Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Drone Fleet Hit By Computer Virus

Posted by Soulskill on from the what-could-possibly-go-wrong dept.

New submitter Golgafrinchan passes along this quote from an article at Wired: "A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military's most important weapons system.'"

12 of 370 comments (clear)

  1. duh by Aighearach · · Score: 4, Insightful

    Don't run windoze on bombs!

    Or aircraft carriers!

    Will we never learn??

    1. Re:duh by fuzzyfuzzyfungus · · Score: 5, Insightful

      While your general point is valid: against targeted attackers the ratios for "desktops cracked, by platform" are pretty irrelevant"; there is more to it:

      A game console, many smartphones, tivos, etc. do checks of the OSes they run. If the signature doesn't check, the device doesn't boot. Better implemenations(newer xbox360s, for instance, pretty much have to be voltage glitched to get past that.

      If you are going to be strapping some hellfire missiles to something, you really, really shouldn't be running an OS/architecture so stock that desktop or corporate penetration and bug numbers are terribly relevant...

    2. Re:duh by BitZtream · · Score: 3, Insightful

      No, its really not. A rootkit would make TripWire thing the binaries had not been modified. Thats what rootkits do, they hide every trace of themselves so that they are undetectable. Or at least thats the theory, theres always a way to detect them but it usually (for good ones) requires scanning the data in a known clean machine.

      IDS systems don't work with the kernel tells the IDS that the file is the original and even delivers the original bytes to the IDS in order to fool it. The kernel returns the original data for any read of the file, any memory mapping attempt, anything you try to do to get it at the data other than what the rootkit wants you to do.

      Root kits make the kernel lie to an IDS, making it useless. You can't scan an infected machine by asking it for data (local app or network share, doesn't matter). You have to ask another known clean machine to do the scanning on the data directly without any other untrusted code in the process.

      Finally, the rootkit can also just make tripwire pretend to return ALL GOOD MASTER!.

      Please don't ever claim you know about security.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    3. Re:duh by Nefarious+Wheel · · Score: 4, Insightful

      If you were serious about platform security, you wouldn't be running on an OS at all. You'd have one single application that included its own device drivers. Costly, yes -- but also very secure if you write the lot yourself. Just don't open any doors at all.

      --
      Do not mock my vision of impractical footwear
  2. Talk about clueless IT by Anonymous Coward · · Score: 4, Insightful

    “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

    If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."

  3. Re:No anti-virus? by Nom+du+Keyboard · · Score: 3, Insightful

    Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?

    If these computers are never connected to the Internet, then how are they sending out the results of their logging?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  4. Military Intelligence by tmosley · · Score: 2, Insightful

    These drones are so vulnerable, their use in combat is totally laughable. Iraqi insurgents could intercept their communications with $26 software! Two years ago! Their shit is apparently totally unencrypted, and as such, has now been exploited to the point where they are now able to infiltrate the control software.

    http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hp_us_mostpop_read

    Next thing you know, these guys will turn the whole damn fleet of drones against us. Just what I wanted my tax dollars going toward, free fucking aerial suicide bombers for al Qaeda, drug cartels, and script kiddies.

  5. Other way around by Toe,+The · · Score: 4, Insightful

    No, I sincerely doubt this is some mysterious computer intelligence taking over our military.

    BUT... this is clearly the path to skynet. What we are seeing is what pretty much all of us already understood: when you have increasingly autonomous killbots, disaster becomes a question of "when" not "if."

  6. Spread by removable drives? How hard is this? by bradley13 · · Score: 4, Insightful

    This isn't exactly a new attack vector. Banks don't let people plug removable drives into sensitive systems - why does the US government?

    You know what happened - either Joe private plugged his private pr0n collection into a classified computer, or else he took a classified drive home to use privately. Either was, really bad news.

    If you've just got to have removable storage, then you pay for special connectors, so they are incompatible with anything else. Then you cast the guts in epoxy, so no solder jockey can change out the connector. This is not rocket science.

    --
    Enjoy life! This is not a dress rehearsal.
  7. Re:No anti-virus? by MozeeToby · · Score: 5, Insightful

    Unless someone really screwed the pooch, the results are never getting back to the virus writers. These computers are classified, that means no connection to the net, no writable media drives, many places even epoxy the USB ports so at least it's obvious if someone tries to use it. Specific steps are taken when moving data off them to prevent any data except what was requested is removed. At least, that is how it is in the private world working on classified material. Cases like Manning being able to get a dump of the entire international cable DB would indicate that the government holds itself to a much lower standard than it holds contractors.

  8. So here I go getting modded "troll"... by roc97007 · · Score: 1, Insightful

    Let's get past the pro/anti Windows bias just for a moment. Clear your mind, see operating systems just as operating systems and not religion.

    Now, if most (certainly not all, but most) computer virii were written for a particular OS, why would you use that OS in a secure surveillance or weapons application? Why would you not specify an OS that did the job, but had far fewer (or no) viruses already out in the wild? Wouldn't that go further towards avoiding infection than procedures regarding removable drives and other media that will inevitably be circumvented?

    Moreover, if said OS happened not to have support for modern codecs, wouldn't that make it less likely that operators would try to view porn, ur, contraband, um, unauthorized materials on same?

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  9. Re:No anti-virus? by mspohr · · Score: 1, Insightful

    If there's a virus, it must be Windows.

    --
    I don't read your sig. Why are you reading mine?