The U.S. line of Predator and Reaper unmanned aerial vehicles (UAVs) was hit by a computer virus that is logging the keystrokes of pilots as they steer the UAVs remotely through Afghanistan and other warzones, found Wired’s Danger Room blog.

According to security researcher Miles Fidelman, however, the virus may be an internal Department of Defense (DoD) security monitoring package. He noted there are “a couple of vendors” who sell such technology to the DoD, which are “essentially rootkits that do, among other things, key logging.” The comments were sent to the Dailydave security mailing list, which was posted through SecLists.org.

“I kind of wonder if the virus that folks are fighting is something that some other part of DoD deployed intentionally,” Fidelman adds.

The virus hit the “cockpits” of the pilots—computer stations at Nevada’s Creech Air Force Base. It was first detected by the military’s Host-Based Security System close to two weeks ago, according to Wired.

The military tried removing it several times, but it keeps coming back. Still, it doesn’t seem to have stopped them from continuing their missions, and no classified data has been taken. A source familiar with the network infection told Danger Room, “We keep wiping it off, and it keeps coming back. We think it’s benign. But we just don’t know.”

* Image courtesy of Spc. Roland Hale, eCAB, 1st Inf. Div. PAO. The image is of a MQ-1C Gray Eagle UAV.

About The Author

Joshua Philipp is the Chief Editor of TechZwn.com, and a technology editor and reporter at The Epoch Times. He values narrative and seeking out untold stories.

43 Responses

  1. Guest

    More properly, you should refer to the infected systems as UAS, not UAV. The UAV is the aircraft, which according to the story are not infected.

    Reply
  2. guest

    If you’re going to explain to the public what thye abbreviation UAV stands for, please learn to spell aerial first. Arial is a sans-serif typeface and set of computer fonts.

    Reply
  3. Anonymous

    Allies don’t let allies run Windows …

    Wasn’t security taken into consideration for this project? Seems like even if it was there was still a gap through which this event penetrated.

    Now they have what appears to be a security breach and it remains to be determined if what is being seen is actually the result of a bug or vulnerability or if it is the manifestation of an active, but possibly unintentionally triggered, feature.

    Oh, Inspector General’s Office! Could you take a second to look at this? Please?

    Reply
  4. Anonymous

    Deep Packet Inspection (DPI) has been the way we, the military, have protected important computer systems sine the late 1990’s. However, the current administration has curtailed many government run DPI efforts in order to promote “Net Neutrality” . I am certain that this dialing back of or the complete termination of DPI surrounding the software construction of the applications used on the predator aircraft is responsible for letting a virus slip through.

    DPI will protect our nation from hacking and maleware. Net Neutrality leaves our national cyber space open to our enemies!

    Reply
    • Kim Gordon

      What? How could Net Neutrality forbid the use of DPI? Any decent firewall will be using DPI at the premesis anyway. Please explain how DPI could ruin net neutrality. Even from a Net Neutrality advocacy standpoint I can’t see how it could be affected by DPI within the organization. I surely hope military command/control networks aren’t carrying general internet traffic instead of being closed networks.

      Are you saying the Internet 2 academic network is more secure than the US military just because the general public isn’t allowed on I2 but apparently the US military drone program allows any old BS to flow through their data pipes?

      Reply
      • Anonymous

        Most Firewalls do not use DPI at all. DPI takes very special equipment to keep it from slowing your traffic down and making applications unusable because of the added latency!

        From Wikipedia:
        “DPI combines the functionality of an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) with a traditional stateful firewall This combination makes it possible to detect certain attacks that neither the IDS/IPS nor the stateful firewall can catch on their own. Stateful firewalls, while able to see the beginning and end of a packet flow, cannot on their own catch events that would be out of bounds for a particular application. While IDSs are able to detect intrusions, they have very little capability in blocking such an attack. DPIs are used to prevent attacks from viruses and worms at wire speeds. More specifically, DPI can be effective against buffer overflow attacks, Denial of Service (DoS) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.

        DPI-enabled devices have the ability to look at Layer 2 and beyond Layer 3 of the OSI model, in cases DPI can be evoked to look through Layer 2-7 of the OSI model. This includes headers and data protocol structures as well as the actual payload of the message. DPI functionality is evoked when a device looks or takes other action based on information beyond Layer 3 of the OSI model. DPI can identify and classify traffic based on a signature database that includes information extracted from the data part of a packet, allowing finer control than classification based only on header information. End points can utilize encryption and obfuscation techniques to evade DPI actions in many cases.

        A classified packet can be redirected, marked/tagged (see quality of service), blocked, rate limited, and of course reported to a reporting agent in the network. In this way, HTTP errors of different classifications may be identified and forwarded for analysis. Many DPI devices can identify packet flows (rather than packet-by-packet analysis), allowing control actions based on accumulated flow information.”

      • shonangreg

        You do not appear to have addressed Kim’s question about how the .mil network is affected by DPI on the consumer level. And if any military contractor were using a VPN to connect to a military network, I assume the government would rather not have civilians DPI-ing the traffic — though DPI would only reveal a highly-encrypted data stream.

        I am just an amateur, but Pete Ellis, is sounds like you are just spreading anti-net neutrality bullshit.

      • Anonymous

        No anti-net neutrality BS. Keep in Mind that you have four different services and many government agencies using the the military communications infrastructure! Go to the Defense Information Systsems Agency (DISA) web sight and read their mission statement. It will explain why Net Neutrality is an issue even within the government.

      • shonangreg

        Nada, dude. 0 mentions of “net neutrality” on the DISA web “sight”. Are you going to provide a link? Or are you just going to admit you’re talking out your hat for attention? What you’re saying doesn’t make sense.

      • Anonymous

        Wow, I thought you would be sharp enough to make the connections yourself. Obviously not. I stand by what I said . Keep looking you will find the links between DPI and Net Neutrality.

      • Anonymous

        Wow, I thought you would be sharp enough to make the connections yourself. Obviously not. I stand by what I said . Keep looking you will find the links between DPI and Net Neutrality.

      • Kim Gordon

        Keep looking? You make a statement and then tell us to prove it’s true? Nice try pal.

        Also I stand corrected on the DPI on most firewall statement… But I did mean on the corporate/ISP/gov level. Not the home user. Though you have been able to buy software/hardware to do DPI at the SOHO consumer level for a while.

      • shonangreg

        Nada, dude. 0 mentions of “net neutrality” on the DISA web “sight”. Are you going to provide a link? Or are you just going to admit you’re talking out your hat for attention? What you’re saying doesn’t make sense.

      • Anonymous

        No anti-net neutrality BS. Keep in Mind that you have four different services and many government agencies using the the military communications infrastructure! Go to the Defense Information Systsems Agency (DISA) web sight and read their mission statement. It will explain why Net Neutrality is an issue even within the government.

    • Kim Gordon

      Also, why in the world would they run these systems on Windows or Mac OS anyway? Are they inviting viruses in? These things should be run on hardened proprietary OS or OpenBSD.

      Reply
      • Anonymous

        In the 1990’s President Clinton prevented the military from creating its own proprietary operating system and internet protocols. The stated reason was that it would cost to much money if we did not use off the shelf computer technology.
        In hindsight that was a really bad decision.

      • shonangreg

        Why would they need to re-invent the wheel? BSD, linux, et. al. are there for the altering and compiling. And their own IP? Please give a link to substantiate what you’re claiming. None of it makes any sense to me.

      • Anonymous

        You can search “president Clinton Military commercial off the shelf software” and a whole plethora of information on the topic will come up.

      • shonangreg

        Anyone who writes about Kuhn is no dummy, but I don’t see this as an opportunity for you to challenge your readers to find verification for your claims, Pete. And the larger issue is DPI and net neutrality. There as well you’ve yet to back up your assertion.

      • shonangreg

        Anyone who writes about Kuhn is no dummy, but I don’t see this as an opportunity for you to challenge your readers to find verification for your claims, Pete. And the larger issue is DPI and net neutrality. There as well you’ve yet to back up your assertion.

      • Anonymous

        You can search “president Clinton Military commercial off the shelf software” and a whole plethora of information on the topic will come up.

      • shonangreg

        Why would they need to re-invent the wheel? BSD, linux, et. al. are there for the altering and compiling. And their own IP? Please give a link to substantiate what you’re claiming. None of it makes any sense to me.

    • shonangreg

      Pete, don’t Net Netrality rules stop once inside the .mil TLD? Net Neutrality is about the backbones carrying consumer-grade traffic. Why would that affect what goes on internally in any military subnet?

      Reply
      • Anonymous

        Keep in mind that many government agencies use the military communications infrastructure. The Sate Department can grab a great deal of bandwidth at a moments notice. If the local commander say in Iraq wanted to get some of that back he could use DPI to separate military traffic from state department traffic and rate limit the state department. Additionally, I am sure some government agencies really don’t want anyone to know when and how they are communicating. DPI could easily reveal that to anyone scanning the data stream.

      • shonangreg

        So now you agree that civilian use of DPI represents a security threat to sensitive traffic passing over it. You’ve done a 180, Pete.

