Slashdot Mirror
US Drone Fleet Hit By Computer Virus
New submitter Golgafrinchan passes along this quote from an article at Wired:
"A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military's most important weapons system.'"
Don't run windoze on bombs!
Or aircraft carriers!
Will we never learn??
This could just be the drones following their human pilots for when the drones start flying themselves. #skynet
Al-Azawi (or whatever his name is), probably put the virus there to fake his death via drones.
He is probably sitting sipping tea with the Pakistani PM having a good laugh as we read this.
Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?
Yes, they would have to do updates manually, and it's a low risk situation, but it is a prime target for foreign adversaries and allies alike.
Don't know something? Look it up. Still don't know? Then ask.
The operating system should be embedded on a read only chip in these things. It's ridiculous to leave something like this vulnerable to a virus. It's aggravating to have to change the chip every time you want to upgrade but it's the best way of being sure it's secure. The system should be read only.
Look for Apple's iBomb to be delivered in time for Christmas to address these concerns.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."
When they say the drones were infected, what they mean is that the computers controlling the drones (located in the US and which are, apparently, running Windows...) were infected with a keylogger, probably spread through flash drives. Whether this actually compromises security at all is unknown (keyloggers generally assume you are connected to the Internet, which these computers aren't.) They don't have much security on the drone computers because they aren't hooked up to the Internet, and they would (apparently) rather educate their users than bother with antivirus, for whatever reason (although they do have a security system on the network which detected the virus. I would imagine it also should have stopped the virus).
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
A virus on those computers is one step away from assuming control, assuming someone writes such a virus. Think stuxnet but with drones instead of centrifuges. Drones loaded with air-to-ground missiles, that is...
Virus? Should have used a Mac... although of course then it would have cost the military twice as much and they'd be forced to buy their ammunition from Apple.
"That's the way to do it" - Punch
So I am betting that the manufacturer got hit, and had the virus infect them at the factory, possibly installing itself as an 'update'.
It should not be that hard to remove - wipe and revert to an earlier version.
Unless of course they lost the earlier versiosn.
excitingthingstodo.blogspot.com
Skynet IS the virus!
Weaselmancer
rediculous.
Ok, so you get some interns in a room and ask them to draw on the whiteboard the things to consider when designing a remote controlled killer robot.
What do you suppose the FIRST thing any intern is going to write up there in terms of things you need to worry about?
Make SURE the enemy can't hack your robots and turn them against you!
Well, when you start writing up how to accomplish that, you would want
1. A completely secure system for authenticating commands sent from the control system. The only form of encryption that is completely secure is one time pad.
2. NO POSSIBLE WAY for someone to load viruses or gain access to the control system!!! That means NO network access to anything but the systems that send and receive signals from the drone! And one heck of a hardware filter on those information packets!
Doubt it, Israel is more likely. Even if they are one of our allies, I don't believe they are an ally we should trust completely, much like how we view China.
Besides, I doubt that Iran can get good quality help with something like this, especially since they would most likely have to know a good amount of how the internal security is set up. Russia isn't stupid enough to help them with something like this, neither is China.
Don't know something? Look it up. Still don't know? Then ask.
The big problem is that the drones keep ordering refueling boom enlargement kits, and four of them tried to fly to Nigeria to collect on a half-million gallons of jet fuel that was left there by a former Minister of Aviation.
This post contains no rudeness or derision of any kind. All arguments are friendly. Terms and exclusions may apply.
These drones are so vulnerable, their use in combat is totally laughable. Iraqi insurgents could intercept their communications with $26 software! Two years ago! Their shit is apparently totally unencrypted, and as such, has now been exploited to the point where they are now able to infiltrate the control software.
http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hp_us_mostpop_read
Next thing you know, these guys will turn the whole damn fleet of drones against us. Just what I wanted my tax dollars going toward, free fucking aerial suicide bombers for al Qaeda, drug cartels, and script kiddies.
...of military security holes'n'breaches.
It definetly deserves a read, or at least a glimpse. It's not just stuxnet and finely crafted computer warfare, it may be plain old viruses and tojans we deal with every day.
No, I sincerely doubt this is some mysterious computer intelligence taking over our military.
BUT... this is clearly the path to skynet. What we are seeing is what pretty much all of us already understood: when you have increasingly autonomous killbots, disaster becomes a question of "when" not "if."
This isn't exactly a new attack vector. Banks don't let people plug removable drives into sensitive systems - why does the US government?
