Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Air Force Says Drone Virus Is No Threat

An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.

A virus that attacked the system that controls U.S. military drones was never an operational threat, but merely a "nuisance," the Air Force said late Wednesday.

The statement was the first official one from the U.S. military after Wired first reported of the virus last Friday.

The Air Force said it released the statement "to correct recent reporting" of the malware, which was being characterized as a real security threat to the flight of drone aircraft and difficult to contain. It was also reported that the virus may have removed data from Air Force classified and unclassified networks.

The Air Force said, however, that these depictions of the virus are false. The military was aware of the infection for some time and "control of our remotely piloted aircraft was never in question," said colonel Kathleen Cook, a spokesperson for Air Force Space Command, said in a statement.

[The feds are revamping their approach to fighting national security threats. Learn more: Homeland Security Revamps Cyber Arm.]

The Air Force confirmed that on Sept. 15 it first detected malware on portable hard drives that were approved for use at Creech Air Force Base for transferring information between systems. Creech is the homebase for the military's Predator drone, the missions of which originate there.

Although reports said the malware was a keylogger--which remotely and covertly tracks the keystrokes someone makes on a computer--the Air Force said it was not. Instead, it was a credential stealer found routinely on computer networks, and was detected running on a Windows-based standalone mission-support network.

Moreover, the system that was infected was separate from the flight control system that Air Force pilots use to fly drones remotely, according to the Air Force. Reports said the virus was affecting the flight system, but the military said that the ability to fly aircraft "remained secure throughout the incident."

The virus also was not the type to transmit data or video, nor was it "designed to corrupt data, files, or programs on the infected computer," according to the Air Force.

The Air Force quickly isolated the virus with standard security tools and began a forensic process to find its origin and clean any system that was infected, it said.

Still, the virus raises questions about the security of the U.S. military's drones, which have become a widely used weapon of choice in its engagements in Afghanistan, Iraq, and Pakistan, both for intelligence and military missions. In the past, Iraqi militants were able to intercept live video feeds from drone aircraft.

The Air Force will stay on top of the incident and "continue to strengthen our cyber defenses" with updates to its antivirus software and other methods, Cook said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/13/2011 | 7:22:25 PM
re: Air Force Says Drone Virus Is No Threat
I'd feel a lot better if they seemed to be taking this seriously as opposed to the standard "nothing to see here, please move along" that this answer seems to be. There's a way to say that the threat isn't as serious as it has been depicted while still showing that you are taking it seriously. This doesn't seem to be that kind of answer.
And, oh yeah, in the movies, isn't it just right after the government says something like this is no big deal that the bad guys take over.

DonnaFields44D
50%
50%
DonnaFields44D,
User Rank: Apprentice
10/13/2011 | 5:26:38 PM
re: Air Force Says Drone Virus Is No Threat
Oh, It's just a "credential stealer", not a "key logger" that somehow broke into your military system without your knowledge.

That's no problem then.
ThePrisoner6
50%
50%
ThePrisoner6,
User Rank: Apprentice
10/13/2011 | 5:00:59 PM
re: Air Force Says Drone Virus Is No Threat
The simple fact that a U.S. government weapon has been infiltrated in any way by a computer virus begs the question: If a "benign" virus can infiltrate a government weapons system, what else could corrupt Government Weapons systems, and how vulnerable might they be to outside intrusion? One would hope that the government would not consider this to be merely a "nuisance". The next attack could be engineered with the specific intent to disable and/or hijack government weapons systems. War Games, anyone?
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/13/2011 | 4:57:02 PM
re: Air Force Says Drone Virus Is No Threat
Just wipe and re-install.
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17274
PUBLISHED: 2020-02-26
NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.
CVE-2019-17275
PUBLISHED: 2020-02-26
OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.
CVE-2020-3169
PUBLISHED: 2020-02-26
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a spe...
CVE-2020-3170
PUBLISHED: 2020-02-26
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could expl...
CVE-2020-3171
PUBLISHED: 2020-02-26
A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input vali...