Malware compromises USAF Predator drone computer systems

Filed Under: Malware

Predator droneAccording to a Wired report, malware has infected the control systems used by the United States Air Force to fly Predator and Reaper drones, logging keypresses as the unmanned aircraft are flown remotely in Afghanistan, Libya, Pakistan and other conflict zones.

The malware intrusion is said to have been detected by the Department of Defense's own Host Based Security System (HBSS), but attempts to permanently remove the infection from one of America's most important weapons systems have proven unsuccessful.

Inevitably there has been some concern in the media that malware could interfere with the flight of drones that are not just capable of surveillance, but can also carry deadly missiles to remote targets.

Questions are understandably being asked as to whether a remote hacker could interfere with the drones mid-flight, or send information to a third party about the drone's whereabouts or intended target.

Wired quotes an unnamed source familiar with the infection as saying:

"We keep wiping it off, and it keeps coming back... We think it’s benign. But we just don't know."

Hmm.. If I "just didn't know" I would assume the worst. In computer security, it's always safest to assume the worst possible scenario has happened and take the necessary steps until you have proven that it hasn't, rather than assume everything is ticketyboo.

US Air ForceChances are that the malware is a common-or-garden keylogging Trojan horse designed to steal banking information rather than targeting the USAF. But if they are having problems keeping their systems malware-free, and have not identified the infection accurately, they should presume that it is more serious instead.

Predator and Reaper crews fly their drones remotely from an airforce base in Creech, Nevada. The computer systems used to control the weapons are supposedly not connected to the public internet - to reduce the chances of malware infection.

However, any IT administrator will know that simply disconnecting a computer from the internet does not make it 100% safe. Malware can be introduced via other means, such as a USB memory stick, as astronauts on the International Space Station discovered in 2008.

And that seems to me to the most likely vector (USB memory stick I mean, not outer space..) by which malware could have infected the drone computers, as it's known that drone pilots use memory sticks to upload terrain maps and mission videos.

Here's a photograph of an airman remotely piloting a done at the Predator control HQ in Creech Air Force base, Nevada:

Predator drone control at Creech Air Force base in Nevada

Take a closer look at the photograph.

Closeup of Windows computer at Predator drone control

It certainly looks like they're running Windows, doesn't it? I hope they're up-to-date with their operating system patches and anti-virus updates.

It might be an idea to check that Autorun is disabled too.

, , , , , ,

You might like

14 Responses to Malware compromises USAF Predator drone computer systems

  1. Looks like... Windows XP!

  2. Why couldn't they just run a custom build OS or one build on Linux? WIndows have so many attack vectors as it is a "made for all" OS. A custom OS should only have one function: fly the drone. Also it seems that is XP rather than seven (evident by the green "start" menu and the blue title bar).

  3. Merc · 1454 days ago

    Not just windows, but Windows XP!
    Must be those computers aren't Windows 7 capable? lol

  4. Baz · 1454 days ago

    I think it's a bit of a stretch to jump from one screen above "looking like it's XP" to assuming that the primary controls (centre and above) are also XP and are even network linked to the monitor that looks to be XP.

    • fewiii · 1454 days ago

      I agree. Many defense systems and, especially, aircraft systems (civil and military) are developed using the Ada programming language, usually on some version of Linux. So, methinks the XP machine (if that is, in fact, what it is) is likely not "controlling" anything, maybe acting as a communications platform or something. (Although there *is* an Ada IDE for Windows....)

  5. gbrecke · 1454 days ago

    Quoting unnamed sources is just beginning of what's wrong with this post.
    I guess you could have tossed in that the drone should be electric and charged from a solar panel to make in greener :-)

  6. greatbigmess · 1454 days ago

    I thought the military always used Linux. Isn't that where Linux was developed? I could be wrong here. However, the thought of our military being reduced to a Windows operating system is very scary.

  7. Gary H. · 1454 days ago

    Ticketyboo! Blimey!

  8. Teqx · 1453 days ago

    Finally some material for the next Team America movie....

  9. Nick S · 1453 days ago

    Hopefully just being used as reference; otherwise might find one over my house !!

  10. Randy · 1451 days ago

    It's an inside job. Check ALL USB devices for the malware and the fingerprints on the USB devices. Wiping the whole drive and reinstalling everything from scratch should have stopped it. somebody is reinstalling the malware as well.

  11. DeezeNutz954 · 1450 days ago

    The key logger is memorizing the user actions, so the author can learn all the drone's functions. This is very bad for security. We could be attacked by our own weapons. I am pretty sure they will be an instance of our governments drones being used by hackers, or terrorist.


  12. tony · 1346 days ago

    Apparently the mitliary really doesn't understand electronic technology too much, shocker.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley