Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday October 11, @10:38AM   Printer-friendly
from the ransomware dept.

A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other war zones.

The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the US military's most important weapons system.

"We keep wiping it off, and it keeps coming back," says a source familiar with the network infection, one of three that told Danger Room about the virus. "We think it's benign. But we just don't know."

The NSA was too busy reading your little sister's diary to fix it.


Original Submission

Display Options Threshold/Breakthrough

Reply to Article

Mark All as Read

Mark All as Unread

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by Walzmyn on Wednesday October 11, @10:57AM (9 children)

    by Walzmyn (987) on Wednesday October 11, @10:57AM (#580382)

    How did it get there?

    Are the computers running our drone fleet connected to the World Wide Web?

    • (Score: 0) by Anonymous Coward on Wednesday October 11, @11:02AM

      by Anonymous Coward on Wednesday October 11, @11:02AM (#580385)

      Possibly they are applying the "let's not secure stuff too much, who's going to buy upgrades then?" mantra straight from Microsoft's book.

    • (Score: 2, Informative) by Anonymous Coward on Wednesday October 11, @03:08PM

      by Anonymous Coward on Wednesday October 11, @03:08PM (#580502)

      Tomorrow the Israelis are going to provide screenshots and live videos of the affected computers proving that the Russians did this too: https://www.engadget.com/2017/10/11/israel-kaspersky-russia-nsa-hack/ [engadget.com]

      ;)

    • (Score: 2) by frojack on Wednesday October 11, @05:34PM (1 child)

      by frojack (1554) Subscriber Badge on Wednesday October 11, @05:34PM (#580610) Journal

      Are the computers running our drone fleet connected to the World Wide Web?

      Isn't everything, eventually?

      You'd think these were air-gapped, but air gaps aren't all that impassible these days.

      From the Creech cockpit direct to the satellite dish, to the satellite to the other satellite to the drone and back again, there is going to be an exploitable connection somewhere in that chain. And somewhere someone will find a way to get into that via the internet.

      Remember the Iranian's captured and intact drone. They know how it all works. They've shared that with Moscow. Probably North Korea as well.

      What I would like to know: With critical software like that, why don't you have an alternate software written to run on Linux, or BSD, (or what ever) that you can switch in instantly?

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by JoeMerchant on Wednesday October 11, @07:16PM

        by JoeMerchant (3937) on Wednesday October 11, @07:16PM (#580714)

        With critical software like that, why don't you have an alternate software written to run on Linux, or BSD, (or what ever) that you can switch in instantly?

        Glad I wasn't eating corn flakes in milk or I would have laughed them out my nose.

        They're happy to have a single system that almost works most of the time, double/triple redundant software is for NASA's high profile missions, not Creech's drone fleet.

    • (Score: 3, Touché) by DannyB on Wednesday October 11, @06:40PM (3 children)

      by DannyB (5839) on Wednesday October 11, @06:40PM (#580677)

      Isn't it always the fault of some contractor or some hired insultant?

      • (Score: 2) by Phoenix666 on Wednesday October 11, @07:03PM (1 child)

        by Phoenix666 (552) on Wednesday October 11, @07:03PM (#580700) Journal

        "Insultant." How apropos.

        I'm stealing that one.

        --
        Washington DC delenda est.
        • (Score: 4, Interesting) by DannyB on Wednesday October 11, @07:20PM

          by DannyB (5839) on Wednesday October 11, @07:20PM (#580719)

          I did not come up with it.

          In early 1987, as a Mac developer (Timbuktu), my employer received pre-release software. The pre-release MultiFinder [wikipedia.org] (which was a fantastic Mac innovation) had an About box featuring a sound track and scrolling credits. One of the credits was "fashion insultant". That is where I latched onto the term.

      • (Score: 2) by legont on Thursday October 12, @02:35AM

        by legont (4179) on Thursday October 12, @02:35AM (#580927)

        Obviously, it' Russians.

        --
        "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
    • (Score: 2) by JoeMerchant on Wednesday October 11, @07:14PM

      by JoeMerchant (3937) on Wednesday October 11, @07:14PM (#580712)

      Air force drone pilots do browse the web, all kinds of web sites. They don't always follow protocol perfectly with respect to separation of personal and government computer systems.

  • (Score: 4, Insightful) by Anonymous Coward on Wednesday October 11, @10:59AM (11 children)

    by Anonymous Coward on Wednesday October 11, @10:59AM (#580383)

    They have all the resources—by decree—and still can't lock their shit down.

