Keystroke logging malware has infected the U.S. Air Force’s Predator and Reaper drones according to a report in Wired’s ‘Danger Room’ blog.
The malicious software—which was discovered two weeks ago by the U.S. Department of Defense’s Host-Based Security System–has been logging pilots’ keystrokes as their UAV’s fly missions over Iraq and Afghanistan, the report claims.
Worryingly, the malicious software has successfully resisted several attempts at deletion, according to unnamed sources in the Wired report, one of whom commented: “We keep wiping it off, and it keeps coming back. We think it’s benign. But we just don’t know.”
While military operations have continued and there is no evidence of classified military information being intercepted, authorities at Creech Air Force Base in Nevada –from which UAV operations in Afghanistan, Iraq, and other hotspots are mounted– will be worried about the potential implications of a security breach of this magnitude.
To add to their woes, network specialists working to fix the problem don’t know how far the keylogging software has spread on their systems, nor whether it was placed there on purpose or ended up there by accident.
One theory, Wired reports, is that the malware is inadvertently being spread by staff at Creech Air Force base, through the use of removable drives to load map updates and transport mission videos from one computer to another. Drone units at other Air Force bases worldwide have now been ordered to stop using removable drives.
Commenting on the keylogging story in eWEEK, Jon-Louis Heimerl, director of strategic security for Solutionary, said: “We would hope that they can obtain the security expertise required to isolate and remove the infection, from either inside the Air Force, or from somewhere else. But they don’t want people to think they cannot handle it and going ‘outside’ is an admission of guilt.”
Built by California-based General Atomics Aeronautical Systems, the 115 h.p. Predator drones are capable of flying up to 25,000 feet with an endurance of 40 hours. The drone can incorporate payloads including Infrared video cameras, laser designators, Hellfire missiles, and all-weather radar systems.
Following the latest security systems breach, the U.S. Air Force might start taking an extra interest in the U.S. Army’s ‘Unmanned Aircraft Systems’ (UAS) program. The 2011 ‘Manned Unmanned Systems Integration Capability’ (MUSIC) exercise recently completed at Dugway Proving Ground in Utah successfully demoed the capabilities of its ‘Triclops’ drone and support systems, which use encrypted data links to share and swap the surveillance video shot by its drone.
Triclops –an MQ-1C Grey Eagle UAV is built by General Atomics and is considered an upgrade on the Predator drone with its maximum speed of 155 mph, a ceiling of about 29,000 feet, and an endurance of 36 hours. Triclops has already flown successful missions in Afghanistan and Iraq.
This isn’t the first major security breach involving the U.S. Military’s drone systems. In 2009, the WSJ reported that Iraqi militants successfully intercepted live video feeds from U.S. Military-operated Predator drones using software widely available on the Internet.
The problem was uncovered when U.S. Military personnel examined the laptop of a Shiite insurgent and discovered the files containing intercepted drone video feeds. Although U.S. Officials denied that militants were able to gain control of the drones, the ability to intercept video signals could seriously compromise battlefield operations, by informing insurgents which areas are under U.S. observation.
The $26 SkyGrabber software implicated in the WSJ story –which is still available online– is an offline satellite internet downloader. According to the company website, the software collects free-to-air satellite data by digital satellite TV tuner card and saves that information onto a hard disk.Read More