TechZwn



Hackers

October 8, 2011
42 comments »

Predator Drone Virus Could Be Internal Monitoring System: Analyst

The U.S. line of Predator and Reaper unmanned aerial vehicles (UAVs) was hit by a computer virus that is logging the keystrokes of pilots as they steer the UAVs remotely through Afghanistan and other warzones, found Wired’s Danger Room blog.

According to security researcher Miles Fidelman, however, the virus may be an internal Department of Defense (DoD) security monitoring package. He noted there are “a couple of vendors” who sell such technology to the DoD, which are “essentially rootkits that do, among other things, key logging.” The comments were sent to the Dailydave security mailing list, which was posted through SecLists.org.

“I kind of wonder if the virus that folks are fighting is something that some other part of DoD deployed intentionally,” Fidelman adds.

The virus hit the “cockpits” of the pilots—computer stations at Nevada’s Creech Air Force Base. It was first detected by the military’s Host-Based Security System close to two weeks ago, according to Wired.

The military tried removing it several times, but it keeps coming back. Still, it doesn’t seem to have stopped them from continuing their missions, and no classified data has been taken. A source familiar with the network infection told Danger Room, “We keep wiping it off, and it keeps coming back. We think it’s benign. But we just don’t know.”

* Image courtesy of Spc. Roland Hale, eCAB, 1st Inf. Div. PAO. The image is of a MQ-1C Gray Eagle UAV.




About the Author

Joshua Philipp
Joshua Philipp is a journalist and writer based in New York City, and his works have been published in numerous newspapers and magazines around the world. He is the Chief Editor at TechZwn.com, and is also a technology editor and staff reporter for The Epoch Times where he covers technology, defense, and cybersecurity.
More articles by »


42 comments »

 

 

 

 
Latest Game Reviews

 


  • Guest

    More properly, you should refer to the infected systems as UAS, not UAV. The UAV is the aircraft, which according to the story are not infected.

  • guest

    If you’re going to explain to the public what thye abbreviation UAV stands for, please learn to spell aerial first. Arial is a sans-serif typeface and set of computer fonts.

    • joshuaphilipp

      lol, thanks. Corrected.

  • Anonymous

    Allies don’t let allies run Windows …

    Wasn’t security taken into consideration for this project? Seems like even if it was there was still a gap through which this event penetrated.

    Now they have what appears to be a security breach and it remains to be determined if what is being seen is actually the result of a bug or vulnerability or if it is the manifestation of an active, but possibly unintentionally triggered, feature.

    Oh, Inspector General’s Office! Could you take a second to look at this? Please?

  • Anonymous

    Deep Packet Inspection (DPI) has been the way we, the military, have protected important computer systems sine the late 1990′s. However, the current administration has curtailed many government run DPI efforts in order to promote “Net Neutrality” . I am certain that this dialing back of or the complete termination of DPI surrounding the software construction of the applications used on the predator aircraft is responsible for letting a virus slip through.

    DPI will protect our nation from hacking and maleware. Net Neutrality leaves our national cyber space open to our enemies!

    • http://www.sonicyouth.com/ Kim Gordon

      What? How could Net Neutrality forbid the use of DPI? Any decent firewall will be using DPI at the premesis anyway. Please explain how DPI could ruin net neutrality. Even from a Net Neutrality advocacy standpoint I can’t see how it could be affected by DPI within the organization. I surely hope military command/control networks aren’t carrying general internet traffic instead of being closed networks.

      Are you saying the Internet 2 academic network is more secure than the US military just because the general public isn’t allowed on I2 but apparently the US military drone program allows any old BS to flow through their data pipes?

      • Anonymous

        Most Firewalls do not use DPI at all. DPI takes very special equipment to keep it from slowing your traffic down and making applications unusable because of the added latency!

        From Wikipedia:
        “DPI combines the functionality of an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) with a traditional stateful firewall This combination makes it possible to detect certain attacks that neither the IDS/IPS nor the stateful firewall can catch on their own. Stateful firewalls, while able to see the beginning and end of a packet flow, cannot on their own catch events that would be out of bounds for a particular application. While IDSs are able to detect intrusions, they have very little capability in blocking such an attack. DPIs are used to prevent attacks from viruses and worms at wire speeds. More specifically, DPI can be effective against buffer overflow attacks, Denial of Service (DoS) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet.

        DPI-enabled devices have the ability to look at Layer 2 and beyond Layer 3 of the OSI model, in cases DPI can be evoked to look through Layer 2-7 of the OSI model. This includes headers and data protocol structures as well as the actual payload of the message. DPI functionality is evoked when a device looks or takes other action based on information beyond Layer 3 of the OSI model. DPI can identify and classify traffic based on a signature database that includes information extracted from the data part of a packet, allowing finer control than classification based only on header information. End points can utilize encryption and obfuscation techniques to evade DPI actions in many cases.

