By CNN Pentagon Producer Larry Shaughnessy
A virus that attacked computers controlling unmanned aircraft like the Predator and Reaper is a "nuisance," but is not as severe as media reports indicated, the Air Force said in a statement released Thursday.
The release comes just days after the Air Force refused to answer questions from CNN and other media outlets about the virus, saying, "We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks."
But in an about-face from that policy, the service put out a news release spelling out the details of the computer virus that affected computers associated with its fleet of unmanned aerial vehicles, or UAVs.
Air Force space command said that the computers at Creech Air Force Base in Nevada that control UAVs like Predators and Reapers had been infected by malware, a type of computer bug that usually causes operating problems. The presence of the virus was first reported by Wired magazine, which described the malware as a "keylogger" program, but the Air Force statement said it was really a bug called a "credential stealer."
This version of credential stealer was apparently not effective on the Air Force computers because the virus was designed to infect video game programs, the Air Force said.
"In order to achieve its function, the malware must run on a computer that contains the video game in question. Those games were not on the systems in question," Andy Roake of Air Force Space Command public affairs said in an e-mail to CNN. "The malware was unable to perform its function, and is just a nuisance that must be removed."
The Air Force statement described the credential stealer program as more "of a nuisance than an operational threat. It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer."
All the UAVs that the Air Force flies are controlled by pilots at Creech, even those flying missions around the world in places like Afghanistan or Libya.
The Air Force, in the limited public comments it made initially, said from the beginning that the malware had no impact of UAV operations.
Wednesday's news release explained why the Air Force made an exception in this case to discuss details of a cyber threat.
"We felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question."
Roake said the virus never infected the actual UAVs, just the computers at Creech that controlled them.
But Noah Schactman, who first broke the story on Wired.com, said the biggest problem is that the Air Force is having trouble removing the malware from the hard drives at Creech.
They've tried over and over again to get rid of this thing using some fairly conventional methods, and they haven't worked," Schactman told CNN Monday.
Thursday afternoon, Roake told CNN that the Air Force is having success expunging the virus from its computers.
"In the ground control systems where the malware has been identified, it has been removed," he wrote. "There are a couple of remote locations that still need to be scanned to ensure the malware is not resident on those systems, but the Air Force is working diligently to ensure that it is removed from all systems."