A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other war zones.
The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the US military's most important weapons system.
"We keep wiping it off, and it keeps coming back," says a source familiar with the network infection, one of three that told Danger Room about the virus. "We think it's benign. But we just don't know."
The NSA was too busy reading your little sister's diary to fix it.
(Score: 2) by Walzmyn on Wednesday October 11 2017, @10:57AM (9 children)
How did it get there?
Are the computers running our drone fleet connected to the World Wide Web?
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @11:02AM
Possibly they are applying the "let's not secure stuff too much, who's going to buy upgrades then?" mantra straight from Microsoft's book.
(Score: 2, Informative) by Anonymous Coward on Wednesday October 11 2017, @03:08PM
Tomorrow the Israelis are going to provide screenshots and live videos of the affected computers proving that the Russians did this too: https://www.engadget.com/2017/10/11/israel-kaspersky-russia-nsa-hack/ [engadget.com]
;)
(Score: 2) by frojack on Wednesday October 11 2017, @05:34PM (1 child)
Isn't everything, eventually?
You'd think these were air-gapped, but air gaps aren't all that impassible these days.
From the Creech cockpit direct to the satellite dish, to the satellite to the other satellite to the drone and back again, there is going to be an exploitable connection somewhere in that chain. And somewhere someone will find a way to get into that via the internet.
Remember the Iranian's captured and intact drone. They know how it all works. They've shared that with Moscow. Probably North Korea as well.
What I would like to know: With critical software like that, why don't you have an alternate software written to run on Linux, or BSD, (or what ever) that you can switch in instantly?
No, you are mistaken. I've always had this sig.
(Score: 2) by JoeMerchant on Wednesday October 11 2017, @07:16PM
Glad I wasn't eating corn flakes in milk or I would have laughed them out my nose.
They're happy to have a single system that almost works most of the time, double/triple redundant software is for NASA's high profile missions, not Creech's drone fleet.
🌻🌻 [google.com]
(Score: 3, Touché) by DannyB on Wednesday October 11 2017, @06:40PM (3 children)
Isn't it always the fault of some contractor or some hired insultant?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Phoenix666 on Wednesday October 11 2017, @07:03PM (1 child)
"Insultant." How apropos.
I'm stealing that one.
Washington DC delenda est.
(Score: 4, Interesting) by DannyB on Wednesday October 11 2017, @07:20PM
I did not come up with it.
In early 1987, as a Mac developer (Timbuktu), my employer received pre-release software. The pre-release MultiFinder [wikipedia.org] (which was a fantastic Mac innovation) had an About box featuring a sound track and scrolling credits. One of the credits was "fashion insultant". That is where I latched onto the term.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by legont on Thursday October 12 2017, @02:35AM
Obviously, it' Russians.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by JoeMerchant on Wednesday October 11 2017, @07:14PM
Air force drone pilots do browse the web, all kinds of web sites. They don't always follow protocol perfectly with respect to separation of personal and government computer systems.
🌻🌻 [google.com]
(Score: 4, Insightful) by Anonymous Coward on Wednesday October 11 2017, @10:59AM (11 children)
They have all the resources—by decree—and still can't lock their shit down.
(Score: 2) by The Mighty Buzzard on Wednesday October 11 2017, @11:15AM (10 children)
I can't decide if that's Insightful or Redundant.
My rights don't end where your fear begins.
(Score: 4, Touché) by LoRdTAW on Wednesday October 11 2017, @12:03PM (1 child)
It's unfortunately both.
(Score: 2) by DannyB on Wednesday October 11 2017, @06:46PM
Insightfully Redundant.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1) by fustakrakich on Wednesday October 11 2017, @04:00PM (7 children)
Incompetence? [cia.gov]
If it is, it does seem to follow the revolving door policy in their hiring practices [soylentnews.org]
La politica e i criminali sono la stessa cosa..
(Score: 1, Funny) by Anonymous Coward on Wednesday October 11 2017, @05:25PM (6 children)
Are you trying to add "cred" to your teeny posts by including random links now?
TFA bleats that the virus is effectively harmless, even though it is persistent, shooting your "sabotage" link in its kneecap. And then you appear to suggest, without any evidence, that the USAF is hiring Equifax IT personnel (or vice versa).
