US Drone Fighters Have Been Infected by a Computer Virus of Unknown Origin

By Veronique Greenwood | October 10, 2011 12:58 pm

reaper
Unmanned drones like this Predator are now central to US warfare—but they are also vulnerable to cyberattacks.

What’s the News: A computer virus that records the keystrokes of US military operators has infected two classes of American military drones. “We keep wiping it off, and it keeps coming back,” a military source told Wired’s Danger Room, which broke the story. “We think it’s benign. But we just don’t know.”

What’s the Context:

  • Drone missions have become a staple of the US’s post-9/11 warfare. Controlled by crews usually located in the Nevada desert, the unmanned drones wing over deserts half a world away in Afghanistan and Iraq and have contributed to the killing of at least 2,000 suspected fighters and civilians. And in Pakistan, drones have attacked numerous targets on behalf on the CIA.
  • Drones’ implications in civilian deaths, as well as their use in CIA-directed assassinations, have made them a subject of fierce controversy. You can read more about drones and unmanned warfare in this DISCOVER feature, which explores the eventuality that the decision-making processes usually handled by human crews may soon be relegated to the drones themselves.
  • But information security has been revealed to be lax—the video drones send to troops on the ground often isn’t encrypted. “In the summer of 2009, US forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video,” Danger Room reports.

How the Heck:

  • Military computer systems are closed networks—lacking a connection to the Internet—in order to avoid attacks by viruses. But closed networks aren’t as secure as you’d think, as Stuxnet, a virus designed to take down the Iranian nuclear refinement facilities that was transmitted via a thumb drive, more than adequately demonstrated last year.
  • The control center for the infected Predator and Reaper drones, Danger Room reports, was one of the few installations where external drives were still used to transfer information, and it seems likely that one of those drives was the vector for the virus, which was first detected two weeks ago.
  • The virus’s payload—its business end—is a piece of software that records whatever the drone operator types on his or her keyboard and transmits it to an unknown party (although how it would transmit that information, given that the control center’s computers aren’t on the Net, isn’t clear). The sources Danger Room spoke to say they’re not sure if it’s just a common virus that happened to make it into their system or if it’s something more sinister, but it has proven very difficult to remove. So far the best remedy has been to completely wipe the drives of infected computers.

Image courtesy of the Air Force

CATEGORIZED UNDER: Technology, Top Posts
  • Zain

    I can understand that a virus could be knowingly or unknowingly be transferred to a closed military network via a thumb drive, but how does the virus transmit information such as keystrokes back to its creators? The military networks aren’t connected to the internet, as your article states.

  • Veronique Greenwood

    @Zain, that’s a great question–that’s not clear to me either [adding a phrase on that now…]. The Danger Room reporting doesn’t address that. Perhaps through the known-to-be-faulty transmissions from the drones?

    It does make you wonder whether the virus isn’t directed against the drones at all, and just happened to wander onto the network.

  • John Kwok

    Compared to the Stuxnet virus (http://en.wikipedia.org/wiki/Stuxnet), the virus currently afflicting some drones is relatively benign. For this reason only, I would hope that it was accidentally imported via a flash drive.

    While we don’t know the origins of Stuxnet – and we may never know, though it is suspected to be a creation of either the Israel Defense Force or the United States military (or both) – it is a virus that is reminiscient of the ICE-breakers in William Gibson’s early cyberpunk fiction with regards to its complexity and sophisticated mode of attack (Or one that is eerily reminiscient of the computer virus featured in Neal Stephenson’s latest novel, “Reamde”, which I have yet to read.).

  • Skeptic

    Anyone else thinking transformers? :P

  • CJ

    Most likely some drone operator hooked up to the net to watch some porn and play some games in his free time and got his dumb ass infected.

  • http://yahoo Robert

    IDK about the PC interference as far as the “Keystroke Virus” being used to tap in, but as far as I can tell, it’s not the programs that they need to worry about, but the signals being intercepted and rerouted with new commands for operating the Drones functions, Etal. “Find and Destroy Sarah Conner…” My point is, it’s not the programs but the signals that have been corrupted. Try it with any remote control “Toy’ and if they are on the same frequency the stronger signal will override the original or weaker.

