Noah Shachtman at the Danger Room has this disturbing exclusive
: the U.S. Air Force drone fleet has been hit by a computer virus.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.
It's no secret that UAVs have become a weapon-of-choice in the War on Terror; our expanding fleet of drones (most of them operated and maintained by the USAF) allow intelligence specialists to monitor large stretches of territory for and strike high-value targets. Just last week, a CIA-operated UAV took out Al Qaida bigwig Anwar Awlaki; all told, American UAVs have killed more than 2,000 suspected terrorists in Afghanistan and Pakistan since President Obama took office, according to the Washington Post.
So far, the infection appears limited to Creech, while pilots and sensor operators control dozens of UAVs operating around the world. There is no evidence the virus has spread to the Distributed Common Ground Station (DCGS) facilities which analyze intelligence collected by the drones. While drone operations have received lots of media attention, many Americans are unaware of the huge intel network required to support UAV operations. At places like Langley AFB, VA; Hickam AFB, Hawaii, Beale AFB, California (and others), hundreds of intel specialists monitor, record and decipher data from the drone's on-board sensor suite.
The Air Force hasn't said how the virus found its way into the Ground Control Stations that direct UAV missions. But the most likely culprit is an external drive or some other type of external device that was plugged into A GCS computer, providing an entry point into the network. If information captured by the keylogger program was transmitted to individuals outside DoD, it could provide valuable insights regarding drone operations and the command-and-control network that control them.
As you might expect, this sort of thing isn't supposed to happen. Computers that direct UAV flights (and the intel systems that support them) are part of intranets, separate from the internet. But they remain vulnerable to external viruses and other hazards, through something as simple as a flash drive.
Was it a deliberate attack? The jury's still out on that one, but recent trends are not encouraging. Adversaries are quite aware of U.S. reliance on UAVs, and they're looking for ways to cripple our capabilities in that area. There have been several "infections" of secure networks in recent years, raising concerns about our susceptibility to outside attacks. Coincidence? You decide.
Labels: USAF; UAVs; Predator; Reaper; computer virus; Creech AFB