Get Hacked, Don’t Tell: Drone Base Didn’t Report Virus

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/dangerroom/2011/10/drone-virus-kept-quiet/

By Noah Shachtman
Danger Room
Wired.com
October 11, 2011

Officials at Creech Air Force Base in Nevada knew for two weeks about a 
virus infecting the drone “cockpits” there. But they kept the 
information about the infection to themselves -- leaving the unit that’s 
supposed to serve as the Air Force’s cybersecurity specialists in the 
dark. The network defenders at the 24th Air Force learned of the virus 
by reading about it in Danger Room.

The virus, which records the keystrokes of remote pilots as their drones 
fly over places like Afghanistan, is now receiving attention at the 
highest levels; the four-star general who oversees the Air Force’s 
networks was briefed on the infection this morning. But for weeks, it 
stayed (you will pardon the expression) below the radar: a local problem 
that local network administrators were determined to fix on their own.

“It was not highlighted to us,” says a source involved with Air Force 
network operations. “When your article came out, it was like, ‘What is 
this?’”

The drones are still flying over warzones from Afghanistan to Pakistan 
to Yemen. There’s no sign, yet, that the virus either damaged any of the 
systems associated with the remotely piloted aircraft or transmitted 
sensitive information outside the military chain of command -- although 
three military insiders caution that a full-blown, high-level 
investigation into the virus is only now getting underway.

[...]

_____________________________________________________________
FINAL CALL to register #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/