You know what happened - either Joe private plugged his private pr0n collection into a classified computer, or else he took a classified drive home to use privately. Either was, really bad news.
If you've just got to have removable storage, then you pay for special connectors, so they are incompatible with anything else. Then you cast the guts in epoxy, so no solder jockey can change out the connector. This is not rocket science.
Enjoy life! This is not a dress rehearsal.
At least, that's the word on the street.
Please do not read this sig. Thank you.
It seems like there's this cultural attitude out there that cybersecurity (hate that term) is a bit of an overblown joke, and that the worst malicious agents could do is steal our nation's porn collection or some such. Really, between stuxnet and now this, I really hope that people take home the message that targeted computer security threats can do a lot of damage in the national-security sense.
I really would be surprised if it turns out that this looks like it was developed by insert-country-that-doesn't-like-the-US-here. Iran, dicking with the US for giving them stuxnet springs to mind.
Of course, it could have also been some service member who was adding material to the national pornstash who's responsible.
It's easy enough to fix. All you have to do is shut down the drones, flush the systems, and then restore from the protected archives in the core!
Nope never ever would I have expected the deployment of remote controlled anything to become suseptible to tamper. I also would have never ever expect the MIC to come up with anything other than hardened systems especially when human lives are on the line. This must have been a fluke...
Two of my imaginary friends reproduced once
hmm..
For every benefit you receive a tax is levied. - Ralph Waldo Emerson
They're probably using a version of MS Flight Simulator as the base for their control application.
My bet is the virus is on the clone image for their machines. Too many clone image makers don't do the paranoid clean-room thing.
Let's get past the pro/anti Windows bias just for a moment. Clear your mind, see operating systems just as operating systems and not religion.
Now, if most (certainly not all, but most) computer virii were written for a particular OS, why would you use that OS in a secure surveillance or weapons application? Why would you not specify an OS that did the job, but had far fewer (or no) viruses already out in the wild? Wouldn't that go further towards avoiding infection than procedures regarding removable drives and other media that will inevitably be circumvented?
Moreover, if said OS happened not to have support for modern codecs, wouldn't that make it less likely that operators would try to view porn, ur, contraband, um, unauthorized materials on same?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Whether or not those computers run Windows is not the issue. The issue is, how on Earth did that virus get on specialized and restricted US military control systems?
I doubt that Iran can get good quality help with something like this
Really? You don't think with the resources of an oil rich country that they couldn't buy someone domestic or foreign to do it for them? Are you retarded or just still asleep or something?
I'm not saying they did it, but you can't think that way about countries of any size at all, at that level all of them have enough resources to buy someone capable of doing it, or just kidnapping them and forcing them to do it without money. Most of the guys who write botnet software would more than likely be all over this opportunity, they clearly don't mind the moral implications.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
So in The Terminator, humanity is destroyed when the power-mad AI "Skynet" launches nuclear missiles. That's been the popular conception of computer-driven destruction ever since.
Here we have computers controlling flying killer robots. Said computers have been compromised by malware. This was detected weeks ago, the malware is still a threat, and they're still flying them .
I'm starting to really believe that WarGames will be the more accurate prediction. Humanity won't be destroyed by machines which try to take our place. Humanity will be destroyed when some punk teenager hacks into a weapons system and pushes the wrong button.
$DEITY help us.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
box of Kleenex $4
USB key $5
Satellite military uplink $150/hr
Hellfire missile $68,000
Predator MQ-1 Drone, $40 million
Being able to rain firey death from 10,000km away onto unsuspecting Afghan targets while a the same time masturbating on the internet: priceless
Seven puppies were harmed during the making of this post.
They can be hacked...
Each pilot sits in a small room with a rack full of gear wheezing away all day? Eech. This is why I don't move my desk into an IDF closet.
I remember hearing an interview on NPR not more than a few weeks ago which raised this exact issue, and in which it was brushed aside as utterly impossible, of course... "We have AIR GAPS, nothing can cross the air gaps!" Or something to that effect. I think they were talking about the video interception at the time. Meanwhile, they could ask Pfc Manning about how much information crosses the vaunted air gaps in military networks.
I like music
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection
Unintentional pun . . . ? I think not!
