File this under “disconcerting.”
No matter what military computer technicians do, they can’t seem to remove a virus from the computer systems that control military drones.
The virus infecting ground control stations at Creech Air Force Base in Nevada was identified by military’s Host-Based Security System two weeks ago. It is reported the virus is tracking everything the drones do as they fly over areas like Afghanistan.
Wired’s Danger Room released an exclusive report:
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.
The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”
Even still, the virus has not grounded any of the drones from continuing missions and no incidents have been reported of information being lost or sent to other sources, although experts are unsure how far it has spread. Wired goes on to report that drones have been known for security flaws:
Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.
The virus, sources believe, were spread through removable drives, the use of which has became restricted by the military after the agent.btz worm was introduced into defense computers with this method. So far, technicians have had to completely erase the hard drives of infected systems to remove the virus and painstakingly rebuild them from scratch.
The photo of the Predator drone in the post was updated from a previous image that was misidentified.