September 29, 2016

US Air Force Makes Statement About Drone Malware Infection

In a rare move, the US Air Force has made a public statement about the keylogger malware which was rumoured to have infected the consoles used to fly the unmanned Predator and Reaper drones. The statement was issued to correct recent reporting that the malware detected on stand-alone systems on Creech Air Force Base, Nevada had affected drone operations.

According to the statement the Air Force first detected the malware on 15 September. It was found on a portable hard drives used for transferring information between systems. Subsquetnly it was isolated and forensic investigation was started to track the origin of the malware and clean the infected systems.

“It’s standard policy not to discuss the operational status of our forces,” said Colonel Kathleen Cook, spokesperson for Air Force Space Command. “However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question.”

The malware, which was detected on a Windows machine, in the end turned out to be a credential stealer for Mafia Wars, not a keylogger.

The infected computers were part of the ground control system that supports RPA operations. The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the RPA pilots to safely fly these aircraft remained secure throughout the incident.

Keylogger Virus Infects US Military Drones

(LiveHacking.Com) – Computers controlling American military Predator and Reaper drones have been infected with a keylogger that tracks pilots’ keystrokes as they remotely fly the unmanned machines around the world, according to Wired. And despite their best efforts to remove it, the virus is remaining persistent.

According to a the mole who leaked the information, the malware was detected about two weeks ago but no classified information has been stolen or lost.

“We keep wiping it off, and it keeps coming back,” said a source familiar with the situation. “We think it’s benign. But we just don’t know.”

The drones are unmanned aerial vehicles used primarily by the United States Air Force and the CIA. Along with cameras and other sensors they can carry fire Hellfire missiles.

The virus was found in the consoles that are used to fly the drones at the Creech Air Force Base, Nevada. Each drone is controlled by a pilot using computers with video feeds and a joystick.

According to Sophos, the chances are that the malware is just a common keylogging Trojan horse, designed to steal banking information, that as somehow made its way onto these systems.

“But if they are having problems keeping their systems malware-free, and have not identified the infection accurately, they should presume that it is more serious instead.”