Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Air Force Says Drone Virus Is No Threat

An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.

A virus that attacked the system that controls U.S. military drones was never an operational threat, but merely a "nuisance," the Air Force said late Wednesday.

The statement was the first official one from the U.S. military after Wired first reported of the virus last Friday.

The Air Force said it released the statement "to correct recent reporting" of the malware, which was being characterized as a real security threat to the flight of drone aircraft and difficult to contain. It was also reported that the virus may have removed data from Air Force classified and unclassified networks.

The Air Force said, however, that these depictions of the virus are false. The military was aware of the infection for some time and "control of our remotely piloted aircraft was never in question," said colonel Kathleen Cook, a spokesperson for Air Force Space Command, said in a statement.

[The feds are revamping their approach to fighting national security threats. Learn more: Homeland Security Revamps Cyber Arm.]

The Air Force confirmed that on Sept. 15 it first detected malware on portable hard drives that were approved for use at Creech Air Force Base for transferring information between systems. Creech is the homebase for the military's Predator drone, the missions of which originate there.

Although reports said the malware was a keylogger--which remotely and covertly tracks the keystrokes someone makes on a computer--the Air Force said it was not. Instead, it was a credential stealer found routinely on computer networks, and was detected running on a Windows-based standalone mission-support network.

Moreover, the system that was infected was separate from the flight control system that Air Force pilots use to fly drones remotely, according to the Air Force. Reports said the virus was affecting the flight system, but the military said that the ability to fly aircraft "remained secure throughout the incident."

The virus also was not the type to transmit data or video, nor was it "designed to corrupt data, files, or programs on the infected computer," according to the Air Force.

The Air Force quickly isolated the virus with standard security tools and began a forensic process to find its origin and clean any system that was infected, it said.

Still, the virus raises questions about the security of the U.S. military's drones, which have become a widely used weapon of choice in its engagements in Afghanistan, Iraq, and Pakistan, both for intelligence and military missions. In the past, Iraqi militants were able to intercept live video feeds from drone aircraft.

The Air Force will stay on top of the incident and "continue to strengthen our cyber defenses" with updates to its antivirus software and other methods, Cook said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/13/2011 | 7:22:25 PM
re: Air Force Says Drone Virus Is No Threat
I'd feel a lot better if they seemed to be taking this seriously as opposed to the standard "nothing to see here, please move along" that this answer seems to be. There's a way to say that the threat isn't as serious as it has been depicted while still showing that you are taking it seriously. This doesn't seem to be that kind of answer.
And, oh yeah, in the movies, isn't it just right after the government says something like this is no big deal that the bad guys take over.

DonnaFields44D
50%
50%
DonnaFields44D,
User Rank: Apprentice
10/13/2011 | 5:26:38 PM
re: Air Force Says Drone Virus Is No Threat
Oh, It's just a "credential stealer", not a "key logger" that somehow broke into your military system without your knowledge.

That's no problem then.
ThePrisoner6
50%
50%
ThePrisoner6,
User Rank: Apprentice
10/13/2011 | 5:00:59 PM
re: Air Force Says Drone Virus Is No Threat
The simple fact that a U.S. government weapon has been infiltrated in any way by a computer virus begs the question: If a "benign" virus can infiltrate a government weapons system, what else could corrupt Government Weapons systems, and how vulnerable might they be to outside intrusion? One would hope that the government would not consider this to be merely a "nuisance". The next attack could be engineered with the specific intent to disable and/or hijack government weapons systems. War Games, anyone?
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/13/2011 | 4:57:02 PM
re: Air Force Says Drone Virus Is No Threat
Just wipe and re-install.
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-19230
PUBLISHED: 2019-12-09
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.