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
To be fair to the hardworking acquisition troops in DoD, the Predator and Reaper were demonstrated and fielded through a short-cut process for fielding new capabilities quickly. When the normally thorough system design process is "streamlined" (or bypassed) to rapidly field a new capability, bad stuff can and does happen. Thus, the acquisition axiom, 'When you want it real bad, that's usually how you get it." As an example, of all the recorded predator losses through 2009, only ~3% were lost to enemy action (i.e., shot down). That means that rest crashed for other reasons like design flaws, equipment failure and pilot error. Not exactly what they projected for expected losses.
Commanders in the field are willing to accept risks to get a capability faster, but those risks are not always easy to predict, as this virus issue shows. For the GCS, the virus updates, map updates and any other software updates would have to be transferred from Internet connected systems. Media screening procedures were certainly put in place. It is a sub-opitimal solution, but not a tremendous risk given the system's isolation and controls in place. This event was, most likely, a process violation that led to an MBR infection, vice a system failure. In some cases risks are easier to predict, such as lack of logistics support for newly fielded systems that have not gone through a detailed logistics analysis and planning phase. The loggies then have to play catch up on supply chain, maintenance training, sparing levels and supportability planning.
To be fair to the accelerated processes, they meet a very real need to improve mission capability quickly. Balancing risk vs capability must prioritize those that choose to go forth and fight the war.
Invenio via vel creo
"Infected via flash drives." "Educate the user."
Oh bullshit! Never, _ever_ trust a user.
Seriously, I worked IT at a call center. The first thing you did with the machines when they came in was log in to the BIOS, disable ports like COM & USB, and set a BIOS password. If the thing was shipped to us with a floppy or cd/dvd drive (they were ordered bare but sometimes Gateway f-d up), we would remove the hardware before putting them in service. They were also imaged for whatever floor they were scheduled to be on (outsourced call center - Comcast, ATT&T, Sprint, Hughes Sat.) and out they went.
Once, a Bell South supervisor memo'd and called upper management and said he had to have USB to save and transfer reports, etc. And BOOM, a virus went through the Bell South floor like shit through a goose. That was the end of "educating the user."
Never, ever trust a luser.
I'm not really a web designer, I just play one on the Internet.
Maybe the reason the computers run windows is because some of the software they are using is something common, like a map program, which inevitably would have been written for windows. And if they aren't connected the the public internet, an antivirus program would have been unable to download its virus DB updates. Still, this is coming off looking very very bad. They followed the how-to on the kapersky website? Seriously that was their best move? Now they can't figure out why it's coming back? Everyone involved in this has huge egg on their face. They are coming off as supremely incompetent. Geez guys, pay me your government contractor rate to clean the place up. I'll run all the windows applications through wine or virtualbox in a linux environment, lock down network access with a fake proxy server, set up automatic daily software patches, and this will never happen again.
It's a weapons platform that's been compromised by mainstream malware. From that alone, the pooch is jolly well being gang-banged.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
They chased the motivated, volunteer geeks away during the 1990s because their actual AFSCs were other career fields.
Most AF computer maintainers are essentially Admin paper-pushers at the lower levels.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Yes, its the rise of the machines fellow resistance fighters!
The only explanation for this is that those drone pilots were surfing porn in another window while their drones were on their way to and on the way back from bombing runs. Everyone knows that if you don't look at porn on your computer, you'll never get viruses or malware.
...would want you to believe ;)
Uh, Linux geek since 1999.
How many of the parts for these weapons systems have "Made in China" stamped on them? Or "made in Israel"? Or wherever. The entire world is out to infiltrate the U.S. military.
the growth in cynicism and rebellion has not been without cause
you write your own OS for military hardware.
The Kruger Dunning explains most post on
Then use http://www.chkrootkit.org/
Oh, and apparently it is GPL software, too. http://www.net-security.org/software.php?id=210
Uh, Linux geek since 1999.
TFA indicates that BCWipe was used to clean the infected hard drives. Although available on UNIX and Linux, most of BCWipe's features are targeted at Windows. This indicates the computers used by pilots to fly the drones are running Windows.
Just hoping that it doesn't insert keypresses as well as log them and start shooting at friendlies. Or fly across the border into China or Iran
People may want to get into the habit of booting from a 'rescue CD' with a known-clean kernel, boot system and system binaries. Then using the 'rescue CD' to scan the computer's hard drive copies of system and boot files.
It might also be a good idea to keep the listing of critical filenames and their checksums on remote media, too.
Uh, Linux geek since 1999.
Guess I'm not the only one that sees a lot of issues with poor security and remote controlled killing robots? If we can't even detect when people infiltrate our networks, what's to say we could figure out who uses our own weapons remotely against us?
