back to article Virus infects killer US air drone fleet

Computers controlling the US Air Force's killer Predator and Reaper drones have been infected by a key-logging virus, according to a mole who spoke to Wired. And the malware is not going away despite serious efforts to nuke it. The remote-controlled bomb planes have flown in missions since the discovery of the virus two weeks …


This topic is closed for new posts.
  1. Rameses Niblick the Third (KKWWMT) Silver badge

    "It is believed that the malware won't be able to transmit the information it collects beyond the classified military network hosting the equipment; the network is insulated from the public internet."

    This isn't some two-bit home network NAS we're talking about here ffs! How can they be so relaxed about it? It got in to an isolated (allegedly) network, until you can PROVE otherwise, you have to assume it can get out, not go, "well, we'll probably be ok, so bollocks to it".

    What if it got there via an infected USB stick? Is it plausible to think that maybe the stick captures info from the virus the next time its attached to the network?

  2. Solly

    They should hook it up to the advanced AI of Skynet, it's been alleged that it should be able to squash the virus in seconds.....

  3. Anonymous Coward
    Anonymous Coward

    Looks like they have still not wised up

    to the threat that Windows brings to critical systems

    1. Andrew 25

      Sir, I owe you a beer

    2. Anonymous Coward
      Anonymous Coward

      You have it wrong, it *is* Skynet

      1. Scorchio!!


        "You have it wrong, it *is* Skynet"

        Not to be over pedantic, but Skynet is a British/MoD system, used since 1969:

        Just like the cracking the Enigma, America did not have the idea first...

    3. Anonymous Coward
      Anonymous Coward


      Windows? The only threat I see here are people presumable thinking that "the computers" will keep them safe and thus assume they can stop thinking for themselves.

  4. Beachrider

    So control-B is 'Bomb'?

    I heard about this in the US press last week. I saw some analysis that showed a strict ACL-set firewall that controlled access to the drone-managing subnet. I would have expected that. We do that with our Intensive Care ward for patients. I certainly hope that they do it with their most sensitive areas, too.

    If it is as the analysis (and common sense) dictates. Then the firewall should insulate the key machines.

    1. Inachu

      Firewalls can not stop everything.

      Firewalls can not stop everything.

      Try sneaker net onto a non networked pc.

    2. Arkasha


      I'd hope by "isolated" they mean no physical connection, otherwise all bets are off. One slip on the firewall and it'll get out.

      1. Daniel B.


        I assume they're talking about SIPRNet. If that's the case, then yes, it is completely separated from the "public" internet.

        Then again, Manning was able to get stuff out of there via "sneakernet".

    3. Fatman Silver badge

      RE: So control-B is 'Bomb'?

      No, I thought that action was accomplished through the use of the "Destroy" key (aka "Delete").

      Ah, yes, WindoZE for reconnaissance aircraft, (ad tag line: "Where do we want to crash today?") or,

      WindoZE for drones (ad tag line: "Who do we nuke today?")

      Perhaps the reason they are using WindoZE is because the vendor modded M$ Flight Simulator into a control system for those drones.

  5. K. Adams

    “We keep wiping it off, and it keeps coming back..."

    Seems to me they're looking in the wrong place, then.

    It could be that the malware had the capability to attach itself to the system firmware via a BIOS (or EFI) flash operation. Case in point: Trojan.Mebromi, which was recently discovered running around China:

    -- -- The Register: Malware burrows deep into computer BIOS to escape AV

    -- -- -- --

    Personally, I've always thought that PCs, Laptops, Servers,and other BIOS/EFI-based devices should come with a "flash inhibit" switch or jumper that disables BIOS/EFI updates at the hardware level. Granted, this is something that Joe Average Non-Techie User would likely never use, but could be a boon for system admins and technicians trying to secure company assets...

  6. Anonymous Coward
    Anonymous Coward

    They don't operate on "Windows" so this was tailer made. They can't possibly know what this thing does. Hell, the "users" have to log in to operate it, so. There's the authentication. Obviously someone has the software because they were able to right the virus.

    So I can see it now, someone logs in with correct credentials, takes over, does whatever they want remotely.

    Wasn't this drone or something like it reported as sending video unencrypted not too long ago?

  7. ratfox Silver badge


    Is this the best that the US can do? "We have viruses on our top-notch weapons and we can't get rid of them"?

    I assume they have been cutting corners on security measures in the rush to bring drones to combat, but still...

    1. slooth

      What do you mean they 'don't operate on Windows' ? Their host based detection system found at ( is reported to have "Numerous program enhancements and a new baseline on the Windows Server 2008 R2 platform are now available". Also strange how the worms affecting their networks are all related to:

      • %windir%\system32\muxbde40.dll

      • %windir%\system32\winview.ocx

      • %temp%\6D73776D706461742E746C62FA.tmp

      • %windir%\system32\mswmpdat.tlb

      This can be found at

      Now, in my world, if that is not Windows then I have no hope in hell of being safe

    2. Anonymous Coward
      Anonymous Coward

      Yeah, well I guess their government contractors cut corners by either offshoring the work or on shoring the employees. :-)

    3. Goat Jam

      Who is this "tailer" person

      and why has he not been arrested yet?

      1. Miek

        Maybe they meant "Trailer Person"

    4. Scorchio!!

      "Wasn't this drone or something like it reported as sending video unencrypted not too long ago?"

      ISTR the Talibs could snoop on the drones. Can't find the reference now, but I have it somewhere.

      Perhaps this is Iran, practising for its day of revenge for Natanz.

      1. Anonymous Coward
        Anonymous Coward

        I heard that on NPR yesterday... that the drones were rushed into combat in 2001-02, video encryption was left out, and Iraqi insurgents have been intercepting it for years.

  8. Captain Scarlet Silver badge

    We don't know

    Get someone who knows what they are doing and flame the virus.

  9. Inachu


    Demand that those computers connecting to the drone are built using computers not allowed on network or remove the nic card or build computers without any nic cards in them and do not use any USB thumb drives. Burn programs onto DVD.

    Use a computer with no hard drive that boots from DVD(WIN PE)

    That pc can have 2 DVD drives. Lets DVD drive 1 scan and confirm DRIVE 2 DVD is clean then allow programs onto computers that dircetly communicate with the drones.

    Of course now you must flash wipe the drones that are infected.

    Then once the above is done and any future infection happens then put those troopers in jail for not following directions and mark them as foreign agents and remove their US CITIZENSHIP.

  10. Anonymous Coward

    Hang on

    Equipment that is being used to direct lethal force is being operated while it is known to be infected with malware? What on earth are they playing at? Who decided it was OK? And are they prepared to carry the can if something untoward happens as a result?

    1. dylan 4

      "not allowed on network"?

      If the computers aren't allowed a network connection, how exactly are they supposed to control the drones? Very long wires?

    2. Anonymous Coward
      Anonymous Coward

      Can't you read. Its not the drones. They are not affected. Only the machines that control the drones appear to have some sort of key logger.

      Note that these systems don't appear to be attached to anything external.

      Its quite possible that they picked up the bug from some hardware and that its the virus acting normally. Meaning that the virus wasn't targeting the US systems per se but any machine. Corporate or Home.

      So while *this virus* is *trapped* on their systems, what does that mean for the rest of us?

    3. Goat Jam
      Paris Hilton

      "using computers not allowed on network or remove the nic card"

      erm, how do the computers then communicate with the drones?

    4. Dan 10

      Upvote from me - but in the eventuality that a Predator, say, drops something that goes bang on allied forces in Afghanistan, it will simply be reported as 'insurgents with an RPG'...

  11. Martin Usher

    Please don't tell me that the command and control for those things is running Windows!

    I can see it now "Microsoft XP for Death".....

  12. stupid-frakking-handle

    All may not be as it seems

    Apparently there is a possibility that the logger has been deliberately installed by the US government, presumably on a need to know basis with the local admins left out of the loop...

    1. Anonymous Coward
      Anonymous Coward


      That's the problem with unofficial anonymous guys talking to the press. You don't know who they are, what rank they hold, if they are privvy to all the information, or just some junior who is kacking himself silly because he doesn't have all the facts. Of course, sometimes what they say is true, there is just no way to tell.

    2. Michael Dunn

      BSOD has a really new meaning!

  13. Bill Cumming

    From other sources..

    Can't find the link at the moment but their was a report that the "Virus" / "Key Logger" is actually part of a Department of Defence Security Package installed in some DoD machines.

    It was just not supposed to be in the UAV Control machines, but when equipment was shared between internal departments in cost cutting exorcise, it spread.

  14. Anonymous Coward
    Anonymous Coward

    It was just not supposed to be in the UAV Control machines, but when equipment was shared between internal departments in cost cutting exorcise, it spread.

    Ghost in the machine?

    1. Miek

      It does sound like some form of Exorcism is required

  15. Anonymous Coward
    Anonymous Coward

    "Windows NT was designed to be administered by an idiot and usually is..."

    This sort of console is usually dedicated to showing the application and nothing else. You don't need icons or desktop environments for that. All you need is a system scriptable enough to boot the app and restart it should it crap out. Then why run something that can catch such a wide variety of malware offering itself to every host on the public internet with regularity?

    Probably the same reason they run too many ATMs on the same sort of vulnerable system. The lowest bidder did it. How's that for an epitaph?

  16. Inachu

    LOL If that was true!

    Hey boss we need to add the entire fleet of drones to the domain so the auto logon scripts can do their magic!


    1. Anonymous Coward
      Anonymous Coward


      ATMs run on Windows because it works, if it didn't the banks would run something else. In fact, they used to run OS/2, they when a new OS was needed because OS/2 went out of support the OS adopted was Win NT, because it does the job and does it well. It doesn't phone home if you don't want it to and appropriately installed on a secured network it's just fine. If it wasn't the banks would be losing money through ATMs and you know that they wouldn't tolerate that. What would you rather? Your bank runs its ATMs on Solaris or Red Hat and you incur the extra costs for licensing? (Oh, and yes, Red Hat does cost as much, if not more to license than Windows.)

      1. Anonymous Coward
        Anonymous Coward

        Yes they do

        And that's why I've been ever more wary about ATMs in general. At least the OS/2 ones were trustworthy; now I fear for the Windows brethren of those. Especially considering how I know they run Windows .... the "ATM" app crashed, leaving the woman in front of me in shock as she watched a Windows NT desktop on the screen.

        Then that other one showing some app error message ... which mentioned some kind of spyware/malware.

      2. Chemist

        "What would you rather? Your bank runs its ATMs on Solaris or Red Hat"

        ANY time, absolutely any time

  17. Tubby21288

    Does anyone else have the concern that if the US military is having issues with this thing that common end user machines will have one hell of a battle on there hands? I have faith in my home security however this is worrying, especially if its some kind of super bug.

  18. Sarev

    Check the Chinese hard drive firmware, anyone?

  19. Anonymous Coward

    Windows Everywhere!


  20. Anonymous Coward

    Darn kids...

    I mean, how easy is it to detect the origin of this? VERY easy.

    Just wait for some spam to appear which starts to advertise "Viagra delivery by air, no matter where you are on the globe!".

  21. Anonymous Coward
    Anonymous Coward

    Subcontractor originated?

    I know of at least a couple of DoD, prime contractors, who have made use of keyloggers on their internal machines, for "security purposes". Since at least one component in this system makes use of Windows, it's very plausable that an infection could have come from a laptop or other piece of sub-contractor gear.

  22. Alan Brown Silver badge

    Isolated, firewalled....

    ... but it didn't stop Bradley Manning, did it?

    1. Scorchio!!

      Re: Isolated, firewalled....

      "... but it didn't stop Bradley Manning, did it?"

      Yeah, but he only had to copy down the passwords that users kindly left scribbled on post it notes. On the frames of their monitors. How /embarrassing/.

  23. melts

    go go windows for weapons 3.11

    hard to tell if its something thats supposed to be there or not, but you'd expect the maintainers to have some idea, surely it would be an action against a direct order to remove software that mr 3 star general said had to be installed..

    i just laugh thinking that they are sure its not phoning home yet don't know where its coming from.

    'we dont know where you came from but you're surely not phoning back to that unknown place'

    on second thought it sounds terrible and scary, hopefully it doesn't escalate.

  24. Miek

    Windows + Military Computers == MAJOR FAIL

    1. defiler Silver badge

      Didn't you hear?

      Major Fail retired. His duties are now carried out by General Protection Fault.


  25. Anonymous Coward

    Music MP3 on CD

    They probably listen to heavy rock whilst killing people, helps them aim and improves the kill attitude???

    1. Fatman Silver badge

      Music MP3 on CD

      They were probably listening to this:


  26. TRT Silver badge

    I see the problem...

    The US military have very little concept of 'capture'.

  27. taxman
    Big Brother


    I wonder if anyone has looked at the requirements.

    You know, audit trails? "And just to make sure we know who bombed the wrong guy we'll have the proof - but we don't have to own up"

    There's been enough 'friendly fire' losses already.

    Then again.........Closed system, unwanted software, cleansed, reappears. Oops!

  28. Anonymous Coward
    Anonymous Coward

    Even scarier...

    ... this could be internal audit software, you know what with it being a government agency n all.

  29. Charlie 2


    Here is my question. What is UNCLE SAM doing spending our hard-earned tax dollars on non-US gear? Especially for something as important and sensitive as the Drone/UAV programs? The person or persons responsible for this asinine screw-up should be drawn and quartered in hell. Not only is such an act insecure, it is completely irresponsible and liken to treason. And as for the violating such a public trust, I would have thought UNCLE SAM would have learned something from the fiasco involving the purchase on non-US manufactured military vehicles a few short decades ago.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019