Forgot your password?
typodupeerror
The Military Security United States IT

Air Force Network Admins Found Out About Drone Virus Through News Story 161

Posted by Soulskill
from the right-wing-doesn't-know-what-left-wing-is-doing dept.
Nemesisghost writes "Wired's Danger Room reports that the network admins of the 24th Air Force found out about the virus infecting the drone cockpits at Creech Air Force Base in Nevada by reading the earlier news article. Quoting: 'Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the U.S. military secures its information infrastructure: There’s no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak of. The four branches of the U.S. armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. ... In practice, it’s not that simple. Unlike most big private enterprises, the 24th doesn’t have a centralized system for managing and monitoring its networks. There’s no place at the 24th’s San Antonio headquarters where someone could see all the digital traffic hurtling through the service’s pipes.'"
This discussion has been archived. No new comments can be posted.

Air Force Network Admins Found Out About Drone Virus Through News Story

Comments Filter:
  • YAY (Score:5, Insightful)

    by bobstreo (1320787) on Tuesday October 11, 2011 @07:45PM (#37685312)

    Compartmentalization AND Security through obscurity.

    You can't make this stuff up.

    • Ha! You guys are so gullible! Don't you see? Its feints within feints! The 24th is a honeytrap! While the cyber enemies scramble to infiltrate the vulnerable 24th Air Force's non-existant NOC, our 1337 cyber-commandos are... you guessed it, in their base killing their doods. Brilliant! That's why they refer to the U.S.A.F. as "the Thinkers." Feints within feints!! w00t!
      • Funny. I've never heard of the USAF being referred to as "the Thinkers". Sorry, but I have little use for the Air Force. Anything they can do, the Army and the Navy can do. The Air Force can make no such counterclaim. I have higher regard for the Royal Air Force. Those boys get down and dirty with their sister services. The Royal Air Force even has it's own infantry, capable of securing and defending a base in a forward operating area. http://www.raf.mod.uk/rafregiment/ [raf.mod.uk] The USAF relies on the depar

      • Re:YAY (Score:4, Interesting)

        by EdIII (1114411) on Tuesday October 11, 2011 @10:07PM (#37686222)

        You know... you might be saying that being funny.

        However, I think you truly have a point. At least I really hope so. What is claimed in this article makes Air Force cyber security look so weak and pathetic that whoever they have tasked to do it could not qualify for a job with the Geek Squad.

        If our security really is that weak.... why the hell are we worried about terrorists taking over civilian aircraft still when they could remotely take over a bunch of armed drones and attack military and civilian targets with our own advanced weaponry?

        • Re:YAY (Score:4, Funny)

          by catmistake (814204) on Tuesday October 11, 2011 @10:33PM (#37686376) Journal

          If our security really is that weak.... why the hell are we worried about terrorists taking over civilian aircraft still when they could remotely take over a bunch of armed drones and attack military and civilian targets with our own advanced weaponry?

          I think it may be more difficult to get the good PS3 controllers in the desert, and even when they do, the sand just wreaks havok on them.

          • "They" wrote software to make refining centrifuges crap out. "They" can probably make a crude interface to make a drone head back to base and drop it's ordnance onto the toilet block.
        • I am.

          The fact that they don't have a means of broadcasting alerts to the technicians is a sign of an absolutely scary level of incometence.

          Are the launch codes for the nuclear arsenal as well protected and monitored as the drones? If so, the entire world should be terrified of American incompetence.

          • by TheCarp (96830)

            Incompetence? From the people who allowed the tail to wag the dog so long that we built a military so many times bigger than we ever needed, that we go around playing world police with it...on our own dime?

            Yah, "competence" is exactly what I would expect from a people so gullible that they get dragged into conflicts all over the globe every few years.

    • Re:YAY (Score:4, Insightful)

      by Ihmhi (1206036) <i_have_mental_health_issues@yahoo.com> on Tuesday October 11, 2011 @11:31PM (#37686658)

      It is kinda insane. The Army, Navy, Marines, and (of course) Air Force all have flying vehicles. I think if it flies, it should be handled by the Air Force, period. If you need special forces stuff like SOAR [wikipedia.org], then they should be an air forces special division. Similarly, the Navy ought to handle the boats (save for the Coast Guard, which is separate for a good reason), the Army should handle infantry, etc.

      I really don't get why there's all these branches of the military with overlapping roles - branches who don't talk to one another. That's how stuff like this happens. You really need one organization to handle something like networking but you end up with 4 or 5. Bureaucracy at its finest!

