back to article Drone nerve centre malware was Mafia Wars' infostealer

More details have emerged on how systems ground systems that control US military drones came to be infected by malware. In a statement issued on Wednesday, the US Air Force said that "standalone systems on Creech Air Force Base, Nevada" had been infected with malware. "Credential stealing" software was discovered in September …


This topic is closed for new posts.
  1. Jack 4

    I must ask again...

    WTF are they *doing* running these things on what is pretty obviously a Windows platform, and why is their security so piss-poor that viruses can get onto these systems in the first place.

    Now I can admit that Windows has it's place in the software world, but for something as critical as controlling armed military drones on what are likely often highly secret missions, that is *not* the appropriate place. Linux or other more secure software should have been used for an application like this. Something that is *not* compatible with every run of the mill virus out there.

    (Of course if they had used a free OS, probably whoever was in charge of software procurement wouldn't have gotten their no doubt cozy deals with the vendor. So of course that couldn't happen.)

    1. Ilgaz


      I bet NSA will contact them and talk about the SELinux they created themselves (still open source).

      Absurd, running Windows and allowing Facebook! Yes, social network, with location etc.

      1. Dr. Vesselin Bontchev

        Don't be mislead by incompetent journalists

        Facebook has absolutely nothing to do with this. As usual, the journalists (not just ElReg's) reporting a technical issue have screwed up.

        My guess is that the only one of the people mentioned who is playing Mafia Wars on Facebook is the "anonymous defence official" - the source quoted by Associated Press. And since "military installation hit by Mafia Wars virus" sounds sexy, all the stupid journos have jumped on the bandwagon.

        In reality, the computers of the drone program have been hit by a keylogger. A keylogger logs whatever the user types - usually as login passwords to web sites. Yes, it could be the password to your Mafia Wars account. Or to your GMail account. Or your bank account (which is usually the real target). Or whatever.

        It does not mean that you are playing Mafia Wars on that computer. Or that you're using it to check your GMail account. Or to do Internet banking. The only thing it means is that your computer has been infected by a keylogger.

        Which is, actually, much worse. If one of the infected computers is used to login to a classified account without using anything besides a user name and a password (e.g., smart card, a biometric scanner or whatever), the attackers now have access to that classified account.

        How did the military get infected? Certainly not by playing Mafia Wars. Most likely, the infection came from an USB drive. The drone pilots often bring updates to maps, etc. on USB drives.

        Why wasn't autorun disabled on these computers? Incompetence.

    2. Microphage

      re: I must ask again...

      @Jack 4: "WTF are they *doing* running these things on what is pretty obviously a Windows platform"

      Most probably because MS gave a bunch of political donations to the Washingtonians, Homeland Security standardized on Windows and the Military were instructed to use Windows ...

      - this post has been rejected -

  2. nyelvmark

    the ability of the RPA pilots to safely fly these aircraft remained secure

    Duh, yeah. Like, they're not in the aircraft, are they?

  3. Big Al
    Black Helicopters

    Something to do...

    ... during those long, boring flights-to-target, I guess!

  4. Drew V.

    "Lolz just blew up Afghan wedding, kids toys everywhere rofl"

    Always suspected that for these drone operators, killing real people on the ground is just like killing people in a video game. Columbine much?

    How comforting to know that American killing machines are flying overhead controlled by amoral gaming nerds. The future coming at us fast.

    And how appropriate that they were playing not just any game but one (assuming it really was Mafia Wars) in which they act as gangster mafioso!

  5. Oninoshiko

    why would they play games?

    While I didn't read that as they where playing mafia wars, I read it as "this is the same type of malware one uses to steal mafia wars (pronounced "facebook") passwords (ie a keylogger).

    But, I wouldn't be surprised to find our troops playing games in there off time, they do it for the same reason large chunks of elReg readers play them (which I leave determining the purpose of as an exorcize to the reader)

  6. Asgard

    Drone nerve centre malware

    Sounds like Skynet's first attempt to take control.

  7. T J

    They run WINDOWS !!!???

    You have GOT to be joking. You have GOTTTT to be joking. They run Drone control software.....on mswindows !!!!????

  8. LoCatus

    Missing the underlying problem

    Deeper problem than who's playing games on the system. Or which OS they are using for that matter.

    Who's the flipping ID-10-T who made the call to connect systems used to operate satellite controlled aircraft to the flippin internet in the first place?

    Operator -> satellite -> Drone. Where's the need for an internet connection?

    First rule of classified system security. (Applies to all gov activities) DON'T CONNECT CLASSIFIED COMPUTER SYSTEMS TO THE INTERNET!

    If it's not connected, It can't get hacked/infected.

    1. Tom 13

      Probably ones who are smarter than the flipping ID-ten-T who whines

      about connecting a stand-alone system to the internet when the whole damn class of viruses referenced in the article are well known for their multiple vector propagation.

      Your homework assignment - Search El Reg for articles on Stuxnet and read until you comprehend.

  9. 6th


    wasn't connected to the internet.

    I agree with your first sentiment - no need to connect it to the internet. I disagree that it's invulnerable to attack if it's not though.

    1. auburnman


      Wasn't hacked/infected. The Bletchley Park boffins listened to the transmissions (a known vulnerability) and decoded the information contained within.

      Different concept.

  10. R J Tysoe


    "standalone systems on Creech Air Force Base, Nevada." Does this not mean that the system is not connected to the internet and so the keylogger has no means of reporting back the logged keystrokes?

    1. Tom 13

      That would be an important mitigating factor

      but just as the virus can spread via non-internet connections, it could theoretically take data with it and report back once it does get an internet connection, so it is still a valid security concern.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022