Keylogger Virus Found on Drone Pilots' Computers
A recent story in Wired claims that the operators of the Reaper and Predator drone fleets are struggling against an enemy we can all relate to: Malware. According to the story’s sources, which are unnamed, the computers used to remotely control drones around the world have been infected with a nasty keylogger that is resisting efforts to destroy it.
If the article’s sources can be believed, the problem is centered around a drone control facility at Nevada’s Creech Air Force Base. Pilots on the base use computers to fly drones on missions in Pakistan, Afganistan, and around the world. With more and more missions being flown by these armed robotic aircraft, facilities like Creech have become hubs of activity for reconnaissance and more lethal operations. For security purposes, the computers on the base are not connected to the Internet in order to avoid any chance they could become infected. However, the Creech facility was one of the few places the Department of Defense (DoD) allowed USB flash drives to be used in order to transfer mission data between computers. It’s believed that this special allowance was the point of entry for the keylogger virus, though its not clear if it was intentionally placed on the infected computers.
This is, obviously, bad news for the Air Force, but it might not be as horrific as it seems. First off, the virus has only infected the computers used to control the drones remotely, not the drones themselves. Second, and more importantly, the virus seems to have had no affect on the drone operations. As a keylogger, it simply records keystrokes and somehow attempts to transmit that information back to whomever released the virus in the first place.
Technicians in the story say that they aren’t sure whether or not the virus was planted deliberately, or if it simply hitched a ride on a USB drive or disk and simply got lucky about where it landed. Given that drone missions are apparently still flying from the facility, it seems more likely that this was an accidental infection. Of course, that means that someone on base screwed up, but that’s neither here nor there.
Interestingly, no one seems to be certain about how much of a threat the virus poses. True, as a keylogger it captures every keystroke made on an infected computer. However, because these computers are not connected to the Internet, it’s unclear to me how they could transmit that information outside the base. Wired notes that there has been no evidence that any information has left the base. It’s possible that the keyloggers are storing the data and are designed to somehow hop a ride on another USB device back to a computer that does have Internet access. However, this scenarios seem highly unlikely given the amount of chance involved.
Furthermore, if the keylogger was designed to be picked up and carried back either by chance or by a confederate, it probably wouldn’t be designed to spread to other computers. While spreading does increase the chances that it would snatch some juicy information, it also increases the chances that it would be discovered. Also, the virus apparently is well known to the security fraternity since the technicians quoted in the article say that they are trying to clean up the infected computers using instructions from Kaspersky security website. To me, the apparent well known status of this particular keylogger points to an accidental infection.
If anything, this episode is proof that cybersecurity is very, very difficult thing; All it takes is a single slip up to bring a nasty virus into a secure area. It also shows just how difficult malware can be to get rid of, since a governmental agency is apparently wiping harddrives just to rid themselves of a keylogger. Hopefully, the Air Force will be able to put this embarrassing episode behind them soon, and put everyone’s mind at ease. For everyone else, use some common sense in your digital activities and maybe get some virus protection.