Slashdot Mirror
US Drone Fleet Hit By Computer Virus
New submitter Golgafrinchan passes along this quote from an article at Wired:
"A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military's most important weapons system.'"
Don't run windoze on bombs!
Or aircraft carriers!
Will we never learn??
i think so ...
This could just be the drones following their human pilots for when the drones start flying themselves. #skynet
Al-Azawi (or whatever his name is), probably put the virus there to fake his death via drones.
He is probably sitting sipping tea with the Pakistani PM having a good laugh as we read this.
Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?
Yes, they would have to do updates manually, and it's a low risk situation, but it is a prime target for foreign adversaries and allies alike.
Don't know something? Look it up. Still don't know? Then ask.
The operating system should be embedded on a read only chip in these things. It's ridiculous to leave something like this vulnerable to a virus. It's aggravating to have to change the chip every time you want to upgrade but it's the best way of being sure it's secure. The system should be read only.
Look for Apple's iBomb to be delivered in time for Christmas to address these concerns.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."
How else would an emergent intelligence learn to take over our weapons so it could use them against us. It has to watch!
When they say the drones were infected, what they mean is that the computers controlling the drones (located in the US and which are, apparently, running Windows...) were infected with a keylogger, probably spread through flash drives. Whether this actually compromises security at all is unknown (keyloggers generally assume you are connected to the Internet, which these computers aren't.) They don't have much security on the drone computers because they aren't hooked up to the Internet, and they would (apparently) rather educate their users than bother with antivirus, for whatever reason (although they do have a security system on the network which detected the virus. I would imagine it also should have stopped the virus).
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
A virus on those computers is one step away from assuming control, assuming someone writes such a virus. Think stuxnet but with drones instead of centrifuges. Drones loaded with air-to-ground missiles, that is...
Virus? Should have used a Mac... although of course then it would have cost the military twice as much and they'd be forced to buy their ammunition from Apple.
"That's the way to do it" - Punch
So I am betting that the manufacturer got hit, and had the virus infect them at the factory, possibly installing itself as an 'update'.
It should not be that hard to remove - wipe and revert to an earlier version.
Unless of course they lost the earlier versiosn.
excitingthingstodo.blogspot.com
Skynet IS the virus!
Weaselmancer
rediculous.
Ok, so you get some interns in a room and ask them to draw on the whiteboard the things to consider when designing a remote controlled killer robot.
What do you suppose the FIRST thing any intern is going to write up there in terms of things you need to worry about?
Make SURE the enemy can't hack your robots and turn them against you!
Well, when you start writing up how to accomplish that, you would want
1. A completely secure system for authenticating commands sent from the control system. The only form of encryption that is completely secure is one time pad.
2. NO POSSIBLE WAY for someone to load viruses or gain access to the control system!!! That means NO network access to anything but the systems that send and receive signals from the drone! And one heck of a hardware filter on those information packets!
from our DOD clients because of this happy horse***t. We had one site where someone was
tired of waiting for files to transfer, pulled the screwed-on cover over the usb ports, and infected
the entire room of um- pcs with a virus. We just installed our first Linux server for the product
line this week. Luckily most of it is implemented in java, so except for wrapping it up in an
rpm and getting the init.d scripts squared away there's not much to do.
I bet the operators are hosting a Deathmatch league.
You'd think they'd have enough with the day job!
The big problem is that the drones keep ordering refueling boom enlargement kits, and four of them tried to fly to Nigeria to collect on a half-million gallons of jet fuel that was left there by a former Minister of Aviation.
This post contains no rudeness or derision of any kind. All arguments are friendly. Terms and exclusions may apply.
These drones are so vulnerable, their use in combat is totally laughable. Iraqi insurgents could intercept their communications with $26 software! Two years ago! Their shit is apparently totally unencrypted, and as such, has now been exploited to the point where they are now able to infiltrate the control software.
http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hp_us_mostpop_read
Next thing you know, these guys will turn the whole damn fleet of drones against us. Just what I wanted my tax dollars going toward, free fucking aerial suicide bombers for al Qaeda, drug cartels, and script kiddies.