I don't think poor cyber security and giant killing robots goes hand in hand.
I would bet that if you did not put in the title that you were going to get modded as a troll you wouldn't have.
I bet the mod who put you as troll just did it to fuck with you over your title. There was not a single point in your post that was troll'ish, not only that but what you said corresponds with most peoples viewpoint around here.
Don't know something? Look it up. Still don't know? Then ask.
I'm not sure it matters who it is. What matters is that if you can intercept a keystroke, you can inject one, and that if you log sequences you know command sequences. That knowledge never needs to go anywhere outside the virus - if the virus catalogs how to do X, Y and Z then an unauthorized user merely needs to tell the virus that it is to replay the sequence to do X, Y or Z. The user doesn't need to know anything other than what macro does what.
For most nations, it just doesn't make sense to do this with any current mission - that we know of, at least. Scripting a drone attack only makes sense if the drone has attacked a point that the person who wrote the virus will want to attack in the future. This is great if you're a nation defending against an attacker overrunning your positions, since you can get the attacker's weapons to attack the attacker. But no current target nation has the capacity for such a strategy and even if they did it would be pointless. It wouldn't be useful at all in Libya, for example, and the draw-down in Afghanistan means the probability of there ever being a meaningful target is next to zero.
Israel is a remote possibility - they've the knowledge - and there are doubtless drone surveillance missions that the Israelies could turn into attacks and keep plausible denial. However, it's exceedingly remote. Most of their threats don't distinguish between the US and Israel, so plausible denial is pointless, and they've enough support to be able to obtain all the US-made drones they want. There's no obvious added value.
The Mexican drug cartels are hampered by drones, but not usually by the high-end military ones, and being able to launch a replay would be absolutely pointless. If they were to have the kind of savvy needed, it would more likely go into a logic bomb that would cripple the drone. It's just possible they'd want to divert a drone to some site of theirs so that they could use it for their own purposes, but you'd not want a logger for that. Makes no sense. Besides which, if they had that kind of skill, they wouldn't need cheap cop drones.
China? Maybe, but again if they wanted a Predator they'd be better off with a logic bomb that disabled the radios and landed the UAV somewhere they could pick it up from. They wouldn't use loggers because there'd be nothing worth logging.
This isn't making sense. The story so far is too illogical. Those with the skills would be doing something different, those who want to do what is claimed don't have the skills.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'm not saying they did it, but you can't think that way about countries of any size at all
I am sure the Vatican would have no issues infiltrating US Military security, North Korea or Iran, not so much.
Iran can pay all the coders they like, but if they do not know how the security is set up and what precautions to take then they will not be effective. That requires inside intel, which is something I don't think Iran will get on it's own. Yes, China has proven again and again that they can get inside the US Military networks, Iran on the other hand still hasn't figured out how to get Stuxnet off their own computers.
Don't know something? Look it up. Still don't know? Then ask.
Thanks. What I was going on is that one of the first posters said essentially the same thing (but in a more rude fashion) and did get modded troll. I thought the point was good even though the delivery was not, and decided to try the same point coaching my words more carefully than he did.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
It's always possible that this isn't a deliberate targeted attack at all; it could even just be that someone inadvertently used a removable drive that already happened to have a keylogger on it. This would probably be the best case scenario of course. I find it a little odd is that they're having trouble removing it though.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Gives that term a whole new meaning...
Military drones would presumably use something like Windows CE. (Non-classified drones do, from what little experience I have in the field.) Which, to be fair, would likely run a reasonable range of Windows programs. However, it's not fully compatible and cross-compilers are something of a necessity. It's possible it could be a generic binary but I'm going to guess that a custom build is the more likely.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Skynet wants to learn to fly!
"GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"
Take a look at the pic.
Goodbye Slashdot. You've changed.
Why not build a weapons platform from Lego's.
How can we not be surprised when off the shelf tech used as military attack machines are compromised. We must be still the most stupid intelligent race in the universe. When will we learn ?
**It's always possible that this isn't a deliberate targeted attack at all;**
I'm thinking that you are correct.. I doubt that drone control is done through the Comcast or Verizon at Area 54 and thence to the Internet. More likely communications are through secure satellite links. Injecting a virus via such a link is likely to be something of a challenge. It's possible that some governments could do that, but why would they go to all that trouble to load a common virus? OTOH accidentally loading a virus from a flash drive seems pretty straightforward. Who knows, it could have come from another secure facility -- secret software, and -- as a bonus -- a rootkit.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
They fly drones, some of them perhaps even armed, that are known to be infected witha virus? I don't believe this story. Not even the US military is that irresponsible...or are they?