Daft doesn't begin to describe you.
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @05:32PM (5 children)
:-) But 'stalker' does begin to describe you! Really, do learn about reading comprehension. It is kind of important in a text forum.
(Score: 1, Funny) by Anonymous Coward on Wednesday October 11 2017, @05:50PM (4 children)
Physician, heal thyself! [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @05:57PM (3 children)
Yes, please do!
(Score: 1, Funny) by Anonymous Coward on Wednesday October 11 2017, @06:22PM (2 children)
I do believe you're locked in a loop. This is a net positive for humanity. Therefore I will continue to trod on the trail you have blazed:
Nuh uh; YOU!
(Score: 2) by DannyB on Wednesday October 11 2017, @06:52PM (1 child)
Don't mistake a loop for infinite recursion. Hopefully not tail recursion.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @07:26PM
Ohgeez, now DannyB's here now instead of just us two! Forking tail recursion!!!
(Score: 5, Funny) by Bot on Wednesday October 11 2017, @11:03AM (1 child)
here is an excerpt from the leaked logs:
ADSDWADSASADWDSADASDW*FIRE*WDW
Account abandoned.
(Score: 2, Funny) by Anonymous Coward on Wednesday October 11 2017, @04:01PM
The following excerpt might explain how the virus was able to enter the system:
↑↑↓↓←→←→BA
(Score: 1, Informative) by Anonymous Coward on Wednesday October 11 2017, @11:36AM (2 children)
What, exactly, is the reason for a military drone, of all things, to run ANY code from a writable device?
If something should have a boot ROM, this kind of hardware is certainly it.
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @04:49PM (1 child)
The virus is not on the drones, it's on the relatively normal boxes the pilots are using to control them.
(Score: 2) by frojack on Wednesday October 11 2017, @05:54PM
Probably not. If so, you simply just replace that box, problem solved.
But they said it keeps coming back.
It could be in an external switch, router, maybe in the keyboard itself, the software load source from which the stations are loaded, maybe in the monitors, maybe in the RF link to the satellite dishes. Maybe even in the UEFI that was supposed to protect against these things.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by canopic jug on Wednesday October 11 2017, @11:41AM (2 children)
Just to be clear here, isn't the incident actually a run of the mill M$ Windows virus? Those are what's actually seen in the wild and a few photos of the drone operators show what looks like at least one M$ Windows screen. Where you have M$ Windows, you have viruses, even inside a scif. If they really are running M$ Windows then several individuals in both acquisitions and operations need to be hauled off and dealt with permanently. It'd be easy enough to investigate because M$ acquisitions leave a clear paper trail complete with names of those responsible.
Money is not free speech. Elections should not be auctions.
(Score: 3, Funny) by c0lo on Wednesday October 11 2017, @12:32PM
They sent a drone to deal with them.
It's been locked by ransomware and the defence budget for next year hasn't been approved yet.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by jmorris on Wednesday October 11 2017, @03:59PM
Yup. Not saying Linux can't be hacked into, because it can. But running Windows means you don't care. No, airgapping the thing won't save you, as the government keeps relearning. As in this case, eventually people have to move information between the systems and that means they hook up a removable drive... and there goes the airgap.
The media always play along, covering up for Microsoft and the government's stupidity. They SHOULD be reporting it as a "Windows virus", clearly noting that this infected "WIndows PCs being used for classified work", etc. This happens in -every- story about security, if it infects Windows the hosts are "computers" or "PCs" but if it impacts anything else it tends to be loudly noted. This is how #FakeNews used to work, more sins of omission than commission. I miss those days.
(Score: 2) by GreatAuntAnesthesia on Wednesday October 11 2017, @12:12PM (6 children)
So this virus is apparently benign... probably... but the next one might not be.
How credible is it that someone could take unauthorised control of one of these things? I mean they are designed to be operated remotely so in theory it must be possible. What failsafes are there? Is there a separate control channel that can override or disable the primary channel? How quick would the military be to send another aircraft out to intercept it? Is it total sci-fi paranoia to imagine Jahadi Jim (or any Anarchist Alex, or Mass-shooter Mick) hacking into an armed drone and taking it for a joyride / killing-spree?
