Wired‘s Danger Room blog is reporting that a computer virus has infected the computers that are used to fly Air Force drones worldwide. The computers, based at Creech Air Force Base in Nevada, have been infected for about two weeks. Drones such as the Predator and the Reaper are operated from this location while flying in places such as Yemen or Afghanistan.
The virus infecting the Air Force computers at Creech AFB appears to be a keystroke logger. This type of virus records the keystrokes the user types on the infected computer. Keystroke loggers record data such as user names and passwords, as well as any file names or locations that are typed into the computer. The data is either hidden on the infected computer in a file or sent to another computer. Noah Shachtman at Wired is reporting that this infection seems to just be logging the keystrokes. No data is known to have been transmitted to another computer.
How the Infection Happened
The Air Force believes that the virus was introduced into the ground control stations (GCS) by an infected disc or removable USB drive. The Air Force bans the use of any USB device on its computers. This ban covers cameras, iPods, jump or flash drives and other devices. The remote piloting computers are not connected to the Internet but are often uploaded with mapping information for the use of the drone and its pilot from removable devices. They are one exception to the rule. Map files are generated for each mission flown and must be transferred to the GCS from the computer that created them.
Despite the best efforts of technicians at Creech AFB, eradicating the computer virus is proving difficult. The ultimate virus removal tool is the brute force technique of wiping and reformatting the infected drive. This takes time and requires a clean and uninfected backup of the drive for restoration. None of this prevents reinfection, especially when the source of the virus is not known.
No actual damages have been reported due to this computer virus. Creech AFB pilots continue to fly drones on missions around the world with no effect on operations or effectiveness. The Air Force is having to scrub each and every infected computer, costing down time for that machine and the time for the technicians to wipe and reload the computer. It is not known when the systems will be clean. Reuters reports that an attack on Pentagon computers, first detected in 2008, has still not been stopped.