...of military security holes'n'breaches.
It definetly deserves a read, or at least a glimpse. It's not just stuxnet and finely crafted computer warfare, it may be plain old viruses and tojans we deal with every day.
No, I sincerely doubt this is some mysterious computer intelligence taking over our military.
BUT... this is clearly the path to skynet. What we are seeing is what pretty much all of us already understood: when you have increasingly autonomous killbots, disaster becomes a question of "when" not "if."
This isn't exactly a new attack vector. Banks don't let people plug removable drives into sensitive systems - why does the US government?
You know what happened - either Joe private plugged his private pr0n collection into a classified computer, or else he took a classified drive home to use privately. Either was, really bad news.
If you've just got to have removable storage, then you pay for special connectors, so they are incompatible with anything else. Then you cast the guts in epoxy, so no solder jockey can change out the connector. This is not rocket science.
Enjoy life! This is not a dress rehearsal.
At least, that's the word on the street.
Please do not read this sig. Thank you.
It seems like there's this cultural attitude out there that cybersecurity (hate that term) is a bit of an overblown joke, and that the worst malicious agents could do is steal our nation's porn collection or some such. Really, between stuxnet and now this, I really hope that people take home the message that targeted computer security threats can do a lot of damage in the national-security sense.
I really would be surprised if it turns out that this looks like it was developed by insert-country-that-doesn't-like-the-US-here. Iran, dicking with the US for giving them stuxnet springs to mind.
Of course, it could have also been some service member who was adding material to the national pornstash who's responsible.
So the drones run Windows? We're SOOOO doomed.
Doooomed!
It's easy enough to fix. All you have to do is shut down the drones, flush the systems, and then restore from the protected archives in the core!
Nope never ever would I have expected the deployment of remote controlled anything to become suseptible to tamper. I also would have never ever expect the MIC to come up with anything other than hardened systems especially when human lives are on the line. This must have been a fluke...
Two of my imaginary friends reproduced once
"In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives."
Sometimes we have an amazingly high-tech military. Sometimes we have 18-year-olds following virus removal steps from an AV vendor's website.
Compare the effort put into Stuxnet to target Iranian nuclear facilities to the effort needed to infect the drone fleet.
Well to be fair, they called the helpdesk but some dude there told them "I am thinking you are needing to be reinstalling your windows. What version of Windows are you running?" At which point they hung up.
These systems should be designed read only, when operating. Every process identified and whitelisted. I mean really do you want a virus to be able to fire off a TOW missle?
hmm..
For every benefit you receive a tax is levied. - Ralph Waldo Emerson
They're probably using a version of MS Flight Simulator as the base for their control application.
My bet is the virus is on the clone image for their machines. Too many clone image makers don't do the paranoid clean-room thing.
Let's get past the pro/anti Windows bias just for a moment. Clear your mind, see operating systems just as operating systems and not religion.
Now, if most (certainly not all, but most) computer virii were written for a particular OS, why would you use that OS in a secure surveillance or weapons application? Why would you not specify an OS that did the job, but had far fewer (or no) viruses already out in the wild? Wouldn't that go further towards avoiding infection than procedures regarding removable drives and other media that will inevitably be circumvented?
Moreover, if said OS happened not to have support for modern codecs, wouldn't that make it less likely that operators would try to view porn, ur, contraband, um, unauthorized materials on same?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Anyone else read only " Infected cockpit of american predators"
All your drone are belong to us.
Whether or not those computers run Windows is not the issue. The issue is, how on Earth did that virus get on specialized and restricted US military control systems?
So in The Terminator, humanity is destroyed when the power-mad AI "Skynet" launches nuclear missiles. That's been the popular conception of computer-driven destruction ever since.
Here we have computers controlling flying killer robots. Said computers have been compromised by malware. This was detected weeks ago, the malware is still a threat, and they're still flying them .
