Friday, October 7, 2011

Security *Facepalm*

It seems that someone has hacked the Air Force's Predator Drone fleet, and has malware installed on them that the Air Force can't get rid of:

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
We think it’s benign. But we just don’t know.  What could possibly go wrong?

Sigh.

Kx59 says I've been warning and warning them. As if it helps.

Internet Security guys like me tell you that when you have malware you can't get rid of, you wipe the system and reinstall everything from original media.  Nuke it from Orbit.  Nothing less ensures you that you're not still pwn3d.


And just to emphasize what's happening, the entire US Air Force Predator Drone fleet has been pwn3d.  It's not at all clear that we still control it.  And they're still flying, with Hellfire missiles.

I mean, what could possibly go wrong?

We think it's benign.

You keep using that word.  I do not think it means what you think it means.

Oh, and one more thing: if you click through that Host-Based Security System link in the article above, you know what you find?  McAfee antivirus.  That means that the Predators all run on Windows.

Think about that design, and what the people who made that architecture decision, and what it means.  You'll know that you understand the situation correctly when the hair on the back of your neck stands up.

Stalin would have had them all shot.  However this plays out, this will not end well.

UPDATE 7 October 2011 19:25: To clarify, the malware isn't running on the drones themselves, but on the (ground based) "cockpit" computers that the pilots use to fly the birds.

And it doesn't make one whit of difference.  All of the commands that the pilots use to fly the drones are being recorded.  It's hard to see how Joe H4X0r couldn't reconstruct the "left" "right" "up" "down" and "fire missile" commands from the log.  If he's smart enough to hack the Air Force, he's plenty smart enough to do that.

And the threat scenario isn't that a person or persons unknown fly one to Bagram - we'd shoot it down.  The threat scenario is that some of Our Guys stuck in a tight spot might eat one of the Hellfires, not the Bad Guys.

This will not end well, and people should be fired for this.

14 comments:

  1. It'd be interesting if the "football" containing nuclear launch codes, carried by a military officer always on duty near the President, is Windows-based, too. Think about that nightmare scenario.

    ReplyDelete
  2. Sweet Zombie Jesus! Someone in the Air Force needs to write "I will not connect removable media or the Internet to the systems we use to control airplanes with missiles on them" 1000 times on the chalkboard.

    Yeah, nuke it from orbit after you figure out how it's propigating and shut that down. No sense in just putting it back on the network if it's going to get re-infected. And then you figure out where it came from in the first place and nuke those guys from orbit, no symbolic language intended.

    ReplyDelete
  3. Windows I could almost understand......(but only almost), but Mcafee?? God I hope their tech support has more smarts than that! Though that line about "benign" isn't heartening.

    ReplyDelete
  4. ClueBat

    Most of our integrated chipsets and processors are coming from Mao-Mart

    Since they design the architecture, we don't know hat's gpoing on with processor function.

    During GW1 we had chips placed in Iragi AD faxes/phones/etc ... when illuminated with targeting radars, they basically said "Hey ! over here ! bomb me !"

    We outsource our digital security, we get screwed. They know it's a key logger ... can anyone say STUXNET ? Hmm ?

    THIS IS A BIG F'IN DEAL

    ReplyDelete
  5. Yep, "THIS WILL NOT END WELL"!!!!
    Oh Boy!!
    YeOldFurt

    ReplyDelete
  6. Kinda brings a whole new meaning to "blue screen of death", doesn't it?

    ReplyDelete
  7. 1st rule of computer system security: THERE IS NONE. 2nd rule (and all following rules) of computer system security: see rule #1.

    Why Windows? 'Cuz that's "what we know". So... let's see now: central control systems that use graphic displays, where data needs to be encrypted in realtime to/from the remote processor via a high-speed network.

    Sounds like they could EASILY be using something OTHER than Windows. Linux comes immediately to mind. It has ALL the capabilities required (graphics, powerful encryption algorithms, realtime processing), but CANNOT HOST WINDOWS VIRII. Or maybe Solaris, which doesn't even run on Intel processors (say goodbye to ANY Intel-based virii). Or maybe VxWorks, which is almost impossible to hack into once it's running (it's monolithic and doesn't require a file system unless you WANT one). Or... you get the idea.

    The solutions exist. We CAN build systems that are - for the most part - invulnerable to attack by casual "black hats" with cheap (sub-$50) software.

    But, as long as the dolts are in charge, we'll end up with systems that can be spoofed, hacked into, stolen from, and used for purposes OTHER than what they were meant for.

    ReplyDelete
  8. The stupidity here is astounding. Obviously if someone is key logging the command consoles, they aren't doing it just for shits and giggles.

    The list of suspects is endless. Even nations putatively friendly to us would love to have this information.

    No doubt, it's George Bush's fault.

    ReplyDelete
  9. I was a cell phone and network provider in the US Army back in 2003. If you are comprimised you are screwed in the Army. Trust me we cleaned all drives and reset all encrypted keys immediatly. But I never had Obama as commander in chief. This may not be a bug but a feature.

    ReplyDelete
  10. Initializing SKYNET.

    ReplyDelete
  11. I knew there some meat left on that bone.

    ReplyDelete
  12. Check this out:
    This city now has five surveillance cameras watching traffic downtown, but next year's Republican National Convention could bring hundreds more on the street and in the sky.

    Among other things, officials are interested in:

    • Two "unmanned aerial vehicles" that could hover for 20 minutes, fly in 20-knot winds and carry cameras with zoom lenses or thermal imaging capabilities.

    Pwning those could be fun.

    http://www.tampabay.com/news/localgovernment/tampa-could-add-surveillance-cameras-for-republican-national-convention/1195245

    ReplyDelete
  13. Fired? Uh, no. For once, I'm going to go with Stalin. Have them shot.

    To deploy live-fire weapons on top of a security platform demonstrably inferior to a concept I can cook up in the back of my mind in the time it takes to read an article about this malware attack should be a capital offense under the UCMJ.

    I wouldn't even control a toy airplane with Windoze. Certainly not a military weapons platform.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.