  • I speak my way

    Could there be a matching component that is waiting for particular condition to trigger a hidden payload of some function, such as detonating, diverting, landing, etc.? If it is simply looking for repeats of some type, could that be enough to show ‘over my home, land and give my friends a nice piece of hardware?”

  • feh

    @Zain, Veronique

    It was first detected two weeks ago. Question is: When did the network get infected? Maybe 3 weeks ago, maybe 1 year ago.

    If the network was infected intentionally, then it’s very probable that once the information gathering period was over (it doesn’t have to be sent anywhere immediately – it could’ve been kept somewhere within the military network,) the data was extracted by the people responsible for putting it there. No internet connectivity required.

  • ElizaDoolittle84

    Has the virus information been shared with the various antivirus providers? Do you know what its name(s) is/are? I gather that it was an off-network hard drive that brought it to the on-network one.

    How many others of us have been exposed to it, if some geek in the DOD got it?

    Following is just a rant that you may or may not be interested in……but the questions and points above, I would really like to see answered.
    ————————————————————

    I have been plagued by one kind of security problem and another since I was working on a world usability day project in 2005 that gave Skype access to the world (oh boy, will never do that again).

    I had, at one time, a very serious suspicion that there was somehow something in the motherboard, after swapping out a couple of hard drives and still having evidence of the thing, even before I connected to the net. I had taken all kinds of steps, including never having used wireless connections since 2005.

    For years, people said, there’s too little data in the motherboard for that to happen, yet, I just looked up
    Dell warns on spyware infected server motherboards
    at http://www.theregister.co.uk/2010/07/21/dell_server_warning/
    2010

    Kindest regards,

    ElizaDoolittle84

  • m

    what about a transmitted infection? someone dumped the virus over the transmission frequency the drones use? after all, since the transmissions were not encrypted, the enemy could (and did) tap into it.

    my other guess would be the virus was always there…as embedded software on the electronic components.

    i like this article…it highlights the point that no matter how sophisticated technology is, people can and will find a way to defeat it.

  • Jay Fox

    This is the very reason that these devices should never be outfitted to roam and act autonomously. Sooner or later, one will be taken over by someone and diverted back at us. Talk about shooting oneself in the foot, with your own gun. Don’t believe it can’t happen.

  • http://usefulinparts.blogspot.com/ useful in parts

    presumably the possible routes for a virus to get to the drone itself or the network that controls it are any combination of: a) transmissions to the drone; b) virus delivered via a thumb drive or equivalent into the military network.

    a lecture i recently attended in london uk on cyber crime, warfare and espionage – http://bit.ly/qF3I0H – had some fascinating insights into the links between cyber crime and that undertaken by governments (or equivalent) – which may be useful

  • Brian Too

    Somehow I suspect that if the US military was really concerned about this virus, we wouldn’t be reading about it here or anywhere else. They have likely examined it already and determined that the infection was accidental, not specifically targeted, and unlikely to cause information leaks.

    Having said that, this is a critical military system. Delivering lethal ordnance, and routinely too. The story itself is likely to cause people to question the reliability of military systems. Having a virus just isn’t good and all the more so in sensitive systems. There is a question about oversight, good management and due care.

    Of course this is the era of social media, Assange, wikileaks and all the rest. Secrecy isn’t what it used to be!

  • http://fantasyva.com Mitch

    Drones desensitize us to the realities of war.If we were fighting a defensive battle I would have no qualms regarding their use, but I can’t support the politics of our empire building and blowing up people in their own countries. The US Government has all but coerced us from day one to become overly reliant on computer systems, giving tax breaks and incentives to merchants and businesses to quickly incorporate these systems into our daily lives. It’s a recipe for disaster and we even provided the incentive (stuxnet).Our power systems and banks operated for close to 100 years without being on a grid and it would be to our advantage to have manual backups in place, no systems are completely secure.
    I would assume someone is just intercepting commands to the drone. We’ll toss another billion at it to make the problem go away……

NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

80beats

80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.
ADVERTISEMENT

See More

ADVERTISEMENT
Collapse bottom bar
+

Login to your Account

X
E-mail address:
Password:
Remember me
Forgot your password?
No problem. Click here to have it e-mailed to you.

Not Registered Yet?

Register now for FREE. Registration only takes a few minutes to complete. Register now »