I'm starting to really believe that WarGames will be the more accurate prediction. Humanity won't be destroyed by machines which try to take our place. Humanity will be destroyed when some punk teenager hacks into a weapons system and pushes the wrong button.
$DEITY help us.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
box of Kleenex $4
USB key $5
Satellite military uplink $150/hr
Hellfire missile $68,000
Predator MQ-1 Drone, $40 million
Being able to rain firey death from 10,000km away onto unsuspecting Afghan targets while a the same time masturbating on the internet: priceless
Seven puppies were harmed during the making of this post.
Now they have an excuse to attack anybody
They can be hacked...
Each pilot sits in a small room with a rack full of gear wheezing away all day? Eech. This is why I don't move my desk into an IDF closet.
I remember hearing an interview on NPR not more than a few weeks ago which raised this exact issue, and in which it was brushed aside as utterly impossible, of course... "We have AIR GAPS, nothing can cross the air gaps!" Or something to that effect. I think they were talking about the video interception at the time. Meanwhile, they could ask Pfc Manning about how much information crosses the vaunted air gaps in military networks.
I like music
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection
Unintentional pun . . . ? I think not!
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
To be fair to the hardworking acquisition troops in DoD, the Predator and Reaper were demonstrated and fielded through a short-cut process for fielding new capabilities quickly. When the normally thorough system design process is "streamlined" (or bypassed) to rapidly field a new capability, bad stuff can and does happen. Thus, the acquisition axiom, 'When you want it real bad, that's usually how you get it." As an example, of all the recorded predator losses through 2009, only ~3% were lost to enemy action (i.e., shot down). That means that rest crashed for other reasons like design flaws, equipment failure and pilot error. Not exactly what they projected for expected losses.
Commanders in the field are willing to accept risks to get a capability faster, but those risks are not always easy to predict, as this virus issue shows. For the GCS, the virus updates, map updates and any other software updates would have to be transferred from Internet connected systems. Media screening procedures were certainly put in place. It is a sub-opitimal solution, but not a tremendous risk given the system's isolation and controls in place. This event was, most likely, a process violation that led to an MBR infection, vice a system failure. In some cases risks are easier to predict, such as lack of logistics support for newly fielded systems that have not gone through a detailed logistics analysis and planning phase. The loggies then have to play catch up on supply chain, maintenance training, sparing levels and supportability planning.
To be fair to the accelerated processes, they meet a very real need to improve mission capability quickly. Balancing risk vs capability must prioritize those that choose to go forth and fight the war.
Invenio via vel creo
"Infected via flash drives." "Educate the user."
Oh bullshit! Never, _ever_ trust a user.
Seriously, I worked IT at a call center. The first thing you did with the machines when they came in was log in to the BIOS, disable ports like COM & USB, and set a BIOS password. If the thing was shipped to us with a floppy or cd/dvd drive (they were ordered bare but sometimes Gateway f-d up), we would remove the hardware before putting them in service. They were also imaged for whatever floor they were scheduled to be on (outsourced call center - Comcast, ATT&T, Sprint, Hughes Sat.) and out they went.
Once, a Bell South supervisor memo'd and called upper management and said he had to have USB to save and transfer reports, etc. And BOOM, a virus went through the Bell South floor like shit through a goose. That was the end of "educating the user."
Never, ever trust a luser.
I'm not really a web designer, I just play one on the Internet.
http://www.youtube.com/watch?v=rX7wtNOkuHo
Seriously, how lame do you have to be before the group you trust for national defense can't even defeat a computer virus that's on a controlled hardware platform? That's some bush league computer science there.
Maybe the reason the computers run windows is because some of the software they are using is something common, like a map program, which inevitably would have been written for windows. And if they aren't connected the the public internet, an antivirus program would have been unable to download its virus DB updates. Still, this is coming off looking very very bad. They followed the how-to on the kapersky website? Seriously that was their best move? Now they can't figure out why it's coming back? Everyone involved in this has huge egg on their face. They are coming off as supremely incompetent. Geez guys, pay me your government contractor rate to clean the place up. I'll run all the windows applications through wine or virtualbox in a linux environment, lock down network access with a fake proxy server, set up automatic daily software patches, and this will never happen again.