      • melts

        ah what now?
        DPI doesn’t route traffic, it eh inspects it. if you control the links you’ll find routing data with priorities and all best done by a properly configured router and QoS, ACLs, VLANs, so on.
        the arguments for net neutrality are for commercial ‘public’ networks, not secure military networks, and whatever happens with the public network won’t affect the military networks from protecting themselves with DPI, just like any company can install DPI boxes between their infrastructure and their CPE.

        it sounds like you don’t get it, or are just trying to put the boot in against net neutrality. stopping interconnect companies from using routing rules – some dynamically created from DPI systems – to restrict access to some companies unless said companies pay a premium, its a shakedown. nothing to do with securing your network, unless you happen to be primarily an interconnect company and you have no back office infrastructure…

        i would guess the changes in defense spending, coupled with a surge of bright sparks putting their minds to nefarious goals against the US would be the more likely explanation.

        or maybe just more nefarious types. or a lack of smarts in the military. or maybe everyone making security decisions within the military also think net neutrality affects them like they are common carriers. or maybe the military doesn’t own any links and exclusively uses common carriers, or or or.

        just seems like a stretch to blame something not affecting them at all for their problems is all im saying

      • shonangreg

        So now you agree that civilian use of DPI represents a security threat to sensitive traffic passing over it. You’ve done a 180, Pete.

      • Anonymous

        Keep in mind that many government agencies use the military communications infrastructure. The Sate Department can grab a great deal of bandwidth at a moments notice. If the local commander say in Iraq wanted to get some of that back he could use DPI to separate military traffic from state department traffic and rate limit the state department. Additionally, I am sure some government agencies really don’t want anyone to know when and how they are communicating. DPI could easily reveal that to anyone scanning the data stream.

    • Jim Davison

      Well is this a piece of AstroTurf if ever I saw one! Unless you simply heard some talking points from some other AstroTurfing shill and decided to repeat them verbatim, then anyone who is familiar enough with DPI to understand what it is will understand that “net neutrality” has no impact on the ability to perform DPI. Especially considering that during the late, 90’s the period you cite for the military’s use of DPI, was what could be could be considered one of the most “neutral” eras of the net.

      How do you sleep at night trying to restrict the freedom we have for the purpose of a few dollars?

      Reply
      • Anonymous

        Jim, look up Net Neutrality and DPI. There are plenty of web sights that describe the relationship between the two!

      • Anonymous

        Jim, look up Net Neutrality and DPI. There are plenty of web sights that describe the relationship between the two!

      • shonangreg

        I think you’re right, Jim. Dave is laying out a puzzle to back up his spurious claims. I can’t say it is a respectable way to have a conversation. Hucksters do the same thing.

    • Jim Davison

      Well is this a piece of AstroTurf if ever I saw one! Unless you simply heard some talking points from some other AstroTurfing shill and decided to repeat them verbatim, then anyone who is familiar enough with DPI to understand what it is will understand that “net neutrality” has no impact on the ability to perform DPI. Especially considering that during the late, 90’s the period you cite for the military’s use of DPI, was what could be could be considered one of the most “neutral” eras of the net.

      How do you sleep at night trying to restrict the freedom we have for the purpose of a few dollars?

      Reply
  5. Poco Ritard

    After all this I still don’t see any explanation of how civilian regulatory policy WRT net neutrality has any effect whatsoever on how the .mil netops do their routing. I call BS, PeteEllis. You’re using an ancient technology called “argumentum verbosium” also known as “argument by verbosity” where you throw up a lot of chaff – seemingly lots of reasonable argument that turns out not to be directly relevant and puts the burden of verification on others.

    Thirty years in the business and I say you’re astroturfing, Pete. I think you have an undeclared agenda. Work for AOL or some such?

    Reply
  6. 17 to 21 October 2011 Tech Universe Digest — KnowIT

    [...] WHATCHA DOIN WILLIS?: If you’re in charge of a bunch of military drone vehicles the last thing you want is for them to be infected by malware. And the next last thing is to report the malware to your superiors. At Nevada’s Creech Air Force Base in the US the cockpits were recently found to be logging the keystrokes of the pilots. When techs try to remove the keylogger it keeps coming back. Meanwhile some independent researchers think the keylogger may be an internal Department of Defense security monitoring package. It’s so reassuring when the right hand doesn’t know what the left is doing. TechZwn. [...]

    Reply
  7. Fear the reaper | Whim

    [...] Some news sources have claimed that perhaps the keyloggers had been installed by a section of the Department of Defense. This program would allow the department to keep track of the control commands of the drone pilots. According to a source close to techzwn, while the virus has been on the system for a few weeks it has not taken anything confidential. Tech services for the Air Force have been deleting it as quickly as they have been detecting it. [...]

    Reply

Leave a Reply

Your email address will not be published.