        A classified packet can be redirected, marked/tagged (see quality of service), blocked, rate limited, and of course reported to a reporting agent in the network. In this way, HTTP errors of different classifications may be identified and forwarded for analysis. Many DPI devices can identify packet flows (rather than packet-by-packet analysis), allowing control actions based on accumulated flow information.”

        • shonangreg

          You do not appear to have addressed Kim’s question about how the .mil network is affected by DPI on the consumer level. And if any military contractor were using a VPN to connect to a military network, I assume the government would rather not have civilians DPI-ing the traffic — though DPI would only reveal a highly-encrypted data stream.

          I am just an amateur, but Pete Ellis, is sounds like you are just spreading anti-net neutrality bullshit.

          • Anonymous

            No anti-net neutrality BS. Keep in Mind that you have four different services and many government agencies using the the military communications infrastructure! Go to the Defense Information Systsems Agency (DISA) web sight and read their mission statement. It will explain why Net Neutrality is an issue even within the government.

          • shonangreg

            Nada, dude. 0 mentions of “net neutrality” on the DISA web “sight”. Are you going to provide a link? Or are you just going to admit you’re talking out your hat for attention? What you’re saying doesn’t make sense.

          • Anonymous

            Wow, I thought you would be sharp enough to make the connections yourself. Obviously not. I stand by what I said . Keep looking you will find the links between DPI and Net Neutrality.

          • Anonymous

            Wow, I thought you would be sharp enough to make the connections yourself. Obviously not. I stand by what I said . Keep looking you will find the links between DPI and Net Neutrality.

          • http://www.sonicyouth.com/ Kim Gordon

            Keep looking? You make a statement and then tell us to prove it’s true? Nice try pal.

            Also I stand corrected on the DPI on most firewall statement… But I did mean on the corporate/ISP/gov level. Not the home user. Though you have been able to buy software/hardware to do DPI at the SOHO consumer level for a while.

          • shonangreg

            Nada, dude. 0 mentions of “net neutrality” on the DISA web “sight”. Are you going to provide a link? Or are you just going to admit you’re talking out your hat for attention? What you’re saying doesn’t make sense.

          • Anonymous

            No anti-net neutrality BS. Keep in Mind that you have four different services and many government agencies using the the military communications infrastructure! Go to the Defense Information Systsems Agency (DISA) web sight and read their mission statement. It will explain why Net Neutrality is an issue even within the government.

    • http://www.sonicyouth.com/ Kim Gordon

      Also, why in the world would they run these systems on Windows or Mac OS anyway? Are they inviting viruses in? These things should be run on hardened proprietary OS or OpenBSD.

      • Anonymous

        In the 1990′s President Clinton prevented the military from creating its own proprietary operating system and internet protocols. The stated reason was that it would cost to much money if we did not use off the shelf computer technology.
        In hindsight that was a really bad decision.

        • shonangreg

          Why would they need to re-invent the wheel? BSD, linux, et. al. are there for the altering and compiling. And their own IP? Please give a link to substantiate what you’re claiming. None of it makes any sense to me.

          • Anonymous

            You can search “president Clinton Military commercial off the shelf software” and a whole plethora of information on the topic will come up.

          • shonangreg

            Anyone who writes about Kuhn is no dummy, but I don’t see this as an opportunity for you to challenge your readers to find verification for your claims, Pete. And the larger issue is DPI and net neutrality. There as well you’ve yet to back up your assertion.

          • shonangreg

            Anyone who writes about Kuhn is no dummy, but I don’t see this as an opportunity for you to challenge your readers to find verification for your claims, Pete. And the larger issue is DPI and net neutrality. There as well you’ve yet to back up your assertion.

          • Anonymous

            You can search “president Clinton Military commercial off the shelf software” and a whole plethora of information on the topic will come up.

        • shonangreg

          Why would they need to re-invent the wheel? BSD, linux, et. al. are there for the altering and compiling. And their own IP? Please give a link to substantiate what you’re claiming. None of it makes any sense to me.

    • shonangreg

      Pete, don’t Net Netrality rules stop once inside the .mil TLD? Net Neutrality is about the backbones carrying consumer-grade traffic. Why would that affect what goes on internally in any military subnet?

      • Anonymous

        Keep in mind that many government agencies use the military communications infrastructure. The Sate Department can grab a great deal of bandwidth at a moments notice. If the local commander say in Iraq wanted to get some of that back he could use DPI to separate military traffic from state department traffic and rate limit the state department. Additionally, I am sure some government agencies really don’t want anyone to know when and how they are communicating. DPI could easily reveal that to anyone scanning the data stream.

        • shonangreg

          So now you agree that civilian use of DPI represents a security threat to sensitive traffic passing over it. You’ve done a 180, Pete.

          • Anonymous

            nope, it depends on whose running the scanner.

          • Anonymous

            nope, it depends on whose running the scanner.