It's a weapons platform that's been compromised by mainstream malware. From that alone, the pooch is jolly well being gang-banged.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Did we learn nothing from Battlestar Galactica reboot?
Paul: Father... father, the sleeper has awakened! - Dune
Yes, its the rise of the machines fellow resistance fighters!
The only explanation for this is that those drone pilots were surfing porn in another window while their drones were on their way to and on the way back from bombing runs. Everyone knows that if you don't look at porn on your computer, you'll never get viruses or malware.
...would want you to believe ;)
Uh, Linux geek since 1999.
How many of the parts for these weapons systems have "Made in China" stamped on them? Or "made in Israel"? Or wherever. The entire world is out to infiltrate the U.S. military.
the growth in cynicism and rebellion has not been without cause
The problem may not be a virus. Maybe it's just some bad code that gets executed only when the drone is at a particular set of coordinates or needs to execute an extremely rare maneuver. It's probably written in some variant of C, Java, Perl, ....
you write your own OS for military hardware.
The Kruger Dunning explains most post on
Then use http://www.chkrootkit.org/
Oh, and apparently it is GPL software, too. http://www.net-security.org/software.php?id=210
Uh, Linux geek since 1999.
The presumption here seems to be that the keylogger was not intentionally installed. Perhaps this software installation is beyond the pay grade of the tech who spilled the beans of it's presence. If it where something of serious concern, certainly a superior who administers the teams, including tech support, would have given the issue more urgency.
So we have a keylogger that sends data to a location _not_ on the internet, rather some military location, installed on a classified computer. Certainly sounds like a special version of custom software doing something classified to me.
The real question is: Does this particular keylogger have additional features, maybe something that permits keypresses to be introduced remotely? Who else has control of the drones?
Normally I tend not to worry about the secrets of scary people.
TFA indicates that BCWipe was used to clean the infected hard drives. Although available on UNIX and Linux, most of BCWipe's features are targeted at Windows. This indicates the computers used by pilots to fly the drones are running Windows.
Just hoping that it doesn't insert keypresses as well as log them and start shooting at friendlies. Or fly across the border into China or Iran
People may want to get into the habit of booting from a 'rescue CD' with a known-clean kernel, boot system and system binaries. Then using the 'rescue CD' to scan the computer's hard drive copies of system and boot files.
It might also be a good idea to keep the listing of critical filenames and their checksums on remote media, too.
Uh, Linux geek since 1999.
Guess I'm not the only one that sees a lot of issues with poor security and remote controlled killing robots? If we can't even detect when people infiltrate our networks, what's to say we could figure out who uses our own weapons remotely against us?
I don't think poor cyber security and giant killing robots goes hand in hand.
I would bet that if you did not put in the title that you were going to get modded as a troll you wouldn't have.
I bet the mod who put you as troll just did it to fuck with you over your title. There was not a single point in your post that was troll'ish, not only that but what you said corresponds with most peoples viewpoint around here.
Don't know something? Look it up. Still don't know? Then ask.
Thanks. What I was going on is that one of the first posters said essentially the same thing (but in a more rude fashion) and did get modded troll. I thought the point was good even though the delivery was not, and decided to try the same point coaching my words more carefully than he did.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Gives that term a whole new meaning...
Skynet wants to learn to fly!
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
Take a look at the pic.
Goodbye Slashdot. You've changed.
Why not build a weapons platform from Lego's.
How can we not be surprised when off the shelf tech used as military attack machines are compromised. We must be still the most stupid intelligent race in the universe. When will we learn ?
They fly drones, some of them perhaps even armed, that are known to be infected witha virus? I don't believe this story. Not even the US military is that irresponsible...or are they?
