Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Drone Fleet Hit By Computer Virus

Soulskill posted more than 2 years ago | from the what-could-possibly-go-wrong dept.

Security 370

New submitter Golgafrinchan passes along this quote from an article at Wired: "A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military's most important weapons system.'"

cancel ×

370 comments

Sorry! There are no comments related to the filter you selected.

duh (4, Insightful)

Aighearach (97333) | more than 2 years ago | (#37642466)

Don't run windoze on bombs!

Or aircraft carriers!

Will we never learn??

Re:duh (4, Funny)

Pentium100 (1240090) | more than 2 years ago | (#37642502)

Why? Windows crash and burn all the time, isn't that what a bomb is supposed to do?

Also, I doubt that this virus is just a random one, it most likely was created with the target in mind, so if Linux was used then the virus would have been created for Linux.

Re:duh (0)

Anonymous Coward | more than 2 years ago | (#37642552)

In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm.

That sounds like a common, non-targetted Windows virus to me.

Re:duh (1)

Pentium100 (1240090) | more than 2 years ago | (#37642646)

Like stuxnet was ? :)

Of course there is always the possibility that the virus was a common one, then it means that whoever is responsible for security is even more incompetent than i originally thought.

Re:duh (1)

Anonymous Coward | more than 2 years ago | (#37642962)

The fact that removal instructions were posted on Kaspersky's website shows that the virus was a common one.

Re:duh (2)

Mes (124637) | more than 2 years ago | (#37642520)

1. Bid for large military project
2. Use Windows as the primary platform.
3. Everyone Profits!

Re:duh (1)

North Korea (2457866) | more than 2 years ago | (#37642604)

OS doesn't matter if someone wants to target it. In fact it can even be good thing - it's a lot easier to rootkit and hide in Linux based systems than Windows, and most people don't know how to get rid of them too. Hell, in Linux a simple rootkit can work just by editing the system commands like ls.

Re:duh (2, Informative)

Aighearach (97333) | more than 2 years ago | (#37642630)

Hell, in Linux a simple rootkit can work just by editing the system commands like ls.

That is as simple to detect as installing TripWire.

Re:duh (1)

tgd (2822) | more than 2 years ago | (#37642838)

And its equally easy to detect in Windows. In real-time, not in a scheduled scan.

So what is your point?

Re:duh (3, Interesting)

Culture20 (968837) | more than 2 years ago | (#37642840)

Hell, in Linux a simple rootkit can work just by editing the system commands like ls.

That is as simple to detect as installing TripWire.

And keeping your checksum values on non-writable disks (like CDs), and using another computer to regularly scan your computer offline, and maybe throw some known changes in occasionally. Because if tripwire is replaced with a program that just says "yup, checksum's good. no need to worry", then it's no better than a sleeping security guard.

Re:duh (1)

silas_moeckel (234313) | more than 2 years ago | (#37642976)

Lol my backup system takes care of that. I want to see a virus that can infect the system and a san at the same time though a VM barrier. A real hacker sure but some script kiddie not so much.

Re:duh (2)

element-o.p. (939033) | more than 2 years ago | (#37642988)

And keeping your checksum values on non-writable disks (like CDs)...

Not just the checksum, but statically compiled commands used to run the Tripwire-like program. If the detection program uses, for example, the 'find' command to find all of the files on the system* then a competent attacker could always corrupt the 'find' program to ignore '/usr/local/bin/.myHiddenRootkitDirectory/*' and you'll be none the wiser.

*You don't want to limit your search to files that have already been checksummed, because one of the things that you can find is that new, compromised files have been added to your system. Consider this classic attack: your path is edited to contain './' (the current directory), and a compromised 'ls', 'find', 'cd' or other common tool is written to your home directory. Guess which file you run when you log in -- the compromised file or the one supplied with your system? If you find all of the files on the system, then verify that 1) you have a checksum for the file, and 2) verify that the checksum is correct, you minimize the danger of this kind of attack.

Re:duh (2)

mortonda (5175) | more than 2 years ago | (#37642864)

Hell, in Linux a simple rootkit can work just by editing the system commands like ls.

That is as simple to detect as installing TripWire.

If it is a kernel rootkit, tripwire won't find it unless your boot to a readonly medium to run the scan...

Re:duh (3, Insightful)

BitZtream (692029) | more than 2 years ago | (#37643032)

No, its really not. A rootkit would make TripWire thing the binaries had not been modified. Thats what rootkits do, they hide every trace of themselves so that they are undetectable. Or at least thats the theory, theres always a way to detect them but it usually (for good ones) requires scanning the data in a known clean machine.

IDS systems don't work with the kernel tells the IDS that the file is the original and even delivers the original bytes to the IDS in order to fool it. The kernel returns the original data for any read of the file, any memory mapping attempt, anything you try to do to get it at the data other than what the rootkit wants you to do.

Root kits make the kernel lie to an IDS, making it useless. You can't scan an infected machine by asking it for data (local app or network share, doesn't matter). You have to ask another known clean machine to do the scanning on the data directly without any other untrusted code in the process.

Finally, the rootkit can also just make tripwire pretend to return ALL GOOD MASTER!.

Please don't ever claim you know about security.

Re:duh (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#37642748)

While your general point is valid: against targeted attackers the ratios for "desktops cracked, by platform" are pretty irrelevant"; there is more to it:

A game console, many smartphones, tivos, etc. do checks of the OSes they run. If the signature doesn't check, the device doesn't boot. Better implemenations(newer xbox360s, for instance, pretty much have to be voltage glitched to get past that.

If you are going to be strapping some hellfire missiles to something, you really, really shouldn't be running an OS/architecture so stock that desktop or corporate penetration and bug numbers are terribly relevant...

Re:duh (0)

Anonymous Coward | more than 2 years ago | (#37642766)

Someone go caption a lolcat: "I maded you a guidance system in visual basic. Hope it doesn't get infecshuns!"

Re:duh (0)

Anonymous Coward | more than 2 years ago | (#37642636)

I'm in ur rocket..buzzin ur house LULZ!

Re:duh (0)

Anonymous Coward | more than 2 years ago | (#37642790)

Wait until Anonymous roots one of these things and starts blowing up Scientology buildings, spying on nude beaches, and finally buzzeing the Pentagon for epic lulz when the fuel runs low...RIP, Predobair, you served us well before getting b& from meatspace.

Re:duh (0)

Anonymous Coward | more than 2 years ago | (#37642706)

I like how people think that Windows is the only fallible OS. Linux fanboyism will never die.

Re:duh (0)

Anonymous Coward | more than 2 years ago | (#37642876)

Gawd - why do you do this? Who said it's a WIndows system anyway. I'm one of those idiots that think Windows is a great system. I've been running Windows 7 since it came out. I have Windows Security Essentials installed and as a developer I visit a lot of places where a virus might lurk but I've NEVER been infected. I don't trust ANYTHING that's the product of many little unpaid hands!!! Like Linux et all...

Re:duh (1)

vawwyakr (1992390) | more than 2 years ago | (#37642928)

Are we sure they are even using windows? I mean in all likelihood they are but I couldn't find anything in the article (including the picture) to confirm.

Iran Payback ? (0)

Anonymous Coward | more than 2 years ago | (#37642476)

i think so ...

Re:Iran Payback ? (1)

Jeng (926980) | more than 2 years ago | (#37642656)

Doubt it, Israel is more likely. Even if they are one of our allies, I don't believe they are an ally we should trust completely, much like how we view China.

Besides, I doubt that Iran can get good quality help with something like this, especially since they would most likely have to know a good amount of how the internal security is set up. Russia isn't stupid enough to help them with something like this, neither is China.

How do they know it's a virus? (1)

mcmonkey (96054) | more than 2 years ago | (#37642482)

This could just be the drones following their human pilots for when the drones start flying themselves. #skynet

Other way around (4, Insightful)

Toe, The (545098) | more than 2 years ago | (#37642692)

No, I sincerely doubt this is some mysterious computer intelligence taking over our military.

BUT... this is clearly the path to skynet. What we are seeing is what pretty much all of us already understood: when you have increasingly autonomous killbots, disaster becomes a question of "when" not "if."