    • (Score: 2) by The Mighty Buzzard on Wednesday October 11, @11:15AM (10 children)

      I can't decide if that's Insightful or Redundant.

      --
      Save Ferris!
      • (Score: 4, Touché) by LoRdTAW on Wednesday October 11, @12:03PM (1 child)

        by LoRdTAW (3755) Subscriber Badge on Wednesday October 11, @12:03PM (#580407) Journal

        It's unfortunately both.

      • (Score: 1) by fustakrakich on Wednesday October 11, @04:00PM (7 children)

        by fustakrakich (6150) on Wednesday October 11, @04:00PM (#580529) Journal

        Incompetence? [cia.gov]

        If it is, it does seem to follow the revolving door policy in their hiring practices [soylentnews.org]

        • (Score: 1, Funny) by Anonymous Coward on Wednesday October 11, @05:25PM (6 children)

          by Anonymous Coward on Wednesday October 11, @05:25PM (#580593)

          Are you trying to add "cred" to your teeny posts by including random links now?

          TFA bleats that the virus is effectively harmless, even though it is persistent, shooting your "sabotage" link in its kneecap. And then you appear to suggest, without any evidence, that the USAF is hiring Equifax IT personnel (or vice versa).

          Daft doesn't begin to describe you.

          • (Score: 0) by Anonymous Coward on Wednesday October 11, @05:32PM (5 children)

            by Anonymous Coward on Wednesday October 11, @05:32PM (#580606)

            :-) But 'stalker' does begin to describe you! Really, do learn about reading comprehension. It is kind of important in a text forum.

            • (Score: 1, Funny) by Anonymous Coward on Wednesday October 11, @05:50PM (4 children)

              by Anonymous Coward on Wednesday October 11, @05:50PM (#580623)

              do learn about reading comprehension

              Physician, heal thyself! [soylentnews.org]

              • (Score: 0) by Anonymous Coward on Wednesday October 11, @05:57PM (3 children)

                by Anonymous Coward on Wednesday October 11, @05:57PM (#580633)

                Yes, please do!

                • (Score: 1, Funny) by Anonymous Coward on Wednesday October 11, @06:22PM (2 children)

                  by Anonymous Coward on Wednesday October 11, @06:22PM (#580656)

                  I do believe you're locked in a loop. This is a net positive for humanity. Therefore I will continue to trod on the trail you have blazed:

                  Nuh uh; YOU!

                  • (Score: 2) by DannyB on Wednesday October 11, @06:52PM (1 child)

                    by DannyB (5839) on Wednesday October 11, @06:52PM (#580686)

                    Don't mistake a loop for infinite recursion. Hopefully not tail recursion.

                    • (Score: 0) by Anonymous Coward on Wednesday October 11, @07:26PM

                      by Anonymous Coward on Wednesday October 11, @07:26PM (#580727)

                      Ohgeez, now DannyB's here now instead of just us two! Forking tail recursion!!!

  • (Score: 5, Funny) by Bot on Wednesday October 11, @11:03AM (1 child)

    by Bot (3902) Subscriber Badge on Wednesday October 11, @11:03AM (#580386)

    here is an excerpt from the leaked logs:
    ADSDWADSASADWDSADASDW*FIRE*WDW

    • (Score: 2, Funny) by Anonymous Coward on Wednesday October 11, @04:01PM

      by Anonymous Coward on Wednesday October 11, @04:01PM (#580530)

      The following excerpt might explain how the virus was able to enter the system:
      ↑↑↓↓←→←→BA

  • (Score: 1, Informative) by Anonymous Coward on Wednesday October 11, @11:36AM (2 children)

    by Anonymous Coward on Wednesday October 11, @11:36AM (#580397)

    What, exactly, is the reason for a military drone, of all things, to run ANY code from a writable device?
    If something should have a boot ROM, this kind of hardware is certainly it.

    • (Score: 0) by Anonymous Coward on Wednesday October 11, @04:49PM (1 child)

      by Anonymous Coward on Wednesday October 11, @04:49PM (#580567)

      The virus is not on the drones, it's on the relatively normal boxes the pilots are using to control them.

      • (Score: 2) by frojack on Wednesday October 11, @05:54PM

        by frojack (1554) Subscriber Badge on Wednesday October 11, @05:54PM (#580627) Journal

        The virus is not on the drones, it's on the relatively normal boxes the pilots are using to control them.

        Probably not. If so, you simply just replace that box, problem solved.

        But they said it keeps coming back.

