Super. Our drone fleet has been hacked
posted at 12:30 pm on October 8, 2011 by Jazz Shaw
Just in case you were feeling a bit too comfortable and secure these days, there’s one more thing for you to worry about. Over at Wired, Noah Shachtman of The Danger Room reports that our Predator drone fleet may have been compromised by a computer virus. (Feeling better yet?)
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system
At The Atlantic, Alexis Madrigal provides an abrupt summary… This Is Bad. Well… it certainly doesn’t look good.
As soon as I heard about this story I contacted a trusted source with an extensive background in this area. He provided an intriguing opinion on what may be an alternate explanation for what we’re seeing.
Keeping in mind that I never worked directly on this specific program, two possibilities come to mind. The first and most obvious is that this will turn out to be exactly what it looks like. Somebody introduced some malware and we’ll have to root it out, stop it, and try to determine where it came from, as well as whether or not our data has been compromised to an external source. But there is one other possibility.
I can tell you that security in programs at this level isn’t just comprehensive. It borders on being paranoid, and the left hand frequently doesn’t know what the right hand is up to. It may turn out that this keystroke logger is part of a security program introduced by our own guys without the tech folks on the other end knowing about it. (We don’t tell our people when we’re monitoring them to make sure nobody is talking out of school.) Then, if the tech guys stumble across it, the instigators might not be too quick to own up to it. That’s why it’s not always good to have people running off to talk to reporters when something like this crops up. The system may need time to work through the process and sort out what actually happened.
Given the secrecy surrounding the program, we may never know all the details. (And for that matter, is it that important that the public know about this? If anything qualifies as a matter of national security, this would seem to qualify.) But I suppose the good news is that the military is aware of it and moving to stem any possible damage. As we move from large scale field operations to more and more remote special ops – which we seem to be doing – programs like remote drone attacks are increasingly critical. Let’s hope they manage to keep all the horses in the barn on this one.
Blowback
Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.
Trackbacks/Pings
Trackback URL
Comments
Is Weiner involved?
faraway on October 8, 2011 at 12:32 PM
The LESS the public knows about ANY military or diplomatic activity the better.
Rugged Individual on October 8, 2011 at 12:36 PM
Why would someone want a keylogger in drone controls?
To control drones? What more wonderful thing would there be than to use the evil empire’s drones against themselves.
This as a great potential for big ugly.
We need to spend a lot more effort on securing this stuff, and that doesn’t mean outsourcing the programming to China or India or using those bright and so cheap H1B visa people on it.
CrazyGene on October 8, 2011 at 12:39 PM
One would think this would be ultra super secret classified information. Wouldn’t one think?
stvnscott on October 8, 2011 at 12:42 PM
Anyone hired in the Federal government from 1/20/2009 through 1/19/2013 will have to be fired… just to be safe.
faraway on October 8, 2011 at 12:46 PM
Achmed asked me if Hot Air could please post a few more technical details. Inshallah.
philw1776 on October 8, 2011 at 12:48 PM
The fix is to boot in Save Mode with Networking and then run SuperSpyware Remover Plus.
Geeze, everyone knows this.
Oh…don’t forget to reboot. A Drone in Save Mode is a useless Drone.
Electrongod on October 8, 2011 at 12:49 PM
Chances are that the virus’ are built directly into the computer chips and cannot be removed. It is a good thing that America has surrendered the production of anything real. We can produce nothing for ourselves without jumping through environmental, labor, resource and every other hoop the government throws at businesses. So, now we find out that we are at the mercy of foreign powers that produce our products for us.
astonerii on October 8, 2011 at 12:49 PM
Why would you tell anyone about this, and thus let our -presumed- enemies know we were on to them, unless you were trying to cause harm or were just plain stupid?
WitchDoctor on October 8, 2011 at 12:51 PM
All your drone are belong to us.
esnap on October 8, 2011 at 12:51 PM
I bet this is a CIA team taking over controls so they can target whoever they want. Probably the same bunch who were behind bringing the WTC towers down. Ok, back to the OWS protest……
cartooner on October 8, 2011 at 12:51 PM
Who is the idiot who decided to run such a system on Microsoft Windows? Look, I work for an Internet company. We don’t allow Microsoft operating systems anywhere NEAR our production operations for just this very reason.
