Air Force Comments On Drone Malware

wiredmikey writes "Air Force officials have revealed more details about a malware infection that impacted systems used to manage a fleet of drones at the Creech Air Force Base in Nevada as reported last week. The 24th Air Force first detected the malware – which they characterized as a 'credential stealer' as opposed to a keylogger as originally reported — and notified Creech Air Force Base officials Sept. 15 that malware was found on portable hard drives approved for transferring information between systems. The infected computers were part of the ground control system that supports remotely-piloted aircraft (RPA) operations. The malware is not designed to transmit data or video or corrupt any files, programs or data, according to the Air Force. The ground system is separate from the flight control system used by RPA pilots to fly the aircrafts."

Possible typo.

[pushing-robot]

A "feet of drones" is the proper collective noun only when they're on the ground. In the air they're known as a "bungle".

Question!

[MrEricSir]

If a drone running Windows 98 is destroyed, is it okay to re-use the license key on a new one?

Re:Whitewash

[Kaedrin]

Wrong. Someone does however need to explain why systems like this don't have SRP (Software Restriction Policies) or AppLocker Policies enabled with a ridged white listing rule set.

Servers/Drones/etc like these should NEVER allow any account permission to run non-whitelisted applications. The fact is, barely any code should be allowed to execute, and itâ(TM)s completely inexcusable for them to not be using the whitelisting rules that are part of Windows/Active Directory. In an environment like this where there are ridged policies for doing practically anything related to production software, preventing rogue code execution should be mind boggling easy for one moderately skilled administrator.