Oops, My Drone Was Infected!

Last Updated on October 8, 2011

Do you remember the intrepid Jeff Goldbum injecting malicious code on the Alien mothership during one of the most famous scenes of Independence Day? Easy, no alien invasion is happening, simply a similar event occurred for US drones which were targeted with a common Key-Logger “civil” malware.

Of course no foreign country plugged any malicious ship to US facilities, indeed what has really happened was much more simple and common, an hard-drive which accidentally infected the Ground Control System at Creech Air Force Base in Nevada.

This does not sound surprising to me since I wrote several posts about the growing use of Consumer Technologies for military purposes (but I should have included consumer anti-malware software as well), moreover I also predicted specific malware targeting military planes. Although this is not exactly what happened, there are several points in common with my prediction, essentially the fact that consumer technologies (as simple PCs are) open security doors inside sophisticated military weapons.

So, at this point it should not be surprising, as Wired reports, that a computer virus has infected Predator drones and Reaper drones, logging pilots’ keystroke during their fly missions over Afghanistan and other warzones.

The virus was detected nearly two weeks ago at the Ground Control System (GCS) at Creech Air Force Base in Nevada and has not prevented drones from flying their missions. Nevertheless it has shown an unexpected strength so that multiple efforts were necessary to remove it from Creech’s computers, network security, Wired reposts.

Although Fox News quotes a senior Air Force source according to whom, Wired’s story is “blown out of proportion” and “vastly overwritten.”, this event points out the risks associated with the use of standard technologies to control sophisticated military weapons that play a central role in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking human lives.

Although they suffer of native security holes (for instance the footage is transmitted in clear), that they are just computers, after all, and hence controlled by standard PCs, that may get virtually sick like any other civil companion.

Although the malware seemed benign, it is still not clear how it could make its way inside the systems and most of all, since it affected classified and unclassified system, if it was able to leak information and send it to a remote source. On the other hand a key-logger is able to steal whatever information is typed on the keyboard to control the drone. As the famous aviation expert David Cenciotti said:

Do you want to know what a keylogger can grab fm a Predator control station? Think to your keyboard inputs when playing w/ Flight Simulator.

Maybe the virus could have accidentally spread: the Ground Control Stations handling more exotic operations are top secret and none of the remote cockpits are supposed to be connected to the public internet, this should make them immune to viruses and other network security threats.

Unfortunately hard disks and pen drives may build bridges connecting public and classified networks, and this could have possibly have happened at the base at Creech since the Predator and Reaper drone crews use removable hard drives to load map updates and transport mission videos from one computer to another. The same hard drives could have spread the malware and, as a consequence, drone units at other Air Force bases worldwide have now been ordered to stop their use.

This is not the first time that an infection has been spread through an hard drive: in late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. It looks like the Pentagon is still disinfecting machines, three years later.

Curiously the virus showed to be very resistant to digital vaccines, and after several attempts to remove it with standard procedures (following removal instructions posted on the website of the Kaspersky security firm), the only safe method to clean it was to wipe the infected hard drives and rebuild them from scratch: a time consuming operations. As to say: sophisticated military weapons and technologies suffer the same issues than civil users (how many Windows installations from scratch after a malware infection), on the other hand the drone virus was detected by the military’s Host-Based Security System, a flexible, commercial-off-the-shelf (COTS)-based application. If you look carefully at the HBSS web site you will also be able to identify the commercial security technology which lays behind the HBSS.

Is it times for drones to be natively equipped with anti malware?