The world of espionage is full of twists and turns, plays and counter plays. In the latest twist, it was recently discovered that America’s most powerful surveillance tech gadgets, the Predator and Reaper UAVs – Unmanned Aerial Vehicles – have been infected by a keylogger virus. Discovered by the military’s Host-Based Security System the virus has made itself at home in the controller cockpits located at Creech Air Force Base at Indian Springs in Nevada. Most of the Afghanistan and Iraq are missions flown from Creech.

A defence official confirmed to CNN on Monday that the virus had infected the systems that control the drones but it hadn’t interfered with normal operations. Officials would not comment on the specific virus or how the virus had infected the systems.

The most likely source of infection seems to be the removable drives used to transfer data to and from the drones. The drones are in a sense debriefed upon their return, with all of the data collected during the mission unloaded to the removable drives. At some point the removable drives have been connected to the control systems, delivering it’s dangerous cargo. A persistent virus it is too, after each attempt at the cleaning process the virus seems to re-appear, even after 3 weeks the virus is still loitering away in the control system.

The American military machine is a large and unyielding machine. With various separate compartments that often operate in complete separation. Security researcher Miles Fidelman says “After seeing this, from a few sources, I’m reminded that there are a couple of vendors who’ve been selling the Defense Department security monitoring packages that are essentially root kits that do, among other things, key logging. Why would you put a key logger on a UAV? I kind of wonder if the virus that folks are fighting is something that some other part of DoD deployed intentionally”

Naturally, as so little is known about the virus we are unable to rule out an accidental or malicious intrusion. If it was malicious there are really only two scenarios, inside job or outside interest? Again there is so little information anything else we say will simply be speculation, so here we go.

It does smell of an inside job and if so the chances are it was a separate department or even a completely different separate arm of government – like the CIA. If drones are the next big thing maybe taking over your enemies drones could be a winning strategy. A test like this would need to be done in secret of course. Being as the U.S military has the largest fleet of UAV’s, it is also most likely that the intrusion occurred from within the continental U.S.A.

Hacking a spy plane, or using spying tools to spy on spies is the best twist so far. Is it possible that real-life spooks have been watching UAV operators, while they operate their tool of choice? Keyloggers are useless unless they can send the logs to their master. There have been no signs of the keylogger trying to breach the secure network. The entire flight control system is kept off the network to avoid situations like this, if this is a normal keylogger then it will be unable to deliver it’s cargo. Not that there is much that is normal about this virus. It made it into a completely isolated network of computers, can it make it out again?

This isn’t the first time a computer virus has been used against seriously tactical hardware. In 2010 a worm – Stuxnet – infected Irans Bushehr Nuclear plant. Stuxnet was discovered by Germany engineers, and it popped up in a number of other attacks – primarily in Iran, Indonesia, India and the U.S. The malware was capable of taking over systems that control the inner workings of industrial plants. Stuxnet surprised experts because it was the first worm specifically created to take over industrial control systems, rather than just steal or manipulate data.

A worst case scenario for a rogue Predator has to involve its payload of Stinger and Hellfire missiles. Predators are especially good at delivering their arsenal of missiles, as the Taliban will attest too. A rogue Predator represents a big handful of firepower and like a stolen handgun there is a level of anonymity to using someone else’s drone to do your dirty work.

Also interesting was the fact that at the latest Black Hat hackers convention in August two hackers, Mike Tassey and Richard Perkins, demonstrated WASP – Wireless Aerial Surveillance Platform – a flying communications hacking platform capable of Wi-Fi, cell phone and network hacking while loitering in the skies above its target. Able to fool mobile phones into thinking it’s a mobile tower the WASP can seamlessly relay any conversation and recording it in the process. Any Wi-Fi network it encounters can be compromised given enough time. While the WASP may sound ominous it was simply a large remote control plane with some cleverly programmed but simple communications electronics. In fact it was an ex-military target drone used during military exercises with spare bits bolted on. A Predator on the other hand has a 50 foot wingspan and some of the most advanced communication electronics on board any flying platform. Undoubtedly if you could reprogram a Predator communications systems would be an easy target to dominate.

Has someone created the ultimate hacking tool, a jail-broken Predator, if one goes rogue any time soon we can say they have. At the moment it looks to be a fairly harmless, low impact virus that has dug on into the UAV’s. Inside job or the new version of the Cold War bad guy, we may find out soon when the next twist and turn comes to light. It is highly recommended that if you are being followed by a Predator drone, don’t just run, get underground fast, it may have gone rogue.

source: wired
source: seclist
source: geekosystem

Buddha’s Brother out…