Re:Other way around (3, Funny)

Nadaka (224565) | more than 2 years ago | (#37642806)

There is no more autonomous a kill bot than a human being.

The terrorists have won (1)

Anonymous Coward | more than 2 years ago | (#37642504)

Al-Azawi (or whatever his name is), probably put the virus there to fake his death via drones.

He is probably sitting sipping tea with the Pakistani PM having a good laugh as we read this.

LOL (-1)

Anonymous Coward | more than 2 years ago | (#37642514)

Haha faggots.

No anti-virus? (3, Interesting)

Jeng (926980) | more than 2 years ago | (#37642516)

Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?

Yes, they would have to do updates manually, and it's a low risk situation, but it is a prime target for foreign adversaries and allies alike.

Re:No anti-virus? (2)

MozeeToby (1163751) | more than 2 years ago | (#37642588)

Who said there isn't anti-virus software on these computers? If keeping a Windows machine sterile was as easy as installing and keeping update AV software the world would be a slightly better, or at least less stressful, place.

Re:No anti-virus? (3, Insightful)

Nom du Keyboard (633989) | more than 2 years ago | (#37642626)

Ok, so I understand that these computers are to never be connected to the internet, but why does that mean that they don't put security software on them?

If these computers are never connected to the Internet, then how are they sending out the results of their logging?

Re:No anti-virus? (5, Insightful)

MozeeToby (1163751) | more than 2 years ago | (#37642736)

Unless someone really screwed the pooch, the results are never getting back to the virus writers. These computers are classified, that means no connection to the net, no writable media drives, many places even epoxy the USB ports so at least it's obvious if someone tries to use it. Specific steps are taken when moving data off them to prevent any data except what was requested is removed. At least, that is how it is in the private world working on classified material. Cases like Manning being able to get a dump of the entire international cable DB would indicate that the government holds itself to a much lower standard than it holds contractors.

Re:No anti-virus? (1)

Jeng (926980) | more than 2 years ago | (#37642944)

I'd reply with a copy and paste from the TFA, but that would be around half the article, just read the TFA and it is explained there.

Re:No anti-virus? (2)

Anonymous Cowar (1608865) | more than 2 years ago | (#37642668)

Re:No anti-virus? (1)

Anonymous Coward | more than 2 years ago | (#37642772)

HBSS is just mcafee antivirus and other limiting software.

Re:No anti-virus? (1)

Zerth (26112) | more than 2 years ago | (#37642984)

Why aren't they running off of livecds? Then every time they reboot, yay fresh system.

Unless the system that is making the CDs is infected, but then you've just got one system to clean.

On Chip (2)

amiga3D (567632) | more than 2 years ago | (#37642526)

The operating system should be embedded on a read only chip in these things. It's ridiculous to leave something like this vulnerable to a virus. It's aggravating to have to change the chip every time you want to upgrade but it's the best way of being sure it's secure. The system should be read only.

Re:On Chip (2)

Jeng (926980) | more than 2 years ago | (#37642562)

The virus may be being spread by detachable hard drives that contain map information, they need to be updated frequently.

Yes, it would be nice if the OS itself didn't get infected, but you still need to dis-infect the drives that you plug into it either way.

Re:On Chip (1)

MozeeToby (1163751) | more than 2 years ago | (#37642778)

detachable hard drives

This is, in and of itself, concerning to me. Where I work you will be reprimanded for plugging writable media into a classified computer (and that's assuming you can dig all the epoxy out of the port in the first place), the idea that it's standard practice doesn't bode well for their security quite frankly.

Re:On Chip (2)

GameboyRMH (1153867) | more than 2 years ago | (#37642856)

THIS

I don't know what's scarier, the fact that these things run Windows, the fact that the ports weren't sealed off or the fact that some doofus who doesn't know how to check for Autorun viruses and/or wasn't a computer professional didn't see a problem with plugging a flash drive in there.

