It’s been more than a month since a virus infected the remote “cockpits” of America’s drone fleet. And the U.S. military still doesn’t know exactly how the machines at Creech Air Force Base in Nevada got infected.
“We’re not quite sure how that happened yet,” General Robert Kehler told reporters Tuesday. Kehler is the head of U.S. Strategic Command, which is nominally in charge of the military’s Cyber Command and all other online activities.
“It was a virus that we believe at this point entered from the wild, if you will, not specifically targeted at the RPA (remotely piloted aircraft) activities but entered through some other process,” he added.
The Pentagon is ordinarily reluctant to talk about any computer security breaches; even routine infections are treated as military secrets. For example, the clean-up of a common, if widespread, worm was considered a classified mission — undertaken under the name “Operation Buckshot Yankee.” When Kehler’s predecessor mentioned the phrase at a conference in May of 2010, several people in the room gasped at the seeming indiscretion.
But the drone cockpit virus has already received so much publicity that the military decided to speak up, just a little. Last Wednesday, the Air Force issued a press release calling the infection “more of a nuisance than an operational threat.” An anonymous defense official told the Associated Press that the malware “is routinely used to steal log-in and password data from people who gamble or play games like Mafia Wars online.”
The Air Force added that “credential stealer” code was transported from computer to computer through “portable hard drives.”
On Tuesday, Kehler appeared to walk that explanation back a bit. He said that the hard drives were one possible path of the infection — but not the only path.
“One of the things in the ground control system that we do is we transfer data using hard drives that we actually move from machine to machine and so, with that, there’s always a possibility to have something get in through the loops in the system,” he said.
Air Force spokesman John Haynes told Inside the Air Force that the malware has been removed from Creech’s remote cockpits. Now, the Air Force is focusing on “a couple of remote locations that still need to be scanned to ensure the malware is not resonant on those systems,” he said.
While military insiders say the 24th Air Force — the cybersecurity specialists of the air service — only found out about the infection by reading Danger Room, Haynes said that the Air Force was now placing “top priority on removing this malware from all systems.”
Both Haynes and Kehler also emphasized that no drone operations have been adversely affected by the infection. But even if this virus is relatively benign, Kehler added, “What we’re concerned about is this will evolve into activity that could be destructive in the future, particularly where crippling national infrastructure is involved.”
“This is one of those where sometimes the more you know, the worse you look,” he added. “I think in the past maybe we weren’t aware of some of the things that were happening. We’re far more aware today of things that are happening to us and we are taking strides to deal with the realities of operating in cyberspace.”