In rare admission, Air Force explains and downplays drone computer virus
The computers used at Creech AFB to control UAVs like the Predator (above) have been infected by a stubburn virus. (US Air Force Photo
October 13th, 2011
02:44 PM ET

In rare admission, Air Force explains and downplays drone computer virus

By CNN Pentagon Producer Larry Shaughnessy

A virus that attacked computers controlling unmanned aircraft like the Predator and Reaper is a "nuisance," but is not as severe as media reports indicated, the Air Force said in a statement released Thursday.

The release comes just days after the Air Force refused to answer questions from CNN and other media outlets about the virus, saying, "We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks."

But in an about-face from that policy, the service put out a news release spelling out the details of the computer virus that affected computers associated with its fleet of unmanned aerial vehicles, or UAVs.

Air Force space command said that the computers at Creech Air Force Base in Nevada that control UAVs like Predators and Reapers had been infected by malware, a type of computer bug that usually causes operating problems. The presence of the virus was first reported by Wired magazine, which described the malware as a "keylogger" program, but the Air Force statement said it was really a bug called a "credential stealer."

This version of credential stealer was apparently not effective on the Air Force computers because the virus was designed to infect video game programs, the Air Force said.

"In order to achieve its function, the malware must run on a computer that contains the video game in question. Those games were not on the systems in question," Andy Roake of Air Force Space Command public affairs said in an e-mail to CNN. "The malware was unable to perform its function, and is just a nuisance that must be removed."

The Air Force statement described the credential stealer program as more "of a nuisance than an operational threat. It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer."

All the UAVs that the Air Force flies are controlled by pilots at Creech, even those flying missions around the world in places like Afghanistan or Libya.

The Air Force, in the limited public comments it made initially, said from the beginning that the malware had no impact of UAV operations.

Wednesday's news release explained why the Air Force made an exception in this case to discuss details of a cyber threat.

"We felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question."

Roake said the virus never infected the actual UAVs, just the computers at Creech that controlled them.

But Noah Schactman, who first broke the story on Wired.com, said the biggest problem is that the Air Force is having trouble removing the malware from the hard drives at Creech.

They've tried over and over again to get rid of this thing using some fairly conventional methods, and they haven't worked," Schactman told CNN Monday.

Thursday afternoon, Roake told CNN that the Air Force is having success expunging the virus from its computers.

"In the ground control systems where the malware has been identified, it has been removed," he wrote. "There are a couple of remote locations that still need to be scanned to ensure the malware is not resident on those systems, but the Air Force is working diligently to ensure that it is removed from all systems."

Post by:
Filed under: Afghanistan • Cybersecurity • drones • Security Brief
soundoff (55 Responses)
  1. P

    "We don't know how that islamic schoolhouse was targetted, there appeared to be a malfunction in the control systems."

    October 17, 2011 at 12:56 pm | Reply
    • Doctor Strangelove

      The military is not in control of their drones. I am. I am going to take it and stick it up their collective asses for them in HELL /Jahamem. I'll be waiting for them when they eat $ hit and die.

      October 17, 2011 at 3:19 pm | Reply
  2. Mark

    COUGH (BULLSH!T) according to the article...."All the UAVs that the Air Force flies are controlled by pilots at Creech, even those flying missions around the world in places like Afghanistan or Libya." then I guess those drones flying outta the place I am stationed at (& I'm NOT at Creech) are really just model planes that look like Predators & Reapers.

    October 17, 2011 at 9:41 am | Reply
    • sarah

      Nice opsec.

      October 17, 2011 at 4:26 pm | Reply
    • petrus

      Idiot!

      October 18, 2011 at 5:57 am | Reply
  3. KetchupRocket

    ...am I the only one that thinks that the sphere under nose of the plane looks like Wheatley from Aperture Labs? Anyone? No? Just me?

    The Air Force doens't have a virus! It's just GLaDOS taking over! D: (Which,in retrospect, is probably ten times worse than the virus).

    October 14, 2011 at 11:49 pm | Reply
    • dewed

      LOL, Wheatley, or Atlas's head!

      October 19, 2011 at 7:06 pm | Reply
  4. Tyler

    A virus isn't what messed up the plane! Look at the front! It has a corrupt personality core on it! That's whats wrong with it!

    October 14, 2011 at 9:26 pm | Reply
    • KetchupRocket

      Bro-Hoof, to the max.

