Predator Drone 'Virus' Could Be Military's Own Monitoring 99
jjp9999 writes "The virus that hit Predator and Reaper UAVs could be an internal monitoring system employed by the military. According to security researcher Miles Fidelman, there are vendors that sell security monitoring packages to the Defense Department which are 'essentially rootkits that do, among other things, key logging.' The virus is a keylogger that was found at pilot stations, and could be keeping tabs on keystrokes used by pilots to control the UAVs, found Wired's Danger Room blog. Fidelman adds, 'I kind of wonder if the virus that folks are fighting is something that some other part of DoD deployed intentionally.'"
Re:Yeah, um, they MEANT to do that... (Score:4, Interesting)
If they meant to do it, it's still incompetence, since they apparently just FORGOT TO MENTION it to the people whose job it is to detect actual outside attacks.
To anyone who's spent any time dealing with military computer security, unfortunately, this really isn't a surprise.
Re:Plausible Deniability to Assassinate People (Score:4, Interesting)
it must have been those pesky hackers; the virus did it.
No, I'm not buyin it.
The military is the military, they do not "do" plausible deniability: they receive orders, and execute them.
My guess is that these are nested "rootkits", if you will, reflecting the various levels of clearance that exist in a military foodchain. One can then log in and spy on all the others that his clearance allows him to.
Re:Wow... why are they using ...oh yeah, cost... (Score:5, Interesting)
I'd be willing to bet that since the drones started out as non combat systems, doing was acceptable in the beginning - and they've never gone back and redone the system as the drones have gradually morphed into combat systems and then into weapons systems. Or, they've justified not doing so on the basis that to do so would cost $X megabucks cause Y years delay in deployment.
As to the whole "this may be caused by our own monitoring"... (Left hand/right hand.) It wouldn't be the first time I've seen something like this. Back in the 80's, one of the Navy's technical branches came up with a spiffy new system that needed the submarine's heading as one of it's inputs. So when they installed the prototype on my boat, they spliced into an existing analog signal - one that also also fed ships heading to the [Trident backfit] missile fire control system. When the spiffy was operating, it would read the signal every minute - loading down the line and taking it out of spec for fire control, causing fire control to go into alarm.
Making things even more frustrating for the navigation guys and for us down in fire control, the spiffy (which was operated by a third, different, division) was only operated a couple of hours a day - making it look like an intermittent fault. An intermittent fault that didn't match up to anything either navigation or fire control was doing., and as any tech knows, that's hardest kind to troubleshoot. (Not to mention, what the hell kind of intermittent occurs precisely every sixty seconds for an hour - and then quits?) Finally, after a month of great frustration trying to track the fault, we made a Hail Mary pass and started physically tracing the signal from the nav center down to fire control - and discovered the splice.
It turned out that the branch that 'owned'[1] the spiffy also 'owned' the junction box the splice was made in, even though they didn't 'own' the signal that passed through it. Since a) the spiffy was highly classified [2], b) they 'owned' the junction box, and c) it was cheaper to make that splice than to run a cable to a less accurate heading source that they 'owned', they didn't feel any need to ask permission or inform anyone that they had done so.
Our CO solved the problem by ordering the spiffy shut down and tagged out... This then turned into an enormous turf war between the branches. It took Even Higher Authority explained the to spiffy's 'owners' that interfering with the ships strategic mission was Not Acceptable even if it made their spiffy more expensive. In the end, the spiffy was never deployed operationally anyhow because of other problems, and when the Cold War ended Congress declined further funding for it.
[1] Everything on the boat belongs to someone, on and off hull, and that someone is responsible for maintenance, training, funding, etc...
[2] Outside of the guys onboard that operated it and a few officers, all we knew was that "something" had been installed aboard for testing.
That's what the "preview" button is for, so you can see what it looks like and can edit it down int the edit box before submitting.