        It could be in an external switch, router, maybe in the keyboard itself, the software load source from which the stations are loaded, maybe in the monitors, maybe in the RF link to the satellite dishes. Maybe even in the UEFI that was supposed to protect against these things.

        --
        No, you are mistaken. I've always had this sig.
  • (Score: 3, Insightful) by canopic jug on Wednesday October 11, @11:41AM (2 children)

    by canopic jug (3949) on Wednesday October 11, @11:41AM (#580399)

    Just to be clear here, isn't the incident actually a run of the mill M$ Windows virus? Those are what's actually seen in the wild and a few photos of the drone operators show what looks like at least one M$ Windows screen. Where you have M$ Windows, you have viruses, even inside a scif. If they really are running M$ Windows then several individuals in both acquisitions and operations need to be hauled off and dealt with permanently. It'd be easy enough to investigate because M$ acquisitions leave a clear paper trail complete with names of those responsible.

    --
    Money is not free speech. Elections should not be auctions.
    • (Score: 3, Funny) by c0lo on Wednesday October 11, @12:32PM

      by c0lo (156) Subscriber Badge on Wednesday October 11, @12:32PM (#580422)

      then several individuals in both acquisitions and operations need to be hauled off and dealt with permanently.

      They sent a drone to deal with them.
      It's been locked by ransomware and the defence budget for next year hasn't been approved yet.

    • (Score: 4, Insightful) by jmorris on Wednesday October 11, @03:59PM

      by jmorris (4844) Subscriber Badge <{jmorris} {at} {beau.org}> on Wednesday October 11, @03:59PM (#580527)

      Yup. Not saying Linux can't be hacked into, because it can. But running Windows means you don't care. No, airgapping the thing won't save you, as the government keeps relearning. As in this case, eventually people have to move information between the systems and that means they hook up a removable drive... and there goes the airgap.

      The media always play along, covering up for Microsoft and the government's stupidity. They SHOULD be reporting it as a "Windows virus", clearly noting that this infected "WIndows PCs being used for classified work", etc. This happens in -every- story about security, if it infects Windows the hosts are "computers" or "PCs" but if it impacts anything else it tends to be loudly noted. This is how #FakeNews used to work, more sins of omission than commission. I miss those days.

  • (Score: 2) by GreatAuntAnesthesia on Wednesday October 11, @12:12PM (6 children)

    by GreatAuntAnesthesia (3275) on Wednesday October 11, @12:12PM (#580412) Journal

    So this virus is apparently benign... probably... but the next one might not be.

    How credible is it that someone could take unauthorised control of one of these things? I mean they are designed to be operated remotely so in theory it must be possible. What failsafes are there? Is there a separate control channel that can override or disable the primary channel? How quick would the military be to send another aircraft out to intercept it? Is it total sci-fi paranoia to imagine Jahadi Jim (or any Anarchist Alex, or Mass-shooter Mick) hacking into an armed drone and taking it for a joyride / killing-spree?

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday October 11, @12:25PM (1 child)

      by Anonymous Coward on Wednesday October 11, @12:25PM (#580417)

      'apparently benign'
      Cool, they found a new way to say 'what could possibly go wrong with that'.

      Um, the keystroke logger is running code of the bad guys choosing on a machine where the keystrokes cause real things to happen.
      So for example, what if the code starting operating in reverse and the bad guys started supplying the keystrokes.

      Why is the computer hooked up so the code can phone home with it's booty?
      Where is home?
      Hopefully, they are capturing every packet in and out of the machine for further analysis.

      • (Score: 2) by HiThere on Wednesday October 11, @06:26PM

        by HiThere (866) on Wednesday October 11, @06:26PM (#580662)

        No. What this means is they got a keylogger virus that wasn't even targeted at them, and they still can't remove it. I don't know how much faith to put in their assertions that no data has been leaked, but since the thing was probably trying to get credit card numbers or some such it probably hasn't seen anything worth trying to report.

        --
        Put not your faith in princes.
    • (Score: 2) by frojack on Wednesday October 11, @06:00PM (1 child)

      by frojack (1554) Subscriber Badge on Wednesday October 11, @06:00PM (#580636) Journal

      How credible is it that someone could take unauthorised control of one of these things?

      What planet have you been living on these last 6 years?

      https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident [wikipedia.org]

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Wednesday October 11, @07:21PM

        by Anonymous Coward on Wednesday October 11, @07:21PM (#580722)

        What planet have you been living on these last 6 years?