Re:On Chip (1)

Anonymous Coward | more than 2 years ago | (#37642930)

So how do you get the latest imaging onto the system? Either you need to plug it into a network or some sort of portable media! Which one do you consider safer? Or do you believe that there should be no way to update the system to perform its mission?

dom

Re:On Chip (0)

Anonymous Coward | more than 2 years ago | (#37642596)

This is about the control cockpits in the US. We're talking complex, inter-networked devices. Any kind of permanent "read only", when applied to all sub-systems, probably isn't feasible.

iBomb (1)

vaene (1981644) | more than 2 years ago | (#37642536)

Look for Apple's iBomb to be delivered in time for Christmas to address these concerns.

Re:iBomb (1)

wierd_w (1375923) | more than 2 years ago | (#37642574)

That would be against the apple developer's agreement. :)

I mean jeeze, you aren't even allowed to make porn on idevices, and wmds are straight out.

Re:iBomb (1)

localman57 (1340533) | more than 2 years ago | (#37642622)

Look for Apple's iBomb to be delivered in time for Christmas to address these concerns.

I expect the 4GS to arrive well before Christmas. Oh...wait.. you literally meant a bomb.

In that case "Remind me to drop a bomb next time I'm in Tora Bora".

Re:iBomb (2)

Moheeheeko (1682914) | more than 2 years ago | (#37642888)

Soon our enemies will fear sleek white plastic with rounded corners falling from the sky.

Re:iBomb (1)

ColdWetDog (752185) | more than 2 years ago | (#37642940)

Soon our enemies will fear sleek white plastic with rounded corners falling from the sky.

What is the terminal velocity of an unladen iPhone?

Talk about clueless IT (4, Insightful)

Anonymous Coward | more than 2 years ago | (#37642546)

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."

Re:Talk about clueless IT (1)

localman57 (1340533) | more than 2 years ago | (#37642686)

If someone this incompetent was running a corporate network they'd have their ass on the street faster than they could say "network traffic analysis."

You don't know that. They're not Bank Of America. They may not be able to decide to take everything offline at once, or sufficiently partition the system to prevent reinfection. If the damage done by the virus is less important than keeping the systems online and keeping the drones flying, you keep them online, while you figure it out, even if it means you have to backtrack. Remember that Stuxnet was infecting computers from the PLC boxes outward. Not a typical infection vector.

Welcome to Windoze (-1)

Anonymous Coward | more than 2 years ago | (#37642570)

I recall a big initiative to downgrade all the military stuff to Windoze a few years back.... Virus infections are the norm for Windoze. Security? Not so much.

What, no skynet reference yet? (0)

Marrow (195242) | more than 2 years ago | (#37642586)

How else would an emergent intelligence learn to take over our weapons so it could use them against us. It has to watch!

Wait, "has resisted"? (-1)

Anonymous Coward | more than 2 years ago | (#37642608)

So you're telling me the mighty, mighty US military is so stupid it can't wipe a computer clean and reinstall it if need be? No wonder the U.S. of A. have degraded into the new third world...

Re:Wait, "has resisted"? (0)

Anonymous Coward | more than 2 years ago | (#37642862)

Well to be fair, they called the helpdesk but some dude there told them "I am thinking you are needing to be reinstalling your windows. What version of Windows are you running?" At which point they hung up.

Re:Wait, "has resisted"? (1)

Culture20 (968837) | more than 2 years ago | (#37642968)

My bet is the virus is on the clone image for their machines. Too many clone image makers don't do the paranoid clean-room thing.

Just to clarify (5, Informative)

Baloroth (2370816) | more than 2 years ago | (#37642610)

When they say the drones were infected, what they mean is that the computers controlling the drones (located in the US and which are, apparently, running Windows...) were infected with a keylogger, probably spread through flash drives. Whether this actually compromises security at all is unknown (keyloggers generally assume you are connected to the Internet, which these computers aren't.) They don't have much security on the drone computers because they aren't hooked up to the Internet, and they would (apparently) rather educate their users than bother with antivirus, for whatever reason (although they do have a security system on the network which detected the virus. I would imagine it also should have stopped the virus).

Re:Just to clarify (1)

Locutus (9039) | more than 2 years ago | (#37642760)

I would think that such a system would be considered a "critical system" and therefore not allow any type of direct external data input unless through a secure and protected means. Oh wait, we're talking about US DoD contracts and back room deals so design is secondary and they think using Windows is using advanced technology.