      October 14, 2011 at 11:50 pm | Reply
  5. Doctor Strangelove

    This is like the 19179 Atari "Astroid" video game.

    October 14, 2011 at 4:19 pm | Reply
    • Luca

      Posted on I must say, as considerably as I enoeyjd reading what you had to say, I couldnt help but lose interest after a while. Its as if you had a excellent grasp to the subject matter, but you forgot to include your readers. Perhaps you should think about this from extra than one angle. Or maybe you shouldnt generalise so significantly. Its better if you think about what others may have to say instead of just heading for a gut reaction to the subject. Think about adjusting your personal thought process and giving others who may read this the benefit of the doubt.

      October 13, 2012 at 3:13 am | Reply
  6. Doctor Strangelove

    That was no virus. That was me. This military industrial complex is helpless. They are not in control of the situation. Those Little Green Men from Mars, which they hid the fact from the American people, are the ones in control of those drones. If anything bothers me, during my sleep, they Telephaticaly communicate with me and I with GOD /Grand Galactics. GOD/ Grand Galactics know exactly and honestly how I feel. I have that license and partnership with GOD and those Little Green Men from Mars.

    October 14, 2011 at 4:15 pm | Reply
  7. Sam

    It's irrelevant how harmless this program is. The simple truth is this, there is a hole somewhere that somebody learned to exploit. This is reminiscent of the film "Stealth", except that they're not dealing with AI. No matter how little of a nuisance this was, it shows that our systems aren't immune and that serious consideration should be put into the true security of our systems.

    October 13, 2011 at 8:02 pm | Reply
  8. Birche

    So who else was sent here by WriteRCastle's tweet? ❤

    October 13, 2011 at 7:54 pm | Reply
    • sjwims

      That would be me 🙂

      October 14, 2011 at 4:06 am | Reply
  9. Bob

    "All the UAVs that the Air Force flies are controlled by pilots at Creech, even those flying missions around the world in places like Afghanistan or Libya." Nice job not doing your research Mr. Shaughnessy. I can count 7 units flying UAVs from bases other than Creech off the top of my head!

    October 13, 2011 at 7:38 pm | Reply
    • Joe

      Go ahead...one through seven....

      October 13, 2011 at 7:49 pm | Reply
      • Research

        Holloman afb, cannon afb, hancock field (guard base), march afb (guard base), Fargo ND guard base (don't know the name of the base) Nellis AFB

        October 14, 2011 at 3:22 pm |
    • TCK

      Correct. Journalists don't get anything completely correct...except for sports scores….because they are important….and there are too many witnesses to the truth.

      October 14, 2011 at 11:40 am | Reply
    • ShadowWolf

      Now I know everyone can search for all the bases the UAVs are controlled from, and I KNOW a huge majority of you are military. Why the HELL are you all not using the "training" that we opsec officer's provide you with? Purple dragon people, stop spouting off junk like this. Sure some of it may be public, but think before you type.

      P.S.
      Now powered by McAfee =]

      October 18, 2011 at 8:49 am | Reply
  10. Weby

    Nonsense. The Air Force has allowed n0n-authenticated software into their system. Everybody should be aware that the Trusted Computing Group has a combo of HARDWARE and software standards that can PREVENT unauthorized systems from getting on protected networks. It's known as "Known Computing" and should be instituted by folks who wish to protect data on their networks asap. CNN needs to do a special on it so more people know that systems CAN be protected.

    October 13, 2011 at 7:38 pm | Reply
  11. ArtInChicago

    Nuisance now, pain in the you know what later.

    October 13, 2011 at 7:31 pm | Reply
  12. Mike in NC

    "Credential Stealer?" "Key Logger" Sounds like a it's intended to grab identification/user credentials allowing non-authorized users to have access to the equipment. If that's the case, it could allow drones to be co-opted by nearby users and used against our own forces. Maybe it's the Tinfoil Hat talking but it sounds a lot worse than what the military is willing to admit.

    October 13, 2011 at 7:20 pm | Reply
    • michael

      A keylogger does exactly that......logs keys.....or keystrokes, actually,,,,,or more accurately, every keystroke the user of the infected machine makes. If you don't know something, please don't speculate.

      October 13, 2011 at 7:37 pm | Reply
    • Rethink

      Let's hope the authentication processes requires a mouse click or two on code words or something!

      October 13, 2011 at 7:45 pm | Reply
    • ShadowWolf

      If we panic the terrorists win.

