Although detected two weeks ago by the military’s network security systems, the military has been unable to purge its computers of the apparent keyboard logger, Noah Shactman reported Friday in Wired’s Danger Room blog.
“We keep wiping it off, and it keeps coming back,” a source familiar with the network infection told Shactman. “We think it’s benign. But we just don’t know.”
According to the report, the virus hasn’t prevented pilots stationed at Creech Air Force Base in Nevada–where the drone control center is located–from completing their missions. Nor has any classified information been lost or sent to an outside source, Wired reported.
No one knows how the malware got into the system or whether its arrival was deliberate or accidental, but it has infected both classified and unclassified machines. That means information nicked from the classified networks could be funneled to the unclassified networks where it could be leaked to clandestine locations on the public Internet.
According to Wired, the Air Force isn’t commenting directly on the infection. A spokesman for the service’s Air Combat Command, which oversees the drone program, said that that it doesn’t discuss specific vulnerabilities, threats and responses to its computer networks because it can help intruders refine their attacks on military systems.
“We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover,” the spokesman told Wired.
Although the keylogger appears to be harmless, some security experts found news of the intrusion alarming.
“This is bad in so many ways,” Richard Stiennon, chief research analyst with IT-Harvest in Birmingham, Mich., told PCWorld. “It indicates that the military is using completely insecure operating systems and practices for the critical function of controlling drones.”
“These are deadly weapons that must work as required and only when required,” he continued. “To have their command and control corrupted by apparently common malware is inexcusable.”
He maintained that the hard drives on the infected machines should be restored from a clean image. “A removal tool cannot be trusted to completely remove a virus,” he asserted. “The fact that they attempted several times to remove this malware indicates the sorry state of protection within this critical military system.”
John Bumgarner, chief technology officer with the U.S. Cyber Consequences Unit added: “It is highly troubling that the military computer systems used to fly classified Predator missions were breached by an unknown adversary. The security controls for these sensitive national security systems should have been held to a much higher standard by the Department of Defense.”
Despite the sensitive nature of their operations, computer security hasn’t been a hallmark of drone operations. In 2009, for example, the military seized the laptop of a Shiite militant in Iraq and found days of video footage intercepted from drones flying missions in the region. Since video feeds from the drones are unencrypted, the military explained, it’s relatively easy for the militants to snatch them from the air with software that can be purchased off the Internet for $26.
Since the terrorist attacks on the United States on Sept. 11, 2001, drones have increased in importance as a tactical weapon. In the 10 years following 9/11, 30 CIA drones have been attributed with the deaths of more than 2000 militants and civilians. Another 150 Predator and Reaper drones operated by the Air Force patrol the skies over Iraq and Afghanistan. U.S. drones were also used to support NATO air attacks in Libya and were responsible for the death last week of Anwar al-Awlaki, dubbed by some as the “Osama of the Internet.”
[Updated Oct 7, 4:04 PM with additional information]
Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.