Unmanned Aerial Virus

October 10, 2011

The use of pilotless Unmanned Aerial Vehicles [UAVs] (often though somewhat incorrectly called drones) by the United States has been frequently reported in the news.  UAVs have been used not only in the war zones of Iraq and Afghanistan, but also in other areas, notably in Yemen, where a missile strike from a UAV killed Anwar al-Awlaki, an American Muslim cleric associated with al Qaeda on September 30.   The UAVs, though,  are mainly  used for long-range or long-duration surveillance;  they can stay aloft for many hours, with their remotely-located human operators working in shifts.  They have become a key part of the US anti-terrorist effort.

Despite their importance, the current generation of UAVs has had some significant system security issues.  I wrote here, back in December 2009, about the lack of encryption of the UAVs’ video transmissions, which allowed adversaries to receive and record the same information that US forces were getting.  Now, Wired has a report, at the “Danger Room” blog, that the control systems for the Predator and Raptor UAVs has been infected with a computer virus.

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The infection was first detected a couple of weeks ago by security systems at Creech Air Force Base in Nevada, the site from which many UAV missions are operated.  To date, it has not interfered with the operation of the UAV missions, and there is no evidence that classified information has been compromised.  But the infection seems to be stubborn and difficult to eradicate.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

No one is sure, at this point, how the virus was introduced into the system.  The  Ground Control Stations [GCSs] used to operate the UAVs are not supposed to have any connections to the public Internet.  There is some suspicion that the virus may have gotten into the local systems via USB thumb drives or other removable media.  Because of previous security incidents, the use of these devices is supposed to be tightly controlled across the US military; however, according to the “Danger Room” article, the Creech AFB operation was given a special dispensation, so that removable drives could be used to transfer map updates and mission videos.

There has been at least one suggestion that the virus may actually be an internal systems monitoring package, installed by a different group in the Department of Defence, without the knowledge of the Air Force.  I have seen no evidence for this at all; if it were true, it would be in some ways more disturbing than an external attack.

We see, over and over, the effects of a systems development culture that tends to think of security only in a reactive way, after a compromise has been discovered, and I think we’ve been become a bit numb to it.  But surely, for a system like the UAV controls, we should be able to do better.


%d bloggers like this: