Mafia Wars Virus Infected Air Force Drones
Recently, there were reports of a virus infecting the drone aircraft used by the United States Air Force, much like the one that leads this article. While the impact of the infection appears to be minimum, provided you take the official responses at face value, the idea that these aircraft are susceptible to such malicious software attacks is surprising.
However, the story takes a turn for the humorous when the source of the infection is hinted at. Based on responses from unnamed government sources, the virus that infected portions of their drone fleet is the same kind that have been known to infect non-savvy social network gamers who enjoy games like Mafia Wars and Farmville? According to a report that appeared in Wired.com’s Danger Room (via Boing Boing):
The malware “is routinely used to steal log-in and password data from people who gamble or play games like Mafia Wars online,” noted the Associated Press, relying on the word of an anonymous defense official. That official did not explain why drone crews were playing Mafia Wars or similar games during their overseas missions.
One can imagine edicts of “no more Facebook games while on duty” being issued to drone crews everywhere. As for the virus’ impact, it sounds as if it was minimal, save for the embarrassment quotient.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source.
Removal of the malicious file(s), however, has not been as easy. If the various sources are to be believed, the virus “keeps coming back” after its been removed. Perhaps the Air Force should consider using partnering with Malwarebytes, which is one of the most effective malicious software removal packages — even the freeware version — this author has had the pleasure of using.
The Air Force has also released statement concerning the infection. You can download it if you’d like, or you can simply read the quoted text:
Flying operations of remotely piloted aircraft unaffected by malware
PETERSON AIR FORCE BASE, Colo. – To correct recent reporting, the malware detected on stand-alone systems on Creech Air Force Base, Nev., in September, has not affected Remotely Piloted Aircraft operations.
On 15 September, 24th AF first detected and subsequently notified Creech AFB regarding the malware on their portable hard drives approved for transferring information between systems. It was detected and isolated by the 24th Air Force using standard tools and processes for monitoring and protecting Air Force computer systems and networks. The Air Force then began a forensic process to track the origin of the malware and clean the infected systems.
The malware was detected on a stand-alone mission support network using a Windows-based operating system. The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat. It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer. Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach.
The infected computers were part of the ground control system that supports RPA operations. The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the RPA pilots to safely fly these aircraft remained secure throughout the incident.
“It’s standard policy not to discuss the operational status of our forces,” said Colonel Kathleen Cook, spokesperson for Air Force Space Command. “However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question.”
“We continue to strengthen our cyber defenses, using the latest anti-virus software and other methods to protect Air Force resources and assure our ability to execute Air Force missions. Continued education and training of all users will also help reduce the threat of malware to Department of Defense systems.”
For more information contact Air Force Space Command Public Affairs at (719) 554-3731.
While the drone infections will, in all likelihood, go down as little more than embarrassment, imagine if the malware did exactly what it was designed for; that is, steal login and password information. If that happened, the entire fleet, or at least the software controlling it, would have to be scrapped and redone. Perhaps the Air Force could outsource this to Sony, a company that has miles of experience dealing with account-stealing attacks.