No if I were in charge of things at DoD, someone would have some serious explaining to do as to why ANY defense weapons/surveillance system is using Microsoft Windows.
Someone should be fired. Immediately.
crosspatch on October 8, 2011 at 12:57 PM
Although Jazz’s friend has an interesting comment, I have to come down, at this point, on the side of “this is exactly what it looks like.”
The folks in tech closets might not know about a defensive keystroke logger if it was introduced by friendlies in other tech closets, but the commander responsible for operating the drones would. The virus was likely to be found at some point (paranoid IT guys would certainly recognize that).
It’s good news that this has been identified, before something clever was done with the breach. It will take some money and time, but it can be fixed.
J.E. Dyer on October 8, 2011 at 12:58 PM
Steve Job’s last laugh.
Shy Guy on October 8, 2011 at 1:01 PM
I have a few recommendations on that…
SlaveDog on October 8, 2011 at 1:04 PM
Amen!!!
My scene for the end of the world has a bunch of brass standing around in a giant command and control room looking at the blue screen of death on the giant display as it changes to “Please wait” as the incoming missiles are falling.
Just because Microsoft (or any company) has big bucks, doesn’t mean it’s the correct solution.
CrazyGene on October 8, 2011 at 1:05 PM
My money’s always on Chinese gold farmers trying to get at World of Warcraft passwords.
Blacklake on October 8, 2011 at 1:05 PM
Maybe they’re becoming self-aware and will turn on their creators?
I smell a sitcom.
mudskipper on October 8, 2011 at 1:09 PM
This.
SouthernGent on October 8, 2011 at 1:09 PM
“I can tell you that security in programs at this level isn’t just comprehensive. It borders on being paranoid,”
I recall seeing a story well over a year ago that the video signals for the drones was virtually unprotected. The military source quoted in the story indicated that the feeling among the leadership was that the Taliban and Al Queada were too unsophisticated to take advantage of the vulnerability, so that there was no rush to address the problem even though there were already reports of the video links being monitored.
djaces on October 8, 2011 at 1:13 PM
There is another possible scenario that is going on.
Our Cyberwarriors are daring folks to try to hack their system as a ruse to sucker hackers to try to hack into some bogus virtual drone terminals they’ve got set up. When an attempted hacker is engaged, they turn the game around and hack the hacker, find out what the hackers technology is capable of or minimally get enough info about them so they could be neutralized at a time and place of their choosing.
In other words, this could be the coming out announcement of GAME ON! It only makes sense — Instead of sitting around growing more and more paranoid waiting to get hacked, our cyber folks are going on the attack… It’s basically what any true gamer/programmer would do…
In the meantime, everything that really matters remains secure.
drfredc on October 8, 2011 at 1:14 PM
While it’s possible the drone fleet has been “hacked” that isn’t what the article says. It says the fleet has been infected with a key logger, likely introduced as a result of the use of external drives. That is just as likely an accident of fate as hacking, which is purposeful.
MTF on October 8, 2011 at 1:17 PM
.
There has to be a Monty Python skit about this… somewhere!
ExpressoBold on October 8, 2011 at 1:18 PM
I hope it is CI fog…but suspect another disgruntled military man who just can’t stand his duty roster. Pray it isn’t something far more sinister.
Limerick on October 8, 2011 at 1:20 PM
I never liked armed drones in the first place.
Slowburn on October 8, 2011 at 1:33 PM
Who is the idiot that would allow any military computer system to be connected to any outside communication whatsoever?
They should not be connected to the internet, period. They can’t be hacked if there is no connection. Same goes for our electric grid and nuke plants, there should be not just a firewall, but a complete disconnect from outside communication.
If there is a need for information exchange, have it on a system where someone plugs in, do the download/upload, then pull the plug. If there is a need for constant updates or communication, a complete seperation from the point of entry for said data and the systems controlling big stuff can be made, with careful inspection of that data before it enters the critical system.