I read Bruce Schneier's Secrets and Lies, and in one chapter, he describes different tiers of access controls, ranging from discretionary access control, as on Linux, Unix, and newer versions of Windows, to mandatory access control, based on the Bell-LaPadula model, which I can't imagine using for anything but narrowly defined tasks. In Schneier, and elsewhere I've read descriptions of the more restrictive access controls, I get the impression that there are decades of experience with implementing these systems, that sure, Linux or Windows are fine for kids playing games, but people doing anything important are using operating systems with security systems that make damned sure you're using your system only for its intended purpose.
And yet, as people pointed out above, the article points out that the IT staff was using malware removal advice from Kaspersky's public Website, which strongly implies that the infected systems are running some version of Windows and the malware is common.
So, if the US military isn't using strict access controls or other exceptionally strong security measures when the stakes are this high, if they're just using conventional operating systems that everyone uses, then who ever actually uses secure operating systems?
"I don't know what's scarier, the fact that these things run Windows, the fact that the ports weren't sealed off or the fact that some doofus who doesn't know how to check for Autorun viruses and/or wasn't a computer professional didn't see a problem with plugging a flash drive in there."
Was the server made in China? Hmm no conflict of interest there.
When the Chinese outsourced the premier's jet to the US, they were shocked it was bugged in 17 times over by the US government. It doesn't surprise me that China would do the same back to us. In fact, Reagan infected Soviet computer systems with rootkits sold to the Soviet Union causing severe economic damage to their satellites and petrol industries.
More than likely it has a rootkit running on the bios or video card that can't be removed. Someone mentioned the machine is not networked? If it is not networked then how does it send commands to the drones? My guess is the controller is probably carefully sending data to China or Russia as well and using a rootkit to hide it on the controller. China has the best spying agency in the world. They have been known to hack routers and systems to slowly and carefully download CAD drawings over time and then delete themselves without being noticed and being trace-less. They are very thorough and careful.
MozeeToby said it himself these are locked down systems with no hot pluggable media. I know contractors are fucked up but they do have to pass c1 and c2 certifications before winning any top secret contract.
http://saveie6.com/
Learning US drone tactics, in order to outsmart them?
Learning where the drones are, in order to avoid them?
Learning how they work, in order to help make their own (or help more advanced nations make their own) drone fleet?
These are the things I can think of. Any other ideas?
Can someone mod that post just plain wrong for me?
Don't know something? Look it up. Still don't know? Then ask.
This is pathetic.
This isn't making sense. The story so far is too illogical.
I think you need to get out more. Perhaps, go see a movie. I'd suggest that one that's based on a Tom Clancy novel about some Palestinians digging up an Israeli "Broken Arrow" nuke, who then sell it to a mercenary arms dealer, who then sells it to a megolomaniac Russian ...
Get the idea? !@#$ like this doesn't make sense in the first place. Strapping Hellfire missiles onto UAVs whose comm channels are transmitted in the clear? Who comes up with !@#$ like that, outside Hollywood? Well, apparently, DoD contractors!
Honestly, I've seriously considered far less plausible courses of action in my time, even pulled off a couple. Thankfully, my stuff doesn't kill people.
Then again, I may be fixating a bit too much on that comment above mentioning something about morality. I don't think morality has anything to do with this discussion. Once you're strapping bombs to flying robots running unprotected software, that kind of goes out the window, no pun intended.
"Tongue tied and twisted, just an Earth bound misfit
There was an article back in 2009 about the Iraqis being able to use the Predator Cams and GPS to track them with a $26 program because the data streams being sent to and from the Drones wasn't well encrypted. Why couldn't they send a virus downstream? It would be pretty persistent if the Predators themselves were relaying the data.
maybe systems areon different hw,like canbus in your car, e.g. messing with the steteo's bus doesn't set the airbags off?
sag
Don't worry guys, the nukes are safe. For now.
[,,,]
There's fewer viruses for other OS's, most likely owing to the lower install base of the same. Even black hats are interested in ROI.
Those are all girlie-man malware. Most of them written ten years ago and none which work on any distros less than 5-yrs old.
Doubt it, Israel is more likely. Even if they are one of our allies, I don't believe they are an ally we should trust completely, much like how we view China.
Yeah, it's not like they have spied on us before.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)