a third party. This sort of information has to be reconstructed on the other end and without knowing who’s looking at it or what information they want, it’s impossible to tell if the virus is a real threat or not.

Of course, it’s safe to say that any Air Force-wide security breach counts as a real threat, no matter what type of virus is in play.

The problem has several parts to it.  First isn’t figuring out what it does, that can be done later.  The first part is getting rid of the virus.  Which was particularly hard to do since the technicians that discovered the virus didn’t inform the rest of the Air Force, not even the 24th Air Force, the cybersecurity unit whose job it is to prevent and deal with this sort of thing.

“[When] Danger Room reported on Friday that Creech security specialists had spent the last two weeks fighting off an infection in the drones’ remote cockpits, there was an almost instantaneous media uproar.

“It also caught off guard the 24th Air Force, the unit that’s supposed to be in charge of the air service’s cybersecurity, multiple sources involved with Air Force network operations told Danger Room. ‘When your article came out,’ one of those sources said, ‘it was like, “What is this?”‘”

As it turns out, it’s a credentials-stealing virus.  Not as in military credentials, but login info for online games.  The Air Force identified its method of transmission: thumb drives.  Windows autoplays media, and installs viruses for you, quietly and hassle-free.

“[The] Air Force did provide a few details about the malware. They said it was first noticed on ‘a stand-alone mission support network using a Windows-based operating system.’ And they called it ‘a credential stealer,’ transmitted by portable hard drives.  ‘Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach,’ the Air Force added.

“The malware ‘is routinely used to steal log-in and password data from people who gamble or play games like Mafia Wars online,’ noted the Associated Press, relying on the word of an anonymous defense official. That official did not explain why drone crews were playing Mafia Wars or similar games during their overseas missions.”

So yes, it turns out it’s more of a nuisance than a problem.  But one with a hard lesson learned: it’s super-easy to spread a virus across the Air Force’s networks and infect machines from the terminals crews use to check their email to the very machines we see as the future of air support.

And there’s more to it than just that.  The whole concept of data security is different in the military.  While corporations deal with this sort of thing regularly and have more experience fending off digital attacks, the military’s compartmentalized security here shows off its weaknesses, not its strengths.

“Unlike most big private enterprises, the 24th doesn’t have a centralized system for managing and monitoring its networks. There’s no place at the 24th’s San Antonio headquarters where someone could see all the digital traffic hurtling through the service’s pipes.

“‘We’d never managed the entire Air Force network as a single enterprise,’ Vince Ross, the program manager of the Air Force Electronic Systems Center’s Cyber Integration Division, said in March. ‘That meant there was no centralized management of the network, that systems and hardware weren’t standardized, and that top-level commanders didn’t have complete situational awareness.'”

We’re left wondering, as our appreciation of weapons technology like this develops into a dependency on drones not just for reconnaissance, but combat, are we making our militaries stronger, or more vulnerable?

And as always, we welcome our new robot overlords.