          • melts

            ah what now?
            DPI doesn’t route traffic, it eh inspects it. if you control the links you’ll find routing data with priorities and all best done by a properly configured router and QoS, ACLs, VLANs, so on.
            the arguments for net neutrality are for commercial ‘public’ networks, not secure military networks, and whatever happens with the public network won’t affect the military networks from protecting themselves with DPI, just like any company can install DPI boxes between their infrastructure and their CPE.

            it sounds like you don’t get it, or are just trying to put the boot in against net neutrality. stopping interconnect companies from using routing rules – some dynamically created from DPI systems – to restrict access to some companies unless said companies pay a premium, its a shakedown. nothing to do with securing your network, unless you happen to be primarily an interconnect company and you have no back office infrastructure…

            i would guess the changes in defense spending, coupled with a surge of bright sparks putting their minds to nefarious goals against the US would be the more likely explanation.

            or maybe just more nefarious types. or a lack of smarts in the military. or maybe everyone making security decisions within the military also think net neutrality affects them like they are common carriers. or maybe the military doesn’t own any links and exclusively uses common carriers, or or or.

            just seems like a stretch to blame something not affecting them at all for their problems is all im saying

        • shonangreg

          So now you agree that civilian use of DPI represents a security threat to sensitive traffic passing over it. You’ve done a 180, Pete.

      • Anonymous

        Keep in mind that many government agencies use the military communications infrastructure. The Sate Department can grab a great deal of bandwidth at a moments notice. If the local commander say in Iraq wanted to get some of that back he could use DPI to separate military traffic from state department traffic and rate limit the state department. Additionally, I am sure some government agencies really don’t want anyone to know when and how they are communicating. DPI could easily reveal that to anyone scanning the data stream.

    • http://www.facebook.com/profile.php?id=26109648 Jim Davison

      Well is this a piece of AstroTurf if ever I saw one! Unless you simply heard some talking points from some other AstroTurfing shill and decided to repeat them verbatim, then anyone who is familiar enough with DPI to understand what it is will understand that “net neutrality” has no impact on the ability to perform DPI. Especially considering that during the late, 90′s the period you cite for the military’s use of DPI, was what could be could be considered one of the most “neutral” eras of the net.

      How do you sleep at night trying to restrict the freedom we have for the purpose of a few dollars?

      • Anonymous

        Jim, look up Net Neutrality and DPI. There are plenty of web sights that describe the relationship between the two!

      • Anonymous

        Jim, look up Net Neutrality and DPI. There are plenty of web sights that describe the relationship between the two!

      • shonangreg

        I think you’re right, Jim. Dave is laying out a puzzle to back up his spurious claims. I can’t say it is a respectable way to have a conversation. Hucksters do the same thing.

    • http://www.facebook.com/profile.php?id=26109648 Jim Davison

      Well is this a piece of AstroTurf if ever I saw one! Unless you simply heard some talking points from some other AstroTurfing shill and decided to repeat them verbatim, then anyone who is familiar enough with DPI to understand what it is will understand that “net neutrality” has no impact on the ability to perform DPI. Especially considering that during the late, 90′s the period you cite for the military’s use of DPI, was what could be could be considered one of the most “neutral” eras of the net.

      How do you sleep at night trying to restrict the freedom we have for the purpose of a few dollars?

  • Poco Ritard

    After all this I still don’t see any explanation of how civilian regulatory policy WRT net neutrality has any effect whatsoever on how the .mil netops do their routing. I call BS, PeteEllis. You’re using an ancient technology called “argumentum verbosium” also known as “argument by verbosity” where you throw up a lot of chaff – seemingly lots of reasonable argument that turns out not to be directly relevant and puts the burden of verification on others.

    Thirty years in the business and I say you’re astroturfing, Pete. I think you have an undeclared agenda. Work for AOL or some such?

  • Pingback: Predator virus might be US monitoring itself and not a stupid oversight

  • Pingback: Spy vs. Spy, Spilt Blackberries & Redmond’s Lies « FOSS Force

  • Pingback: I can be happy with very little. I just choose not to be. « Rodney's space

  • Pingback: 17 to 21 October 2011 Tech Universe Digest — KnowIT

  • Pingback: Fear the reaper | Whim


ValleyWithoutWind2
A Valley Without Wind 2 Nears Beta
In Two Days, ‘Tales of Games’ Earned Fifty Grand for Their New Game
The Humble THQ Bundle
Baldur’s Gate Has Returned
 
 
 
 
 
primshot4
Review: Primordia
Review: Dishonored
 
 
 
 
 

Review: Miasma 2
 
 
 
 
 

Review: ‘Northmark: Hour of the Wolf’
 
 
 
 
 

TL2CoverB_1280x1024
What Torchlight 2 Did Right
What Bushido Blade Did Right
Club Nintendo Update: Rotozoa and Touch Solitaire
Tales from FTL, The Journeys of Captain Kadreal (Part 8)
black1
Nintendo, Please Don’t Let Us Down With the Wii U
Infographic Shines Light On True Costs of Digital Piracy
Will Google Glass lead to Dragon Ball Z?
DEF CON Panel on Anonymous Shines Light on Journalism Hurdles