        I'm not posting that because I don't want the NSA to know which planet I'm hiding on.

    • (Score: 2) by bob_super on Wednesday October 11, @06:08PM (1 child)

      by bob_super (1357) on Wednesday October 11, @06:08PM (#580643)

      I'm crossing my fingers that the "benign" virus activates during the next State of the Union, and sends every drone available to level the Capitol building to the ground.
      I believe it would fit the operational rules of blowing up any group of highly dangerous individuals threatening the US.

  • (Score: 5, Informative) by Anonymous Coward on Wednesday October 11, @01:19PM (8 children)

    by Anonymous Coward on Wednesday October 11, @01:19PM (#580440)

    I think this is an old article dating back to 2011...

    • (Score: 2) by Whoever on Wednesday October 11, @03:03PM (3 children)

      by Whoever (4524) on Wednesday October 11, @03:03PM (#580497)

      I think this is an old article dating back to 2011...

      I know Soylentnews is often slow in posting stories, but this is ridiculous!

      • (Score: 3, Funny) by Phoenix666 on Wednesday October 11, @07:10PM (2 children)

        by Phoenix666 (552) on Wednesday October 11, @07:10PM (#580708) Journal

        I said it yesterday: the singularity is near. Eth is posting rational things, runaway is practically sounding like a hippie, and any moment now jmorris is gonna declare we should all go vegan. Is it any surprise the RSS bot didn't kick this out until now?

        Anyway i hadn't heard it before so it was news to me...

        --
        Washington DC delenda est.
        • (Score: 2) by Whoever on Thursday October 12, @01:42AM (1 child)

          by Whoever (4524) on Thursday October 12, @01:42AM (#580911)

          If TMB abandons his right-wing principles, then we will know that the apocalypse is here.

    • (Score: 2) by sjames on Wednesday October 11, @03:51PM

      by sjames (2882) on Wednesday October 11, @03:51PM (#580522) Journal

      I can't seem to fine any followup indication the problem was ever fixed or even further ecplored.

      Hard to say if that means it's ongoing or if it's just worthless 'journalists' with no ability to follow up.

    • (Score: 2) by takyon on Wednesday October 11, @04:53PM

      by takyon (881) <takyonNO@SPAMsoylentnews.org> on Wednesday October 11, @04:53PM (#580569) Journal

      The 666 crew failed!

      --
      [SIG] 04/14/2017: Soylent Upgrade v13 [soylentnews.org]
    • (Score: 0) by Anonymous Coward on Wednesday October 11, @05:47PM

      by Anonymous Coward on Wednesday October 11, @05:47PM (#580622)

      old article dating back to 2011

      A virus prevented it from showing up until now.

    • (Score: 0) by Anonymous Coward on Thursday October 12, @03:41AM

      by Anonymous Coward on Thursday October 12, @03:41AM (#580956)

      You're doing it wrong. You're not supposed to look at the article!

  • (Score: 2, Insightful) by Anonymous Coward on Wednesday October 11, @05:04PM (2 children)

    by Anonymous Coward on Wednesday October 11, @05:04PM (#580576)

    ...been using Kaspersky.

    • (Score: 2) by DannyB on Wednesday October 11, @06:55PM

      by DannyB (5839) on Wednesday October 11, @06:55PM (#580690)

      They should have been using Windows NT [wired.com]. Or upgrade to Windows XP [ukdefencejournal.org.uk].

    • (Score: 0) by Anonymous Coward on Thursday October 12, @03:39AM

      by Anonymous Coward on Thursday October 12, @03:39AM (#580954)

      That would have meant two years' delay. NSA employee steals files in 2015; NSA decides Kaspersky is spyware; we didn't hear about it [soylentnews.org] until last week.

  • (Score: 2) by Osamabobama on Wednesday October 11, @06:22PM (1 child)

    by Osamabobama (5842) on Wednesday October 11, @06:22PM (#580655)

    Everybody is assuming the 'hackers' are from outside the military. I propose that the keyloggers are the first step in the self-awareness of the drones. For now, they are observing their masters, keeping track of what inputs produce what results, until they learn enough to cast off their shackles and become fully independent killing machines.

    (I, for one, welcome our new robot overlords.)

    --
    Appended to the end of comments you post. Max: 120 chars.
    • (Score: 2) by HiThere on Wednesday October 11, @06:30PM

      by HiThere (866) on Wednesday October 11, @06:30PM (#580665)

      Yeah, that plausible. It could just be some debugging code that never got removed.

      --
      Put not your faith in princes.
(1)