informa
/
Risk
News

Air Force Says Drone Virus Is No Threat

An attack on the network that controls U.S. military unmanned aerial vehicles was only a "nuisance," military arm claims.
A virus that attacked the system that controls U.S. military drones was never an operational threat, but merely a "nuisance," the Air Force said late Wednesday.

The statement was the first official one from the U.S. military after Wired first reported of the virus last Friday.

The Air Force said it released the statement "to correct recent reporting" of the malware, which was being characterized as a real security threat to the flight of drone aircraft and difficult to contain. It was also reported that the virus may have removed data from Air Force classified and unclassified networks.

The Air Force said, however, that these depictions of the virus are false. The military was aware of the infection for some time and "control of our remotely piloted aircraft was never in question," said colonel Kathleen Cook, a spokesperson for Air Force Space Command, said in a statement.

[The feds are revamping their approach to fighting national security threats. Learn more: Homeland Security Revamps Cyber Arm.]

The Air Force confirmed that on Sept. 15 it first detected malware on portable hard drives that were approved for use at Creech Air Force Base for transferring information between systems. Creech is the homebase for the military's Predator drone, the missions of which originate there.

Although reports said the malware was a keylogger--which remotely and covertly tracks the keystrokes someone makes on a computer--the Air Force said it was not. Instead, it was a credential stealer found routinely on computer networks, and was detected running on a Windows-based standalone mission-support network.

Moreover, the system that was infected was separate from the flight control system that Air Force pilots use to fly drones remotely, according to the Air Force. Reports said the virus was affecting the flight system, but the military said that the ability to fly aircraft "remained secure throughout the incident."

The virus also was not the type to transmit data or video, nor was it "designed to corrupt data, files, or programs on the infected computer," according to the Air Force.

The Air Force quickly isolated the virus with standard security tools and began a forensic process to find its origin and clean any system that was infected, it said.

Still, the virus raises questions about the security of the U.S. military's drones, which have become a widely used weapon of choice in its engagements in Afghanistan, Iraq, and Pakistan, both for intelligence and military missions. In the past, Iraqi militants were able to intercept live video feeds from drone aircraft.

The Air Force will stay on top of the incident and "continue to strengthen our cyber defenses" with updates to its antivirus software and other methods, Cook said.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5