As the drones start dropping from the sky almost killing the ground soldiers, one soldier says pointing to the little girl, "Great! That's just great! Put her in charge then."

LoB

This is potentially disastrous (1)

ericloewe (2129490) | more than 2 years ago | (#37642612)

A virus on those computers is one step away from assuming control, assuming someone writes such a virus. Think stuxnet but with drones instead of centrifuges. Drones loaded with air-to-ground missiles, that is...

Re:This is potentially disastrous (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37642756)

Should be good for the Lulz.

Re:This is potentially disastrous (1)

Locutus (9039) | more than 2 years ago | (#37642804)

Except that because they are Windows based computers, the probability is very high that these are infected with your standard Windows virus instead of a custom one designed specifically to get into these computers. Therefore, it's unlikely there's any threat.

Probably some pilot got bored during down time and wanted to show his buds his pics of his girlfriend.

LoB

Should have used a Mac... (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37642616)

Virus? Should have used a Mac... although of course then it would have cost the military twice as much and they'd be forced to buy their ammunition from Apple.

Re:Should have used a Mac... (1)

maxwell demon (590494) | more than 2 years ago | (#37642814)

Virus? Should have used a Mac... although of course then it would have cost the military twice as much and they'd be forced to buy their ammunition from Apple.

But the weapons would be more effective because when they arrive, the enemy would be so stunned at the design that they would forget fighting them.

Re:Should have used a Mac... (1)

ColdWetDog (752185) | more than 2 years ago | (#37642978)

You're forgetting that Apple computers are the only available defense against aliens. You don't want to use these weapons for mere earthlings.

They should be Closed Systems (1)

gurps_npc (621217) | more than 2 years ago | (#37642620)

That is, no one should be allowed to load any program that is not vetted by the manufacturer.

So I am betting that the manufacturer got hit, and had the virus infect them at the factory, possibly installing itself as an 'update'.

It should not be that hard to remove - wipe and revert to an earlier version.

Unless of course they lost the earlier versiosn.

Re:They should be Closed Systems (1)

localman57 (1340533) | more than 2 years ago | (#37642724)

Or if the drones can't talk to the earlier version. It's common with embedded systems to upgrade the remote firmware and PC software at the same time as your protocols change.

You don't understand! (1)

Weaselmancer (533834) | more than 2 years ago | (#37642624)

Skynet IS the virus!

Re:You don't understand! (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37642708)

SkyBSB is the virus.

Re:You don't understand! (1)

Nanosphere (1867972) | more than 2 years ago | (#37642786)

Thats right it was all Skynets fault, pay no attention to the Basestars orbiting overhead. - By your command, Number Six

Re:You don't understand! (1)

Megane (129182) | more than 2 years ago | (#37643002)

By your command, Number Six

I am not a number, I am a free Cylon!

Wow (2)

ShooterNeo (555040) | more than 2 years ago | (#37642628)

Ok, so you get some interns in a room and ask them to draw on the whiteboard the things to consider when designing a remote controlled killer robot.

What do you suppose the FIRST thing any intern is going to write up there in terms of things you need to worry about?

Make SURE the enemy can't hack your robots and turn them against you!

Well, when you start writing up how to accomplish that, you would want
            1. A completely secure system for authenticating commands sent from the control system. The only form of encryption that is completely secure is one time pad.
            2. NO POSSIBLE WAY for someone to load viruses or gain access to the control system!!! That means NO network access to anything but the systems that send and receive signals from the drone! And one heck of a hardware filter on those information packets!

Re:Wow (1)

foma84 (2079302) | more than 2 years ago | (#37642732)

TFA is rather clear about these two points:
1. The intercepted communications were videos FROM the drone TO the cq.
2. The system is off the net, they need to plug external hard drives to tranfer said videos and other data.

Re:Wow (0)

Anonymous Coward | more than 2 years ago | (#37642780)

And then you put the whole system out for tender and pick the lowest bidder whom ignores all those minor details in order to save enough money to have the lowest price and get the work. Welcome to the world of competitive tender bidding.

Ok, so you get some interns in a room and ask them to draw on the whiteboard the things to consider when designing a remote controlled killer robot.

