Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Air Force Says Drone Virus Is No Threat

An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.

A virus that attacked the system that controls U.S. military drones was never an operational threat, but merely a "nuisance," the Air Force said late Wednesday.

The statement was the first official one from the U.S. military after Wired first reported of the virus last Friday.

The Air Force said it released the statement "to correct recent reporting" of the malware, which was being characterized as a real security threat to the flight of drone aircraft and difficult to contain. It was also reported that the virus may have removed data from Air Force classified and unclassified networks.

The Air Force said, however, that these depictions of the virus are false. The military was aware of the infection for some time and "control of our remotely piloted aircraft was never in question," said colonel Kathleen Cook, a spokesperson for Air Force Space Command, said in a statement.

[The feds are revamping their approach to fighting national security threats. Learn more: Homeland Security Revamps Cyber Arm.]

The Air Force confirmed that on Sept. 15 it first detected malware on portable hard drives that were approved for use at Creech Air Force Base for transferring information between systems. Creech is the homebase for the military's Predator drone, the missions of which originate there.

Although reports said the malware was a keylogger--which remotely and covertly tracks the keystrokes someone makes on a computer--the Air Force said it was not. Instead, it was a credential stealer found routinely on computer networks, and was detected running on a Windows-based standalone mission-support network.

Moreover, the system that was infected was separate from the flight control system that Air Force pilots use to fly drones remotely, according to the Air Force. Reports said the virus was affecting the flight system, but the military said that the ability to fly aircraft "remained secure throughout the incident."

The virus also was not the type to transmit data or video, nor was it "designed to corrupt data, files, or programs on the infected computer," according to the Air Force.

The Air Force quickly isolated the virus with standard security tools and began a forensic process to find its origin and clean any system that was infected, it said.

Still, the virus raises questions about the security of the U.S. military's drones, which have become a widely used weapon of choice in its engagements in Afghanistan, Iraq, and Pakistan, both for intelligence and military missions. In the past, Iraqi militants were able to intercept live video feeds from drone aircraft.

The Air Force will stay on top of the incident and "continue to strengthen our cyber defenses" with updates to its antivirus software and other methods, Cook said.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
10/13/2011 | 7:22:25 PM
re: Air Force Says Drone Virus Is No Threat
I'd feel a lot better if they seemed to be taking this seriously as opposed to the standard "nothing to see here, please move along" that this answer seems to be. There's a way to say that the threat isn't as serious as it has been depicted while still showing that you are taking it seriously. This doesn't seem to be that kind of answer.
And, oh yeah, in the movies, isn't it just right after the government says something like this is no big deal that the bad guys take over.

DonnaFields44D
50%
50%
DonnaFields44D,
User Rank: Apprentice
10/13/2011 | 5:26:38 PM
re: Air Force Says Drone Virus Is No Threat
Oh, It's just a "credential stealer", not a "key logger" that somehow broke into your military system without your knowledge.

That's no problem then.
ThePrisoner6
50%
50%
ThePrisoner6,
User Rank: Apprentice
10/13/2011 | 5:00:59 PM
re: Air Force Says Drone Virus Is No Threat
The simple fact that a U.S. government weapon has been infiltrated in any way by a computer virus begs the question: If a "benign" virus can infiltrate a government weapons system, what else could corrupt Government Weapons systems, and how vulnerable might they be to outside intrusion? One would hope that the government would not consider this to be merely a "nuisance". The next attack could be engineered with the specific intent to disable and/or hijack government weapons systems. War Games, anyone?
JBURT000
50%
50%
JBURT000,
User Rank: Apprentice
10/13/2011 | 4:57:02 PM
re: Air Force Says Drone Virus Is No Threat
Just wipe and re-install.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...