Slashdot Mirror
Air Force Comments On Drone Malware
wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."
I wonder if he was told he won the Slobobvian Lottery before he was hit.
A feeling of having made the same mistake before: Deja Foobar
A "feet of drones" is the proper collective noun only when they're on the ground. In the air they're known as a "bungle".
How can I believe you when you tell me what I don't want to hear?
Yeah, this makes much more sense. Didn't stop everyone from reporting that the drone fleet was infected with viruses when this first broke. I could be wrong but I'm fairly sure the Predator isn't running Windows 98 (or god help us all). I think those of us with some sense were wondering when the real story was going to break.
What kind of 'credential stealer' doesn't transmit data? Is it even stolen if not transmitted? Is this a DRM definition of 'stealing' that means copying?
Not that the Air Force isn't duty-bound to lie about this to reduce the escaping media Signal to safe Noise. I'm just wondering if there's a way their bedtime tale could make sense.
malware was found on portable hard drives approved for transferring information between systems.
Does that suggest that someone forgot to turn off auto-run? Or was it really only on the hard drive, and never actually infected the controlling computers?
"First they came for the slanderers and i said nothing."
{Insert oblig. Borg reference, mutated for originality}
----
All Your Bots Are Belong To Bob - Anon.
If a drone running Windows 98 is destroyed, is it okay to re-use the license key on a new one?
There's no -1 for "I don't get it."
I think they're usually called "officer."
My favorite quote from the article: “We continue to strengthen our cyber defenses, using the latest anti-virus software and other methods to protect Air Force resources and assure our ability to execute Air Force missions,” Cook said in a statement. “Continued education and training of all users will also help reduce the threat of malware to Department of Defense systems.” Why do I get the feeling that Norton/McAffee are offering their 'latest anti-virus software" to "strengthen our cyber defenses"...which will inevitably lead to a 2-4 year staged upgrade of all systems to bring them back up to their 'speeds' before they were "strengthened"..while software from ESET, VIPRE & AVAST are only found on the laptops of off duty personnel that have a clue. Given that DARPA sort of kickstarted this whole thing we're using these days you might think there'd be some military-grade software in use but I've yet to see any hint of that in any of the 'cybersecurity' discussions that find their way into our shared discussions on the 'tubes'.
Something very bad just happened. I just know it. Do you smell smoke?
Sounds an awful lot like media damage control to me. Downplaying the scale of the failure and misinforming the public once the full scale has became known and the utter mind-boggling disaster it was has became apparent. So far it was "We've got an embarassing problems", and now it became "If the press learns of the full scale, heads will fall like rain."
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Quite sophisticated. Found "on hard drives approved for transferring information between systems". I'm sure it's harmless though. No doubt the pilots surfing Facebook use a different code to log into the kill drones flying above our troops...right?
For in politics, as in religion, it is equally absurd to aim at making proselytes by fire and sword. - Publius
The implication is apparently that since it was only the ground control system, not the flight control system, there was no danger of the aircraft control being compromised. This is false. The ground control system is in fact in complete control of the aircraft, if it so chooses. The bottom line is, somebody should be put in the brig for allow Windows anywhere near a UAV.
Have you got your LWN subscription yet?
If the computers are really not connected to the Internet as I had read from the earlier articles, the virus can't send any information it captures nor can it receive commands. At most it could format their hard drive.
Why don't they allow only signed software that is on a whitelist to run on their computers?
Sure, whitelists are highly undesirable for ordinary consumers (to say the least..), but for the military or other domains with high security demands they seem to make sense to me. Shouldn't their software be audited and signed first anyway? Shouldn't they run a custom BIOS and an operating system that can check signatures before running code? Are there technical reasons against this?
Just wondering.
I bet they run Windows XP, and the frikken autorun.inf file was hacked.
This is a farce. Neither windows, nor linux or OS/X or commodity PC hardware should be let within 100 miles of these systems. Wtf are the military playing at? Is their trillion dollar budget not enough to afford some proper kit and in house software FFS?
"Remain calm, all is well."
Defense:Enterprise::Enterprise:User
hey, look, the drone is trying to communicate
The military has been told by GAO and OMB and other bean counters to use COTS --- it's also more expensive to get things developed on proprietary systems and that runs into single source issues.
Arguably everyone should use NSA's security-enhanced Linux:
http://www.nsa.gov/research/selinux/
Or similarly secured systems.
Sphinx of black quartz, judge my vow.
"It also underlines a fact I have known for years. Senior staff, officials, managers the political classes and military staff don't understand the technology at all."
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html ... There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."
"Military robots like drones are ironic because they are created essentially to force humans to work like robots in an industrialized social order. Why not just create industrial robots to do the work instead?
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
It's a trillion dollars WITH off-the-shelf software, and off-the-shelf software at least has some proving time in a hostile environment (i.e. the real world.) If the military or contractors had to write that stuff themselves, the cost would be 1000x higher. And it's not like it would be just more expensive up front... A custom OS means all custom drivers, for everything - video cards, monitors, I/O ports, keyboard... And every time you need to change hardware suppliers you get to add another few $M for rewriting and retesting them. They would also have a very tiny pool of developers to draw on for that kind of work, making it extremely expensive to staff projects. And there'd be little reason to suspect it would be any more secure. It certainly couldn't have the same level of billions of hours of field use. Like it or not, they have to play the same cost vs. risk analysis game that any corporation plays. Their tolerance for cost might be higher than some, but it's not infinite. They have to leverage off-the-shelf based solutions. However I would suggest that solutions must be based upon the most secure choices - like SELinux (now mostly incorporated into the mainstream kernel) with Mandatory Access Controls enabled, and restrictive whitelists of what can be executed, from where, and by whom. The kind of environment that would be unusable for a regular PC... Because it's not meant to be a regular PC!!!!!
BINGO! Policies that carry significant political political weight, especially when they become fashionable routes to swift approval, are especially prone to misunderstanding, misapplication, and imbalance between indented and unintended consequences. COTS, when misused as a panacea to achieve affordability, tends to not only be less affordable in the long run, but often leads to less effective solutions. The problem is that panaceas rarely are. Policies mindlessly pursued lead to poor results decoupled from original kernel of intent. There are certainly valid places for COTS, and valid reasons for nots.
All that the keylogger captured was a bunch of sequences of "IDDQD" and "IDKFA" typed over and over again.
Make the datalogger very infectious but otherwise look harmless.
The datalogger dumps the information back into someplace like say the portable hard drive that brought it into the secured area to begin with. It sets up shop and makes a gazillion copies of the data it was designed to ferret out but it does nothing but log the data.
Then the portable hard drive gets walked out of the building and used on other hosts, at least one of which is infected with a transmission vector which picks up the payload and forwards it to somewhere else.
The transmission vector doesn't have to be ubiquitous or virulent because that would be very easy to catch. All it needs to be is patient and wait for someone to deliver a suitable payload from any datalogger created to interface with it. The datalogger(s) will always look harmless because they can't even transmit the information on their own and the transmitter will look harmless since it doesn't replicate aggressively or quickly and doesn't ever appear to do anything at all until it encounters an appropriate payload.
I just found out there's no such thing as the real world. It's just a lie you've got to rise above. - John Mayer
But if the offending piece of malware was on an NTFS file system, and accessed the ADS, hundreds of megabytes worth of lifted data could be stored, and nobody would be the wiser unless they checked to see what kind of data was hidden if resource forking was implemented. Pray this isn't the case, because if it is, Victoria won't have too many secrets left.