Wednesday, October 19, 2011

Is that drone ours or theirs? US drones infected with virus.


Back on 7 October, Reuters and other news sources reported that a keystroke logging program was found to have infected US military drones.  The problem was discovered in late September, but the logger has proved difficult to destroy.

A keystroke logger records your input into the computer and is a commonly used hacking technique to learn usernames and passwords and security questions and answers.  So far, the military has not found evidence that the data collected by the logger has been sent to an outside source, but the fact they're having trouble getting rid of the logger is worrying.

In the Danger Room article, Noah Shachtman wrote:  “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

I think saying a keystroke logger is benign is like spotting a guy who follows you all day taking pictures of everything you do and saying, "Oh, he's probably harmless." 

The military network that controls the drones is not connected to the Internet, which means the logger was introduced--either on accident or on purpose.  A USB drive or a hard drive swap-out containing the logger could explain how it got into the military network.  As long as the data has not gone back out, then it's just a matter of destroying the logger. 

But if the data has somehow reached our enemies, we could have serious problems.  The military and intelligence agencies operate at least 180 drones in five or more countries, and they are an important part of our defense (and our offense).  The Danger Room article mentioned that in 2009, insurgents in Iraq captured days of footage from Predator and Reaper drones because the footage was sent unencrypted from the drones to ground forces.

My concern is that as enemies gather more information about how the drones operate, they could find a way to hack them.  Drones are the future of air power.  When you remove the pilot from the aircraft and put them in a bunker, the aircraft no longer needs all the support functions that keep a human alive in the air.  This saves weight and complexity, and also saves pilots from being killed or captured.

In the future, I think we'll see fleets of drones in the skies as different countries race to build aircraft that are faster, stealthier, more durable, deadlier and able to stay aloft longer.

But the right hack might give control of these weapons to our enemies.  According to the Reuters article, the US currently runs some 60 of their combat air patrols using drones.  Imagine if some or all of these were turned against us.  We'd be frantically trying to organize an air defense without knowing which drones are friendly and which are enemies.

That's a scary scenario.

(Some buddies of mine first alerted me to this story--thanks Think Tankers! I later saw it mentioned on Bruce Schneier's site.  And here is the Danger Room article, and the Reuters one.  The pic is from:  defense-update.com.)

No comments:

Post a Comment