HomeData Breaches
October 8, 2011, 4:57AM

Report: Virus Infects U.S. Military Drones

Wired's ThreatLevel Blog reported on Friday that a computer virus is plaguing the systems used to remotely control the U.S. military's fleet of unmanned drone aircraft. 

According to the report, which is unconfirmed, personnel at Creech Air Force Base in Nevada have been battling the persistent and recurring infection for weeks, removing the virus only to find it mysteriously returns.

The malware is reported to be a keylogger Trojan, though it is unclear whether it is evidence of a targeted attack, or a less serious infection from commodity malware. However, the malware is believed to have infected both classified and unclassified military systems at Creech. In some cases, systems had to have their hard drives erased and applications and data restored to remove the infection. 

Read more at ThreatLevel here

Recommended Reads


Commenting on this Article is closed.

Comments

Submitted by Anonymous (not verified) on Sun, 10/09/2011 - 12:39am.

They run McAfee. What do you expect?

Submitted by Anonymous (not verified) on Sun, 10/09/2011 - 10:40am.
If they used kidokiller and it reinvests right away, they need to apply the ms patches listed in the article and change the domain admin passwords. Alternatively, Kasperskys built in HIPS will block reinfection even without the ms patches. Guess gov security techs are clueless.
Submitted by Anonymous (not verified) on Sun, 10/09/2011 - 2:40pm.

Deep Packet Inspection (DPI) has been the way we, the military, have protected important computer systems sine the late 1990's. However, the current administration has curtailed many government run DPI efforts in order to promote "Net Neutrality" . I am certain that this dialing back of or the complete termination of DPI surrounding the software construction of the applications used on the predator aircraft is responsible for letting a virus slip through.

DPI will protect our nation from hacking and maleware. Net Neutrality leaves our national cyber space  open to our enemies!

Submitted by Anonymous (not verified) on Sun, 10/09/2011 - 8:32pm.

Kaspersky is the nizzy! Except one time when we had VNC on all of our machines and we went into "lockdown" mode because of x amount of machine hits, and I forgot to put VNC in the lockdown exclusion list! LOLOL

Kaspersky should have read my mind :)

 

Submitted by asmiller-ke6seh (not verified) on Mon, 10/10/2011 - 10:53am.

Horse hockey

What is your Mil Spec, anonymous?

 

I suspect that you are just a disgruntled anti-net netrality advocate as one thing has absolutely nothing to do with the other.

Submitted by Anonymous (not verified) on Mon, 10/10/2011 - 11:57am.

+1

And what is "maleware"?  I think I'd rather have malware.

Submitted by Anonymous (not verified) on Tue, 10/11/2011 - 7:58am.

...and when the payload is encrypted DPI helps out how?  It doesn't.  Systems need to be hardened, networks designed from the begining with security layers and not bolted on afterwards with a flood of "panacea" devices which will end all your security woes.  Additionally, HIDs are only one layer of a security framework, especially since it's not too difficult to circumvent them.  Bet the users all "need" local admin rights as well!

Submitted by Anonymous (not verified) on Tue, 10/11/2011 - 2:49pm.

Sounds like a breakdown of the controls one would expect to surround such a system. Remediation and detection aside, how was it exposed in the first place?

 

Copyright © 2012 threatpost.com | Terms of Service | Privacy