      • What? (Score:4, Insightful)

        by gottabeme (590848) on Wednesday October 12, 2011 @02:18AM (#37687308)

        What you've just suggested is the same error clueless bureaucrats make about technology, except in reverse; the other side of the same coin.

        PHBs who have no idea how computers or networks work say to organize or administrate them in a way that makes sense for organizing tangible items with physical problems, but utterly fails when applied to computers.

        You have suggested organizing the branches of the military according to the way a computer network should be organized. Worse, you've suggested this not only regarding the branches' computer networks, but also regarding military operations.

        Not only do you ignore the inter-service cooperation that already exists, but you ignore the pointless extra division that your idea would entail, like having AF pilots flying aircraft off carriers or flying Blackhawks full of Army troops. In both cases, the AF pilots would be working exclusively with members of the other branch, so what would the point be of having them under a different CoC? They'd end up assigned to TDY under another branch...in which case they might as well be in that branch in the first place. It really doesn't help unit cohesion to have artificial divisions between, e.g. the chopper pilots and the troops they carry around and support.

        Are you even aware that the Marines are under the Department of the Navy? Sheesh.

      • Because the people at the top in the various organizations will not give up anything. It would be a weakness to say that someone else could do it better.
      • by jittles (1613415)

        It is kinda insane. The Army, Navy, Marines, and (of course) Air Force all have flying vehicles. I think if it flies, it should be handled by the Air Force

        IF you knew your history of Army Aviation, and such you'd know that the Air Force has no interest in providing the Marines and Army with what they want. In fact, when drones started becoming big, the Air Force specifically said they would not touch anything that doesn't fly above 10,000ft. So what will the Army or Marine Corps do if the Air Force doesn't want to provide them with the Close Air Support and low level surveillance that they need? They will roll their own of course! And it's the Air Force's l

    • by RingDev (879105)

      No idea how things have gone since I finished my tour, but back in 2000 the USMC was unloading all internal IT knowledge and moving to consultants. If the Airforce made the same move, this could entirely be due to a private corporation that our militarty is dependent on keeping quiet to protect their contract and having an individual leak the story to the press.

      That would explain why the DoD had no idea about it until the story was published.

      -Rick

  • do they even bother to check ... apparently not

  • ... when the news pointed out recently that all the drone video surveillance footage is sent unencrypted? I know I found that a little surprising.
    • by jd (1658)

      Not sure about "recently". This has been reported time and again for years. I recall reading on Slashdot quite some time back on how people in Pakistan were able to watch drone transmissions using cheap television decoders.

    • by jeff4747 (256583) on Tuesday October 11, 2011 @10:05PM (#37686212)

      No, because that is intentional.

      If you encrypt it, you have to distribute the decryption keys. That's not a trivial task when you're talking about military situations. You have to deal with unreliable communications, the possibility of a unit being overrun and keys captured, and distributing new keys regularly over a very wide area to units from several countries. Now remember that any of these problems don't merely cause downtime, but get troops killed.

      Or you just transmit the video unencrypted.

      The assumption was any adversary sophisticated enough to receive the video would also have the minimal radar and signals capabilities to detect the presence of the drones anyway, so the video itself would not be all that helpful.

      That assumption doesn't hold with the conflicts we are currently fighting, so they're trying to figure out if it's sufficiently worthwhile to encrypt the data with the problems that would cause.

  • I wonder how much porn and illicit downloading goes through the military networks? In all the other computer networks I've seen, if no one is holding users accountable, the network will be abused.

    So, tell me, again, how the virus got on the machines? A "thumb drive," you say? And, the virus keeps returning? Hrmmm...

    Who thought this network infrastructure arrangement would be a good idea?

    • by Anonymous Coward

      USB drives are banned on at least US Air Force networks, your user account will get disabled if you even plug one in.

    • From what I read in another article, they were using portable hard drives to do map updates and download the footage as the systems are not attached to the main network. Now the drives appear to be infected as well as other computers so tracking down all of the sources of the virus and eliminating them requires a lot of sneakernetting.

    • by jeff4747 (256583)

      I wonder how much porn and illicit downloading goes through the military networks?

      Not much. They use proxies and whitelists. Your average elementary school is less locked down than the military networks.

      So, tell me, again, how the virus got on the machines? A "thumb drive," you say?

      If you're going to claim incompetence on their part, you could at least RTFA. Portable hard disks used to transfer map updates from network-connected systems to the isolated network where the drones operate.

