Drone nerve centre malware was Mafia Wars' infostealer
More details have emerged on how systems ground systems that control US military drones came to be infected by malware. In a statement issued on Wednesday, the US Air Force said that "standalone systems on Creech Air Force Base, Nevada" had been infected with malware. "Credential stealing" software was discovered in September on …
WTF are they *doing* running these things on what is pretty obviously a Windows platform, and why is their security so piss-poor that viruses can get onto these systems in the first place.
Now I can admit that Windows has it's place in the software world, but for something as critical as controlling armed military drones on what are likely often highly secret missions, that is *not* the appropriate place. Linux or other more secure software should have been used for an application like this. Something that is *not* compatible with every run of the mill virus out there.
(Of course if they had used a free OS, probably whoever was in charge of software procurement wouldn't have gotten their no doubt cozy deals with the vendor. So of course that couldn't happen.)
I bet NSA will contact them and talk about the SELinux they created themselves (still open source).
Absurd, running Windows and allowing Facebook! Yes, social network, with location etc.
Facebook has absolutely nothing to do with this. As usual, the journalists (not just ElReg's) reporting a technical issue have screwed up.
My guess is that the only one of the people mentioned who is playing Mafia Wars on Facebook is the "anonymous defence official" - the source quoted by Associated Press. And since "military installation hit by Mafia Wars virus" sounds sexy, all the stupid journos have jumped on the bandwagon.
In reality, the computers of the drone program have been hit by a keylogger. A keylogger logs whatever the user types - usually as login passwords to web sites. Yes, it could be the password to your Mafia Wars account. Or to your GMail account. Or your bank account (which is usually the real target). Or whatever.
It does not mean that you are playing Mafia Wars on that computer. Or that you're using it to check your GMail account. Or to do Internet banking. The only thing it means is that your computer has been infected by a keylogger.
Which is, actually, much worse. If one of the infected computers is used to login to a classified account without using anything besides a user name and a password (e.g., smart card, a biometric scanner or whatever), the attackers now have access to that classified account.
How did the military get infected? Certainly not by playing Mafia Wars. Most likely, the infection came from an USB drive. The drone pilots often bring updates to maps, etc. on USB drives.
Why wasn't autorun disabled on these computers? Incompetence.
@Jack 4: "WTF are they *doing* running these things on what is pretty obviously a Windows platform"
Most probably because MS gave a bunch of political donations to the Washingtonians, Homeland Security standardized on Windows and the Military were instructed to use Windows ...
- this post has been rejected -
Duh, yeah. Like, they're not in the aircraft, are they?
... during those long, boring flights-to-target, I guess!
Always suspected that for these drone operators, killing real people on the ground is just like killing people in a video game. Columbine much?
How comforting to know that American killing machines are flying overhead controlled by amoral gaming nerds. The future coming at us fast.
And how appropriate that they were playing not just any game but one (assuming it really was Mafia Wars) in which they act as gangster mafioso!
While I didn't read that as they where playing mafia wars, I read it as "this is the same type of malware one uses to steal mafia wars (pronounced "facebook") passwords (ie a keylogger).
But, I wouldn't be surprised to find our troops playing games in there off time, they do it for the same reason large chunks of elReg readers play them (which I leave determining the purpose of as an exorcize to the reader)
Sounds like Skynet's first attempt to take control.
You have GOT to be joking. You have GOTTTT to be joking. They run Drone control software.....on mswindows !!!!????
Deeper problem than who's playing games on the system. Or which OS they are using for that matter.
Who's the flipping ID-10-T who made the call to connect systems used to operate satellite controlled aircraft to the flippin internet in the first place?
Operator -> satellite -> Drone. Where's the need for an internet connection?
First rule of classified system security. (Applies to all gov activities) DON'T CONNECT CLASSIFIED COMPUTER SYSTEMS TO THE INTERNET!
If it's not connected, It can't get hacked/infected.
about connecting a stand-alone system to the internet when the whole damn class of viruses referenced in the article are well known for their multiple vector propagation.
Your homework assignment - Search El Reg for articles on Stuxnet and read until you comprehend.
wasn't connected to the internet.
I agree with your first sentiment - no need to connect it to the internet. I disagree that it's invulnerable to attack if it's not though.
Wasn't hacked/infected. The Bletchley Park boffins listened to the transmissions (a known vulnerability) and decoded the information contained within.
Different concept.
"standalone systems on Creech Air Force Base, Nevada." Does this not mean that the system is not connected to the internet and so the keylogger has no means of reporting back the logged keystrokes?
but just as the virus can spread via non-internet connections, it could theoretically take data with it and report back once it does get an internet connection, so it is still a valid security concern.
Sign up, sign up for The Register's weekly IT security newsletter - click here
