Computer Virus Hits U.S. Drone Fleet

39 Squadron Reaper Remote Pilot at Creech Air ...
Image by Defence Images via Flickr

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones.

The virus was detected by the military’s Host-Based Security System, and as yet has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. There have been any confirmed incidents of classified information being lost or sent to an outside source.

But as of the time of reporting by on 07/10/11 the virus had resisted multiple efforts to remove it from Creech’s network.

Taken on it’s on this is bad news, but this attack highlights current and future security risks in the U.S. military weapons system and the world in general.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

The security specialists tasked to deal with this infection are not sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident. But they are sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

The most amazing thing to this is not that the virus is there, but how the outbreak happened.

None of the remote cockpits for the drones are supposed to be connected to the public internet; this should make them immune to viruses and other network security threats.

In late 2008, attached remote drives introduce the agent.btz worm to hundreds of thousands of Defence Department computers. The Pentagon is still disinfecting machines.

Use of the external drives is now restricted throughout the U.S. military, but amazing the base at Creech was one of the exceptions to that prohibition or at least it was until this outbreak.  Predator and Reaper crews used removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

Security is a pain, and truly tight security is a better pain yet, but where you are dealing with death-dealing machines, and systems who entire livelihood depends on, such laps in common sense let alone security must not be allowed to carry on.

As an It engineer working in IT outside of the military I continually see laps in security forced upon IT by senior management, and influential users who say why must I have a password, and see no problem in using unprotected devices to store financially embarrassing information. It is forced into using unpatched or not fully patched Operating systems due to lack of time to do patch testing.

I have no doubt that the UK and Armed forces, and those of other countries are equally at fault for such laps.

We know how to protect security of data and system, and we know we need follow some pretty basic principles. The question is, when will we do that?


I have a dream ..

Perhaps the world needs a centralized patch managing database.

The purpose of this is not to do the patching, but rather for every company in every country to keep up a compatibility matrix of very operating system, patch, application, driver, and hardware build.

Even large enterprise companies would find such an attempt impossible, but a centralised world bank of information, sponsored by companies such as IBM, MS, HP, APPLE,  etc, all the worlds antivirus software companies, and every major country would should be able to do it.


About Joseph Leon Hall
I am a Systems Administrator, Network Engineer and Senior Technical Support Analyst and Microsoft evangelist. I spend my work time looking after networks, servers, desktops, laptops, and people. You ask wy people? That’s because in any network people matter. ”I am a PC! I am NOT a Mac nor a I a Chrome”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: