Keylogger Infects US Drone Fighter Planes

Unknown type of malware detected on US Air Force’s Predator and Reaper drones systems

Computers used to control the Drone unmanned aircraft used by the military to carry out military operations have been reportedly infected with malware, according to a report.

A keylogger has infected several computers the pilots using to operate the Predator and Reaper drones in the fleet in missions , Noah Shactman wrote on Wired‘s Danger Room blog. The virus has not prevented pilots stationed at Creech Air Force Base inNevadafrom flying or completing their missions overAfghanistanand elsewhere, Wired reported.

Malware Keeps Regenerating

The United States military’s Host-Based Security System detected the malware two weeks ago and network security administrators have removed the malware. However, it appears to keep coming back to re-infect systems. After repeated attempts to remove the malware, the technicians used a tool to complete erase and rebuild the systems from scratch.
“We keep wiping it off, and it keeps coming back,” a source told Wired‘s Shactman.

No one appeared to know how the malware got into the system, or what its purpose was. It has thus far infected both classified and unclassified machines and officials are not sure how far the infection has spread. Sources told Wired they believe the malware is “benign”, but admitted that did not know.

“We would hope that they can obtain the security expertise required to isolate and remove the infection, from either inside the Air Force, or from somewhere else. But they don’t want people to think they cannot handle it and going ‘outside’ is an admission of guilt,” Jon-Louis Heimerl, director of strategic security for Solutionary, told eWEEK.

No Internet Connection

Even though the sensitive systems and the ones actually controlling the Drone aircraft are not on the Internet, the fact that both classified and unclassified systems have been compromised means information can be funnelled across the networks and then leaked online. Sources told Wired they do not believe classified information has not yet been lost or stolen as a result of this infection.

A spokesman for the Air Force’s Air Combat Command, which oversees the drone programme, said that that it does not discuss specific vulnerabilities, threats and responses to its computer networks because it could help intruders refine their attacks on military systems.

US armed forces rely on drones to attack and spy on enemies without risking American lives. Since President Barack Obama assumed office, approximately 30 drones controlled by the Central Intelligence Agency have hit targets in Pakistan more than 230 times.

High Profile Missions

Missiles fired from the pilotless drones have killed more than 2,000 people, including the 30 September killing in Yemen of Anwar Al-Awlaki, an American-born Muslim cleric who was wanted for inciting terrorism attacks on the US. The attack on Al-Awlaki was part of an anti-terrorism surveillance campaign conducted over the southern Arabian Peninsula and the Horn of Africa.

The malware affected Predator and Reaper drones, which are under the Air Force’s control and fly over Afghanistan and Iraq. The bulk of the missions are controlled from the Creech air base. Ever since the WikiLeaks data breach when hundreds of thousands of  US diplomatic cables were leaked, the use of removable drives have been restricted, except at Creech and a few other Air Force bases.

Crews working with Predator and Reaper used removable drives to load map updates and transport mission videos from one computer to another. It appears the malware is spreading and re-infecting systems through these removable devices. Drone units at other Air Force bases worldwide have now been ordered to stop using removable drives.

“If the virus came in through a removable drive, it had to come from somewhere else – viruses don’t just magically appear,” said Heimerl. The fact that the systems keep getting re-infected is another clue that the problem is with the drive management system, as it did not detect that at least one data storage drive was compromised and that it has not been cleaned of malware infection. The military technicians need to fully clean the drone network, the drives as well as the organisational network, which is probably the original source of the infection, according to Heimerl.

Hi-Tech Catastrophe

Earlier in the week, at a cyber-security summit in New York City, Eugene Kaspersky, CEO of Kaspersky Lab, pointed out that cyber-combatants were getting increasingly more sophisticated in their targets and attacks. With computers controlling practically every aspect of daily life, there is a growing risk of a “hi-tech catastrophe” such as attacks on the electric grid happening, according to Kaspersky. “People are people, they make mistakes,” Kaspersky said.

This is not the first time the drone fleet has been compromised. US forces discovered that Iraqi insurgents had used software which they had bought for a mere $26 (£17) to capture “days and days and hours and hours” of unencrypted video footage that had been sent from the Reapers and Predators in the air to the troops on the ground.