Isolationism!!!!!1!!
iurockhead on October 8, 2011 at 1:37 PM
I followed the link to the article on Wired. I am stunned that they had to go to the Kaspersky website to find instructions on how to remove the virus. If they can’t keep something of national security secure, how will they keep our private medical records secure once Obamacare requires them to be stored on a national database?
GrannySunni on October 8, 2011 at 1:38 PM
Made in China?
Gwillie on October 8, 2011 at 1:40 PM
I smell Red Chinese…
Zorro on October 8, 2011 at 1:41 PM
Another glaring example of the ruination of American exceptionalism.
darwin-t on October 8, 2011 at 1:46 PM
Close enough
Shy Guy on October 8, 2011 at 1:47 PM
.
Death raining from above in a quite unexpected way? Yes, just close enough, I should say…
.
BTW, the Python crew came up with a quite disgusting name in this skit, a Mrs. B. J. Smegma, before she was annihilated. I couldn’t believe they used it but since the reference is somewhat technical, in a veterinary medicine sense, they got away with it.
ExpressoBold on October 8, 2011 at 2:05 PM
yup. :(
listens2glenn on October 8, 2011 at 2:20 PM
Obama: Uuuuuuuh I swear, I’m certain that I nor AG Holder know a thing about this or who did it. I swear! We’re not anti war. We’re not. We loooooo…err looooooooo..uh….looooooove America. We do! You believe me, right? Uuuuuuuuuuuuh
capejasmine on October 8, 2011 at 2:27 PM
I remember that one from some 30 odd years ago.
A much younger John Cleese.
Thanks for the link, Shy Guy.
listens2glenn on October 8, 2011 at 2:28 PM
If the system is not running windows, then a virus on someone’s thumb drive from a windows laptop can not infect it nor can a virus that is coded into hardware that is designed to spread across Microsoft operating systems.
These systems should NOT be running Windows. They should be running a modified Linux kernel with all unnecessary drivers and services stripped out (run “make menuconfig” in the kernel source directory and wear out the “N” key deselecting things that are not required and then make a new kernel and install it).
If the systems were not running windows, and better yet, not running iX86 processors, there is no way an OS exploit could be made and if the CPU is not capable of running the iX86 instruction set, a binary virus would have no impact. Also, a laptop could not be used as the transport to the system because the laptop runs a different OS on a different CPU.
Linux runs on a lot of different CPUs.
crosspatch on October 8, 2011 at 2:32 PM
Now that we know that the State Department has issued an apology to the jihadist’s family, how long before Obama points the finger at the hacker?
djaymick on October 8, 2011 at 2:57 PM
news story today about Apache hacks; couple weeks ago I read about Apple OS viruses on the rise. Get off your high horse, OS wars are boring and have been done to death.
WitchDoctor on October 8, 2011 at 2:57 PM
My first reaction was “who the hell has the capability of doing this?” and it made me sort of sick.
After reading the Option 2 from Jazz’s “trusted source”…that sounds better. And maybe more likely. Because the first choice just doesn’t make any sense. Why would Israel hit our drones with a virus?
Jaibones on October 8, 2011 at 3:21 PM
WitchDoctor, Apache isn’t an operating system, it is a program. Such a system would not be running an Apache web server.
The point isn’t so much that one OS is better than another as it is that the system should be running a DIFFERENT OS (preferably on a different CPU type, too) than laptops people might drag in. That way a Windows virus can not infect the system using an OS exploit and a binary exploit programmed into chips made in China won’t work either because the CPU would be different.
In other words, run Linux on an ARM, and MIPS CPUs as well as m68k processors.
crosspatch on October 8, 2011 at 3:32 PM
WitchDoctor on October 8, 2011 at 2:57 PM
Dear Doc,
There are still no virusi for OSX; there does seem to be a few trojans, but one has to actively install them – they don’t just happen like on windoz.
Friendly21 on October 8, 2011 at 4:33 PM
Now you’re catching on!
TugboatPhil on October 8, 2011 at 5:35 PM
A curious thing about this article makes me wonder if it is even true or not. Why is someone within DoD all hot to talk to The Atlantic about this before they have even checked with their internal security to see if it IS something they put there?
