Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Air Force Says Drone Virus Is No Threat

An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.

A virus that attacked the system that controls U.S. military drones was never an operational threat, but merely a "nuisance," the Air Force said late Wednesday.

The statement was the first official one from the U.S. military after Wired first reported of the virus last Friday.

The Air Force said it released the statement "to correct recent reporting" of the malware, which was being characterized as a real security threat to the flight of drone aircraft and difficult to contain. It was also reported that the virus may have removed data from Air Force classified and unclassified networks.

The Air Force said, however, that these depictions of the virus are false. The military was aware of the infection for some time and "control of our remotely piloted aircraft was never in question," said colonel Kathleen Cook, a spokesperson for Air Force Space Command, said in a statement.

[The feds are revamping their approach to fighting national security threats. Learn more: Homeland Security Revamps Cyber Arm.]

The Air Force confirmed that on Sept. 15 it first detected malware on portable hard drives that were approved for use at Creech Air Force Base for transferring information between systems. Creech is the homebase for the military's Predator drone, the missions of which originate there.

Although reports said the malware was a keylogger--which remotely and covertly tracks the keystrokes someone makes on a computer--the Air Force said it was not. Instead, it was a credential stealer found routinely on computer networks, and was detected running on a Windows-based standalone mission-support network.

Moreover, the system that was infected was separate from the flight control system that Air Force pilots use to fly drones remotely, according to the Air Force. Reports said the virus was affecting the flight system, but the military said that the ability to fly aircraft "remained secure throughout the incident."

The virus also was not the type to transmit data or video, nor was it "designed to corrupt data, files, or programs on the infected computer," according to the Air Force.

The Air Force quickly isolated the virus with standard security tools and began a forensic process to find its origin and clean any system that was infected, it said.

Still, the virus raises questions about the security of the U.S. military's drones, which have become a widely used weapon of choice in its engagements in Afghanistan, Iraq, and Pakistan, both for intelligence and military missions. In the past, Iraqi militants were able to intercept live video feeds from drone aircraft.

The Air Force will stay on top of the incident and "continue to strengthen our cyber defenses" with updates to its antivirus software and other methods, Cook said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/13/2011 | 7:22:25 PM
re: Air Force Says Drone Virus Is No Threat
I'd feel a lot better if they seemed to be taking this seriously as opposed to the standard "nothing to see here, please move along" that this answer seems to be. There's a way to say that the threat isn't as serious as it has been depicted while still showing that you are taking it seriously. This doesn't seem to be that kind of answer.
And, oh yeah, in the movies, isn't it just right after the government says something like this is no big deal that the bad guys take over.

DonnaFields44D
50%
50%
DonnaFields44D,
User Rank: Apprentice
10/13/2011 | 5:26:38 PM
re: Air Force Says Drone Virus Is No Threat
Oh, It's just a "credential stealer", not a "key logger" that somehow broke into your military system without your knowledge.

That's no problem then.
ThePrisoner6
50%
50%
ThePrisoner6,
User Rank: Apprentice
10/13/2011 | 5:00:59 PM
re: Air Force Says Drone Virus Is No Threat
The simple fact that a U.S. government weapon has been infiltrated in any way by a computer virus begs the question: If a "benign" virus can infiltrate a government weapons system, what else could corrupt Government Weapons systems, and how vulnerable might they be to outside intrusion? One would hope that the government would not consider this to be merely a "nuisance". The next attack could be engineered with the specific intent to disable and/or hijack government weapons systems. War Games, anyone?
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/13/2011 | 4:57:02 PM
re: Air Force Says Drone Virus Is No Threat
Just wipe and re-install.
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8105
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8106
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8058
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation coul...