Report: Virus Infects U.S. Military Drones

Wired’s ThreatLevel Blog reported on Friday that a computer virus is plaguing the systems used to remotely control the U.S. military’s fleet of unmanned drone aircraft. 

Wired’s ThreatLevel Blog reported on Friday that a computer virus is plaguing the systems used to remotely control the U.S. military’s fleet of unmanned drone aircraft. 

According to the report, which is unconfirmed, personnel at Creech Air Force Base in Nevada have been battling the persistent and recurring infection for weeks, removing the virus only to find it mysteriously returns.

The malware is reported to be a keylogger Trojan, though it is unclear whether it is evidence of a targeted attack, or a less serious infection from commodity malware. However, the malware is believed to have infected both classified and unclassified military systems at Creech. In some cases, systems had to have their hard drives erased and applications and data restored to remove the infection. 

Read more at ThreatLevel here

Suggested articles

Discussion

  • Anonymous on

    They run McAfee. What do you expect?

  • Anonymous on

    If they used kidokiller and it reinvests right away, they need to apply the ms patches listed in the article and change the domain admin passwords. Alternatively, Kasperskys built in HIPS will block reinfection even without the ms patches. Guess gov security techs are clueless.
  • Anonymous on

    Deep Packet Inspection (DPI) has been the way we, the military, have protected important computer systems sine the late 1990's. However, the current administration has curtailed many government run DPI efforts in order to promote "Net Neutrality" . I am certain that this dialing back of or the complete termination of DPI surrounding the software construction of the applications used on the predator aircraft is responsible for letting a virus slip through.

    DPI will protect our nation from hacking and maleware. Net Neutrality leaves our national cyber space  open to our enemies!

  • Anonymous on

    Kaspersky is the nizzy! Except one time when we had VNC on all of our machines and we went into "lockdown" mode because of x amount of machine hits, and I forgot to put VNC in the lockdown exclusion list! LOLOL

    Kaspersky should have read my mind :)

     

  • Anonymous on

    ...and when the payload is encrypted DPI helps out how?  It doesn't.  Systems need to be hardened, networks designed from the begining with security layers and not bolted on afterwards with a flood of "panacea" devices which will end all your security woes.  Additionally, HIDs are only one layer of a security framework, especially since it's not too difficult to circumvent them.  Bet the users all "need" local admin rights as well!

  • Anonymous on

    Sounds like a breakdown of the controls one would expect to surround such a system. Remediation and detection aside, how was it exposed in the first place?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.