What do you suppose the FIRST thing any intern is going to write up there in terms of things you need to worry about?

Make SURE the enemy can't hack your robots and turn them against you!

Well, when you start writing up how to accomplish that, you would want

            1. A completely secure system for authenticating commands sent from the control system. The only form of encryption that is completely secure is one time pad.

            2. NO POSSIBLE WAY for someone to load viruses or gain access to the control system!!! That means NO network access to anything but the systems that send and receive signals from the drone! And one heck of a hardware filter on those information packets!

YUO FAIL IT!! (-1)

Anonymous Coward | more than 2 years ago | (#37642632)

locating #GNAA, Deepe8 into the l1zard - In other

We're finally getting requests for Linux... (0)

Anonymous Coward | more than 2 years ago | (#37642638)

from our DOD clients because of this happy horse***t. We had one site where someone was
tired of waiting for files to transfer, pulled the screwed-on cover over the usb ports, and infected
the entire room of um- pcs with a virus. We just installed our first Linux server for the product
line this week. Luckily most of it is implemented in java, so except for wrapping it up in an
rpm and getting the init.d scripts squared away there's not much to do.

Re:We're finally getting requests for Linux... (0)

Anonymous Coward | more than 2 years ago | (#37642716)

You mean the same Linux whose own developers were rooted for at minimum numerous months before ever noticing? That one?

FPS (0)

Anonymous Coward | more than 2 years ago | (#37642650)

I bet the operators are hosting a Deathmatch league.

You'd think they'd have enough with the day job!

Best comment in TFA (5, Funny)

arielCo (995647) | more than 2 years ago | (#37642660)

The big problem is that the drones keep ordering refueling boom enlargement kits, and four of them tried to fly to Nigeria to collect on a half-million gallons of jet fuel that was left there by a former Minister of Aviation.

Military Intelligence (2, Insightful)

tmosley (996283) | more than 2 years ago | (#37642662)

These drones are so vulnerable, their use in combat is totally laughable. Iraqi insurgents could intercept their communications with $26 software! Two years ago! Their shit is apparently totally unencrypted, and as such, has now been exploited to the point where they are now able to infiltrate the control software.

http://online.wsj.com/article/SB126102247889095011.html?mod=WSJ_hp_us_mostpop_read [wsj.com]

Next thing you know, these guys will turn the whole damn fleet of drones against us. Just what I wanted my tax dollars going toward, free fucking aerial suicide bombers for al Qaeda, drug cartels, and script kiddies.

Re:Military Intelligence (4, Informative)

Jeng (926980) | more than 2 years ago | (#37643010)

They are not hacking the control software, all they are doing is receiving an unencrypted video feed.

You do not get anywhere close to being able to hack a drone just because you receive something similar to a TV station. You wouldn't be able to hack a TV station though a TV signal and you can't hack a drone though it's video feed.

TFA is a very nice compendium... (2)

foma84 (2079302) | more than 2 years ago | (#37642672)

...of military security holes'n'breaches.
It definetly deserves a read, or at least a glimpse. It's not just stuxnet and finely crafted computer warfare, it may be plain old viruses and tojans we deal with every day.

Spread by removable drives? How hard is this? (4, Insightful)

bradley13 (1118935) | more than 2 years ago | (#37642698)

This isn't exactly a new attack vector. Banks don't let people plug removable drives into sensitive systems - why does the US government?

You know what happened - either Joe private plugged his private pr0n collection into a classified computer, or else he took a classified drive home to use privately. Either was, really bad news.

If you've just got to have removable storage, then you pay for special connectors, so they are incompatible with anything else. Then you cast the guts in epoxy, so no solder jockey can change out the connector. This is not rocket science.

Re:Spread by removable drives? How hard is this? (0)

Anonymous Coward | more than 2 years ago | (#37642844)

I was an IT worker in the reserves and our systems blocked USB drives, not only the autorun, but altogether. You couldn't use them, made it a bitch to back stuff up, but hey prevents stuff like this. Maybe the Airforce didn't follow suit.