I read Bruce Schneier's Secrets and Lies, and in one chapter, he describes different tiers of access controls, ranging from discretionary access control, as on Linux, Unix, and newer versions of Windows, to mandatory access control, based on the Bell-LaPadula model, which I can't imagine using for anything but narrowly defined tasks. In Schneier, and elsewhere I've read descriptions of the more restrictive access controls, I get the impression that there are decades of experience with implementing these systems, that sure, Linux or Windows are fine for kids playing games, but people doing anything important are using operating systems with security systems that make damned sure you're using your system only for its intended purpose.
And yet, as people pointed out above, the article points out that the IT staff was using malware removal advice from Kaspersky's public Website, which strongly implies that the infected systems are running some version of Windows and the malware is common.
So, if the US military isn't using strict access controls or other exceptionally strong security measures when the stakes are this high, if they're just using conventional operating systems that everyone uses, then who ever actually uses secure operating systems?
The infection is beginning! Shut down the drones before it's too late!
"I don't know what's scarier, the fact that these things run Windows, the fact that the ports weren't sealed off or the fact that some doofus who doesn't know how to check for Autorun viruses and/or wasn't a computer professional didn't see a problem with plugging a flash drive in there."
Was the server made in China? Hmm no conflict of interest there.
When the Chinese outsourced the premier's jet to the US, they were shocked it was bugged in 17 times over by the US government. It doesn't surprise me that China would do the same back to us. In fact, Reagan infected Soviet computer systems with rootkits sold to the Soviet Union causing severe economic damage to their satellites and petrol industries.
More than likely it has a rootkit running on the bios or video card that can't be removed. Someone mentioned the machine is not networked? If it is not networked then how does it send commands to the drones? My guess is the controller is probably carefully sending data to China or Russia as well and using a rootkit to hide it on the controller. China has the best spying agency in the world. They have been known to hack routers and systems to slowly and carefully download CAD drawings over time and then delete themselves without being noticed and being trace-less. They are very thorough and careful.
MozeeToby said it himself these are locked down systems with no hot pluggable media. I know contractors are fucked up but they do have to pass c1 and c2 certifications before winning any top secret contract.
http://saveie6.com/
Learning US drone tactics, in order to outsmart them?
Learning where the drones are, in order to avoid them?
Learning how they work, in order to help make their own (or help more advanced nations make their own) drone fleet?
These are the things I can think of. Any other ideas?
Can someone mod that post just plain wrong for me?
Don't know something? Look it up. Still don't know? Then ask.
This is pathetic.
Counterfeit Chinese ROMs.
I bet the information the virus is gettin looks something like this...
"waaaaawwwwdddsssssaaawwwddd"
Obviously defense initiatives with cute names.
I like how people pay for this and then try to look nice as in "we're the good guys".
Well, not with my money, ok? Next time it will be a French car -- again, for the 5th time. Or German...
Keep on being pro-war to see where it takes you, fools...
a combination of W A S D and SPACE keystrokes
There was an article back in 2009 about the Iraqis being able to use the Predator Cams and GPS to track them with a $26 program because the data streams being sent to and from the Drones wasn't well encrypted. Why couldn't they send a virus downstream? It would be pretty persistent if the Predators themselves were relaying the data.
Did some bean counter say lets produce them in China cuz they will be cheaper.
Are they suprised at the outcome?
Don't worry guys, the nukes are safe. For now.
Thanks. What I was going on is that one of the first posters said essentially the same thing (but in a more rude fashion) and did get modded troll. I thought the point was good even though the delivery was not, and decided to try the same point coaching my words more carefully than he did.
Eh, don't bother. When someone's cock feels a little short, they have to pick on someone. Just say what you're gonna say. :)
[,,,]
There's fewer viruses for other OS's, most likely owing to the lower install base of the same. Even black hats are interested in ROI.
Those are all girlie-man malware. Most of them written ten years ago and none which work on any distros less than 5-yrs old.