Air Force drones now come equipped with missiles, cameras and malware

Military can't get rid of keyloggers on control systems of drones, and secure systems at their base

Even if you're used to the idea that viruses can be written for anything with a microprocessor and that if one device or set of technologies becomes particularly hot, virus writers will flock to it just like anyone else would – to be close to the coolest technology and maybe do more damage because early adopters might be taking fewer precautions than they would if the malware were thicker.

Nevertheless, there will always be some devices you absolutely don't want infected by malware under any circumstances. Big database servers. Authentication databases. Security certificate providers (RSA).

Military drones armed with Hellfire missiles.

You probably don't want to allow any system with the word Hellfire anywhere in its component list to be infected by something that could give someone else control of it while you're trying to zero the cameras in on the movements of Al Queda's new No. 2 (No. 2 is always new for the same reason red shirts were always unknowns in Star Trek), or snapping long-range pictures of Osama's secret compound and porn stash.

According to Wired, however, keyloggers did indeed sneak into the onboard operational systems of Air Force Predator and Reaper drones, recording every move and command the remote pilots made as they criscrossed war zones in Afghanistan and Pakistan.

Air force maintenance techs spotted the infection using the DoD's Host Based Secuirty System, a large-scale network of antivirus, counter-intrusion software that sits on every server, desktop and laptop in the DoD.

The client versions add stronger firewall and intrusion prevention to their existing security and reporting back to central databases that watch both anti-virus update lists for signatures of new threats, and filter possible infections HBSS finds in the field.

Air Force techs used HBSS and other antivirus tools to clean it from the drone's sytems, but it keeps coming back according to one anonymous source quoted by Wired.

"We think it's benign. But we just don't know."

No one seems to know where it came from or what, specifically it's up to. The keylogger component to it might be recording all the codes and control commands coming from operators at Creech Air Force Base in Nevada, who fly the drones remotely (very remotely) over central Asia.

The same virus has shown up on classified and unclassified computers at Creech, but so far haven't done too much demonstrable progress.

The Air Force flies more than 150 drones over Afghanistan, while the CIA flies about 30 that have hit targets in Afghanistan. Between them, according to Wired, the drones have killed more than 2,000 people suspected of being militants and civilians accompanying them.

It's not the first time the drones have been cracked.

In 2009, U.S. investigators looking thought he hard drives of captured Iraqis discovered days worth of recorded video of drones flying over Iraq. The insurgents had captured the unencrypted video broadcasts of the drones using SkyGrabber, a widely available piece of software that costs $29 and is designed to help customer download movies and songs from the Web.

“Folks are not merely going to listen/watch what we do when they intercept the feeds, but also start to conduct ‘battles of persuasion’; that is, hacking with the intent to disrupt or change the content, or even ‘persuade’ the system to do their own bidding,” according to and interview writer Peter Singer, author of Wired for War, gave to Wired.

The virus should be fixable with better malware scrubbers, but the military has yet to overcome the oversight of not encrypting video feeds from the drones.

Fixing that huge gap would require upgrades to the hardware not only to the drones and hardware used by their remote pilots, but also to every piece of equipment in the war zones that are designed to either receive drone video for real-time intelligence or its communications capablities to relay requests for strikes.

Those are not the kind of messages people who would otherwise be targets of the drones – no matter how critically important they believe it is – should be sending to U.S. drones.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies