Air Force Comments On Drone Malware

wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."

Possible typo.

[pushing-robot]

A "feet of drones" is the proper collective noun only when they're on the ground. In the air they're known as a "bungle".

Does this suggest

[phantomfive]

malware was found on portable hard drives approved for transferring information between systems.

Does that suggest that someone forgot to turn off auto-run? Or was it really only on the hard drive, and never actually infected the controlling computers?

Question!

[MrEricSir]

If a drone running Windows 98 is destroyed, is it okay to re-use the license key on a new one?

Re:Question!

[codepigeon]

Yes, but you still have to call the 1-800 number in india and let them know you don't have in installed on more than on drone in your household.

Whitewash

[Daniel+Phillips]

The implication is apparently that since it was only the ground control system, not the flight control system, there was no danger of the aircraft control being compromised. This is false. The ground control system is in fact in complete control of the aircraft, if it so chooses. The bottom line is, somebody should be put in the brig for allow Windows anywhere near a UAV.

Re:Whitewash

[Kaedrin]

Wrong. Someone does however need to explain why systems like this don't have SRP (Software Restriction Policies) or AppLocker Policies enabled with a ridged white listing rule set.

Servers/Drones/etc like these should NEVER allow any account permission to run non-whitelisted applications. The fact is, barely any code should be allowed to execute, and itâ(TM)s completely inexcusable for them to not be using the whitelisting rules that are part of Windows/Active Directory. In an environment like this where there are ridged policies for doing practically anything related to production software, preventing rogue code execution should be mind boggling easy for one moderately skilled administrator.

Re:How much longer consumer OSes on military syste

[WillAdams]

The military has been told by GAO and OMB and other bean counters to use COTS --- it's also more expensive to get things developed on proprietary systems and that runs into single source issues.

Arguably everyone should use NSA's security-enhanced Linux:

http://www.nsa.gov/research/selinux/

Or similarly secured systems.

Re:How much longer consumer OSes on military syste

[INT_QRK]

BINGO! Policies that carry significant political political weight, especially when they become fashionable routes to swift approval, are especially prone to misunderstanding, misapplication, and imbalance between indented and unintended consequences. COTS, when misused as a panacea to achieve affordability, tends to not only be less affordable in the long run, but often leads to less effective solutions. The problem is that panaceas rarely are. Policies mindlessly pursued lead to poor results decoupled from original kernel of intent. There are certainly valid places for COTS, and valid reasons for nots.