Air Force Comments On Drone Malware

wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."

Whitewash

[Daniel+Phillips]

The implication is apparently that since it was only the ground control system, not the flight control system, there was no danger of the aircraft control being compromised. This is false. The ground control system is in fact in complete control of the aircraft, if it so chooses. The bottom line is, somebody should be put in the brig for allow Windows anywhere near a UAV.

Re:Whitewash

[Kaedrin]

Wrong. Someone does however need to explain why systems like this don't have SRP (Software Restriction Policies) or AppLocker Policies enabled with a ridged white listing rule set.

Servers/Drones/etc like these should NEVER allow any account permission to run non-whitelisted applications. The fact is, barely any code should be allowed to execute, and itâ(TM)s completely inexcusable for them to not be using the whitelisting rules that are part of Windows/Active Directory. In an environment like this where there are ridged policies for doing practically anything related to production software, preventing rogue code execution should be mind boggling easy for one moderately skilled administrator.