The article notes a certain degree of uncertainty whether this is really a virus or whether it is an internal security feature. Why would someone run blabbing to the press before they checked that out? What is their purpose in getting that information out into the press?
Something doesn’t smell right with the whole story.
crosspatch on October 8, 2011 at 6:33 PM
The point to the national database is just the opposite of keeping them private. They want any doctor or government official to be able to access them. It is for EASE of access that this is being done, not to secure access. The current system is more secure.
Imagine what would have happened to “Joe the plumber” had his medical records been accessible by a partisan hack in some bureau.
If my medical provider fails to secure my records, I can flee to a different provider and make my case widely known so others can flee, too. I can not flee my government except to flee the country. Government doesn’t have to worry about any “competition”. So imagine some hack does leak someone’s medical information or information about a family member. So they “resign” or get fired. How long before some major supporter of the party that benefited from the release of information gives that hack a nice job somewhere in reward for “taking one for the team”?
I will tell you one thing, if government obtains everyone’s medical records, then I want to change the law so that individual political donations can be kept secret. I don’t want some government political hack looking up my political donations before deciding if I get the “fast queue” or the “slow queue” for treatment.
crosspatch on October 8, 2011 at 6:40 PM
There is another possible scenario that is going on.
So, they have a trace buster buster buster?
Hazzard on October 8, 2011 at 8:21 PM
Well, “honeypots” are an old game. It is something crackers always need to be aware of but they sometimes fall into one.
crosspatch on October 8, 2011 at 9:06 PM
You folks are overthinking this way too much. There is no way the Air Force would fail to tell the commander, if the keystroke-logger vulnerability were deliberately introduced as an own-force defensive measure of some kind.
If the unit commander at Creech is surprised, then this wasn’t done deliberately, as a policy or tactic, by our people. A vulnerability like this is not something the unit commander would be left to find out about as an unpleasant surprise.
One of Noah Schachtman’s sources told him he had been sitting in command meetings for the last two weeks at which this “virus” was treated as a big source of concern. That doesn’t happen unless the officer in charge really was surprised by it.
J.E. Dyer on October 8, 2011 at 9:47 PM
This word is not properly spelled without any numbers.
ReformedAndDangerous on October 9, 2011 at 12:15 AM
Our secure necessary communications come in contact with any virus potential at all?
Not cool.
Speakup on October 9, 2011 at 12:28 AM
I don’t really buy any of this. If it was “leaked” and is true, whoever leaked it is going to get hammered. There is a short fuse for leaks these days.
gator70 on October 9, 2011 at 1:21 AM
@ crosspatch on October 8, 2011 at 6:40 PM, Thanks, you bring up some very valid points I hadn’t fully considered. Now I’m feeling more paranoid than before. LOL
GrannySunni on October 9, 2011 at 10:13 AM
This is a Trojan and not a virus and why can’t the media use the proper terms and definitions?
http://dictionary.reference.com/browse/virus
In computer technology, viruses are malicious software programs, a form of malware. By definition, viruses exist on local disk drives and spread from one computer to another through sharing of “infected” files.
http://compnetworking.about.com/cs/worldwideweb/g/bldef_trojan.htm
a trojan is a network software application designed to remain hidden on an installed computer. Trojans generally serve maliciious purposes and are therefore a form of malware, like viruses.
JeffinSac on October 9, 2011 at 11:39 AM
It is a trojan if it was installed with something else or was installed billing itself to something different (the name comes from Trojan Horse).
It is a virus of it spreads from one system to another without the operator actively installing it. That it is cleaned and then finds its way back means it could be either. They are going to have to perform very careful analysis in order to find out which it is.
crosspatch on October 9, 2011 at 5:48 PM
Keystrokes on critical and/or sensitive systems SHOULD be “logged.”
The important question is “Who has access to the log?”: if the log can be transmitted to points unknown via the Internet, there is a real problem. But if the log can only be retrieved and viewed by authorized military personnel, the logger is a security enhancement which can catch intruders into the drone system and NOT a problem.
landlines on October 10, 2011 at 2:06 PM