Re:Spread by removable drives? How hard is this? (4, Informative)

mclearn (86140) | more than 2 years ago | (#37642908)

Actually, TFA believes that the vector was a removable drive by which they periodically update their map collections.

Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

Re:Spread by removable drives? How hard is this? (1)

roc97007 (608802) | more than 2 years ago | (#37642914)

Areed. We did the things you describe back in the eighties. (Although back then "removable" meant the drive was on a sturdy cart with wheels.)

This is why the good lord made Eproms. (2)

gestalt_n_pepper (991155) | more than 2 years ago | (#37642720)

At least, that's the word on the street.

Time to admit that security matters? (1)

MaXintosh (159753) | more than 2 years ago | (#37642750)

It seems like there's this cultural attitude out there that cybersecurity (hate that term) is a bit of an overblown joke, and that the worst malicious agents could do is steal our nation's porn collection or some such. Really, between stuxnet and now this, I really hope that people take home the message that targeted computer security threats can do a lot of damage in the national-security sense.

I really would be surprised if it turns out that this looks like it was developed by insert-country-that-doesn't-like-the-US-here. Iran, dicking with the US for giving them stuxnet springs to mind.

Of course, it could have also been some service member who was adding material to the national pornstash who's responsible.

Drones run Windows? (0)

Anonymous Coward | more than 2 years ago | (#37642774)

So the drones run Windows? We're SOOOO doomed.

Doooomed!

This has happened before.. (1)

ilsaloving (1534307) | more than 2 years ago | (#37642800)

It's easy enough to fix. All you have to do is shut down the drones, flush the systems, and then restore from the protected archives in the core!

Re:This has happened before.. (1)

BenSchuarmer (922752) | more than 2 years ago | (#37643042)

"protected archives?"

Would have never expected it... (1)

Nethemas the Great (909900) | more than 2 years ago | (#37642802)

Nope never ever would I have expected the deployment of remote controlled anything to become suseptible to tamper. I also would have never ever expect the MIC to come up with anything other than hardened systems especially when human lives are on the line. This must have been a fluke...

Tax dollars at work (0)

Anonymous Coward | more than 2 years ago | (#37642808)

"In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives."

Sometimes we have an amazingly high-tech military. Sometimes we have 18-year-olds following virus removal steps from an AV vendor's website.

Compare the effort put into Stuxnet to target Iranian nuclear facilities to the effort needed to infect the drone fleet.

what a joke (0)

Anonymous Coward | more than 2 years ago | (#37642866)

These systems should be designed read only, when operating. Every process identified and whitelisted. I mean really do you want a virus to be able to fire off a TOW missle?

It must really suck (-1)

Anonymous Coward | more than 2 years ago | (#37642886)

When you pay over $100 million for a drone, and it gets pwned by a virus. America, failing hard once again.

Honeypot anyone? (1)

Lashat (1041424) | more than 2 years ago | (#37642904)

hmm..

Software Reuse (1)

ElmoGonzo (627753) | more than 2 years ago | (#37642950)

They're probably using a version of MS Flight Simulator as the base for their control application.

Re:Software Reuse (1)

Dunbal (464142) | more than 2 years ago | (#37643040)

Probably using the free version of FSUIPC too, the cheap bastards.

So here I go getting modded "troll"... (1, Insightful)

roc97007 (608802) | more than 2 years ago | (#37642990)

Let's get past the pro/anti Windows bias just for a moment. Clear your mind, see operating systems just as operating systems and not religion.

Now, if most (certainly not all, but most) computer virii were written for a particular OS, why would you use that OS in a secure surveillance or weapons application? Why would you not specify an OS that did the job, but had far fewer (or no) viruses already out in the wild? Wouldn't that go further towards avoiding infection than procedures regarding removable drives and other media that will inevitably be circumvented?

Moreover, if said OS happened not to have support for modern codecs, wouldn't that make it less likely that operators would try to view porn, ur, contraband, um, unauthorized materials on same?

I lol'd (0)

Anonymous Coward | more than 2 years ago | (#37643028)

Anyone else read only " Infected cockpit of american predators"

Obligatory... (0)

JaneTheIgnorantSlut (1265300) | more than 2 years ago | (#37643044)

All your drone are belong to us.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?