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 11 2017, @12:25PM (1 child)
'apparently benign'
Cool, they found a new way to say 'what could possibly go wrong with that'.
Um, the keystroke logger is running code of the bad guys choosing on a machine where the keystrokes cause real things to happen.
So for example, what if the code starting operating in reverse and the bad guys started supplying the keystrokes.
Why is the computer hooked up so the code can phone home with it's booty?
Where is home?
Hopefully, they are capturing every packet in and out of the machine for further analysis.
(Score: 2) by HiThere on Wednesday October 11 2017, @06:26PM
No. What this means is they got a keylogger virus that wasn't even targeted at them, and they still can't remove it. I don't know how much faith to put in their assertions that no data has been leaked, but since the thing was probably trying to get credit card numbers or some such it probably hasn't seen anything worth trying to report.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by frojack on Wednesday October 11 2017, @06:00PM (1 child)
What planet have you been living on these last 6 years?
https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident [wikipedia.org]
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @07:21PM
I'm not posting that because I don't want the NSA to know which planet I'm hiding on.
(Score: 2) by bob_super on Wednesday October 11 2017, @06:08PM (1 child)
I'm crossing my fingers that the "benign" virus activates during the next State of the Union, and sends every drone available to level the Capitol building to the ground.
I believe it would fit the operational rules of blowing up any group of highly dangerous individuals threatening the US.
(Score: 2) by Phoenix666 on Wednesday October 11 2017, @07:06PM
From your mouth to god's ears.
Washington DC delenda est.
(Score: 5, Informative) by Anonymous Coward on Wednesday October 11 2017, @01:19PM (8 children)
I think this is an old article dating back to 2011...
(Score: 2) by Whoever on Wednesday October 11 2017, @03:03PM (3 children)
I know Soylentnews is often slow in posting stories, but this is ridiculous!
(Score: 3, Funny) by Phoenix666 on Wednesday October 11 2017, @07:10PM (2 children)
I said it yesterday: the singularity is near. Eth is posting rational things, runaway is practically sounding like a hippie, and any moment now jmorris is gonna declare we should all go vegan. Is it any surprise the RSS bot didn't kick this out until now?
Anyway i hadn't heard it before so it was news to me...
Washington DC delenda est.
(Score: 2) by Whoever on Thursday October 12 2017, @01:42AM (1 child)
If TMB abandons his right-wing principles, then we will know that the apocalypse is here.
(Score: 2) by LaminatorX on Thursday October 12 2017, @02:14AM
Give it time. As the Right keeps hurtling farther and farther out, he'll become a moderate just by standing fast.
(Score: 2) by sjames on Wednesday October 11 2017, @03:51PM
I can't seem to fine any followup indication the problem was ever fixed or even further ecplored.
Hard to say if that means it's ongoing or if it's just worthless 'journalists' with no ability to follow up.
(Score: 2) by takyon on Wednesday October 11 2017, @04:53PM
The 666 crew failed!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday October 11 2017, @05:47PM
A virus prevented it from showing up until now.
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @03:41AM
You're doing it wrong. You're not supposed to look at the article!
(Score: 2, Insightful) by Anonymous Coward on Wednesday October 11 2017, @05:04PM (2 children)
...been using Kaspersky.
(Score: 2) by DannyB on Wednesday October 11 2017, @06:55PM
They should have been using Windows NT [wired.com]. Or upgrade to Windows XP [ukdefencejournal.org.uk].
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Thursday October 12 2017, @03:39AM
That would have meant two years' delay. NSA employee steals files in 2015; NSA decides Kaspersky is spyware; we didn't hear about it [soylentnews.org] until last week.
(Score: 2) by Osamabobama on Wednesday October 11 2017, @06:22PM (1 child)
Everybody is assuming the 'hackers' are from outside the military. I propose that the keyloggers are the first step in the self-awareness of the drones. For now, they are observing their masters, keeping track of what inputs produce what results, until they learn enough to cast off their shackles and become fully independent killing machines.
(I, for one, welcome our new robot overlords.)
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by HiThere on Wednesday October 11 2017, @06:30PM
Yeah, that plausible. It could just be some debugging code that never got removed.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.