      October 18, 2011 at 9:22 am | Reply
      • Doctor Strangelove

        I am the only guy you need to worry about. Your life could depend on it.

        October 19, 2011 at 1:04 am |
    • Ben

      Oh, you mean like how Iran just captured one?

      December 8, 2011 at 3:02 pm | Reply
  13. ohboy

    Air Force is a drama queen.

    October 13, 2011 at 7:14 pm | Reply
    • ShadowWolf

      Yep, and a crap ton of Army Contracting Officers go to jail... Marines get detained for abuse/beating wives/ killing people, and the Navy is always first to get on news articles for the repeal of the DADT...
      We're not "drama queens", crap leaks out due to ignorant people jabbering to...everyone before stuff gets resolved...heck even half way resolved.

      October 18, 2011 at 8:52 am | Reply
  14. Blake

    Only a nuisance till one of these suckers gets hacked and fires a hell-fire missile at a city we didn't want it to.

    October 13, 2011 at 7:06 pm | Reply
    • yup

      Yikes! I hope they have thought about how to deal with that. I'm sure someone is trying.

      October 13, 2011 at 7:42 pm | Reply
  15. Rethink

    A virus is a virus. Malware and spyware are not. This thing should not be called a virus if it hasn't affected any operations.

    And for a little rant on antivirus software . . . The only performance issues I see on my computer at home are due to the antivirus software. How many times have I been playing a game and had the antivirus software arbitrarily kick into gear and cause me to die? It's been too many. IMHO, antivirus software itself fits the definition of a virus. While I'm not going to uninstall my antivirus software anytime soon, I take the approach that viruses are like STDs: if you don't screw around, you aren't going to get one.

    BTW, our Air Force is seriously sweet! I'm proud of my U.S. of A.

    October 13, 2011 at 7:02 pm | Reply
    • J3sus Sandals

      Well assuming drones are running on SIPR at a minimum, how exactly would any kind of nuisance get into the system? A little p0rn during downtime perhaps?

      October 13, 2011 at 7:08 pm | Reply
    • Rethink

      A previous article mentioned that all software upgrades were done through CDs and thumb drives. I can imagine a thumb drive dumping something it shouldn't or a CD being burned with something that didn't belong.

      October 13, 2011 at 7:40 pm | Reply
    • Troy

      You're right. A virus is a virus, and malware/spyware is not necessarily a virus. However, a virus is malware. By definition, a virus is malware that self-replicates by attaching itself to existing files. A virus that does not affect operations is still a virus.

      On the other hand, malware that spreads through other means is not a virus, but rather something like a Trojan Horse.

      October 13, 2011 at 9:15 pm | Reply
  16. George

    Skynet becomes Aware!

    October 13, 2011 at 7:01 pm | Reply
  17. Alien

    "Stubburn" is kind of like "stoopid" or "unentellegint" but in a more "persistant" way.

    October 13, 2011 at 6:53 pm | Reply
  18. Ruderalis

    Cyberdyne is getting ready to attack, just wait!

    October 13, 2011 at 6:47 pm | Reply
    • Ruderalis

      If you don't believe me, go find a Mayan and ask them Mr. Intellegent!

      October 13, 2011 at 6:48 pm | Reply
    • Selam

      Posted on I ought to say, as a whole lot as I enjoyed renaidg what you had to say, I couldnt support but shed interest right after a while. Its as if you had a fantastic grasp on the subject matter, but you forgot to consist of your readers. Perhaps you must consider this from far a lot more than one angle. Or perhaps you shouldnt generalise so considerably. Its greater should you consider what other people may possibly have to say rather of just going for a gut reaction towards the topic. Think about adjusting your own believed method and giving other people who could read this the benefit of the doubt.

      October 13, 2012 at 12:02 am | Reply
  19. Jim

    Who is the idiot who spelled "stubburn"?

    October 13, 2011 at 6:42 pm | Reply
    • J3sus Sandals

      Larry Shaughnessy apparently.

      October 13, 2011 at 7:03 pm | Reply
    • not like i honestly know

      wouldn't it be "spelt"

      October 13, 2011 at 7:23 pm | Reply
      • Racecar Driver Jerry

        Spelt(Noun) – an ancient wheat (Triticum spelta syn. T. aestivum spelta) with spikelets containing two light red grains; also : the grain of spelt.

        October 18, 2011 at 9:16 am |

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.