  • Standard security practice for high reliability systems is they don't get on the internet, and you lock them down so the operators can't install software. So how could a glorified arcade machine get infected? Oh that's because the men running it like to play games (that aren't installed) so they bring them in on usb sticks and badger the admins to unlock the machines so they can install them. Or the network admins are incompetent.
  • Just about every possible problem has been discussed on slashdot before.

    Trying simple things to lock down military PC's such as sealing up CD-ROM/DVD drives and USB ports is defeated by the motivation of troops wanting to listen to his MP3 collection or view family videos.

    Then the security of actual networks isn't done because the admin's are also engaged in regular military duties. They only have enough time to get any system setup before moving to the next assigned work task.

    Research groups also have stud

    • by Kittenman (971447)

      Trying simple things to lock down military PC's such as sealing up CD-ROM/DVD drives and USB ports is defeated by the motivation of troops wanting to listen to his MP3 collection or view family videos.

      Not so. It's thwarted by the officer in charge (civilian or military) not saying "NO!".

      And then thwarted by not having an automatic scan of the thumb drive on insertion.

    • by jd (1658)

      It really doesn't help that the military use Windows for this stuff. Windows is not a Trusted OS. (If you read through all the literature on trust across multiple devices connected together, the upshot is that it should not be possible to violate Mandatory Access Controls. You should not be able to write data that is of a higher security setting than the device you are writing to can support. MAC is always inherited, so no program on an untrusted device should ever run at higher privilege than the subset of

    • by couchslug (175151)

      "Then the security of actual networks isn't done because the admin's are also engaged in regular military duties."

      That's because the AF combined career fields and merged the welfare-queen Admin field with the computer folks. Whoever made that decision deserves a blanket party....

    • by hedwards (940851)

      The computers that troops use for personal use shouldn't have any sensitive information on them and they shouldn't have any access to it either. Granted the troops themselves will have access to information that's sensitive, but that's a different matter than this.

  • ... you post "I, for one, welcome our pwned drones!" you never know who might be reading.

  • by hedgemage (934558) on Tuesday October 11, 2011 @08:03PM (#37685450)
    When nuclear weapons were new, each branch of the military tried to become the 'nuclear' arm by introducing new weapons systems and trying to impress politicos with how they should be the ones with the budget and prestige. We don't need multiple branches of cybersecurity forces, we need one branch that can handle it all. Time to dump the military romanticism of the 18th century that divides our military into earth/water/air/fire/heart and reorg. Hell, maybe we even need another side to the Pentagon for cyberwarfare.
    • When nuclear weapons were new, each branch of the military tried to become the 'nuclear' arm by introducing new weapons systems and trying to impress politicos with how they should be the ones with the budget and prestige. We don't need multiple branches of cybersecurity forces, we need one branch that can handle it all. Time to dump the military romanticism of the 18th century that divides our military into earth/water/air/fire/heart and reorg. Hell, maybe we even need another side to the Pentagon for cyberwarfare.

      Perhaps not. If you have ONE system that gets compromised and the whole shooting match is compromised. This way, the system is so screwed up that it takes years to figure out who's on first.

    • by couchslug (175151)

      Nonsense. Leadership and giving the right ORDERS works fine.

      You can TELL the military to stop using Windows tomorrow and they either do that or it's UCMJ time. The example is extreme but real.

      A lot of cybersecurity would be to reduce bullshit computer use. Take away options. Take unclassified systems off the internet or filter them heavily.

      • by jamstar7 (694492)
        I think you mean classified. It's been a zillion years (OK, nearly 40) since I wore the uniform, but I doubt any classified networks are on the internet. DARPANet was for defense contractors and Pentagon paper pushers, not military units.
      • Shhhh. If radiomen and generals can't play solitaire anymore they'll rebel!

        Heaven help us if you take away their animated cursors
    • by radtea (464814)

      Time to dump the military romanticism of the 18th century

      Yes, it is, but the consequence is not to reduce the armed forces to a professional core and a citizen's militia whose mandate is national defense not fighting wars. Wars are not and cannot ever be anything but the result of irrationality, romantic or otherwise. Unless it is in direct, on-the-ground defense of their homes soldiers all fight for non-rational reasons, and wars are always fought for non-rational reasons.

      By all means dump military romanticism. You'll end up like the Swiss: heavily armed, pe

    • USCYBERCOM. [wikipedia.org] Then again, we already have DISA [wikipedia.org] so why we needed to make things more complicated is anyone's guess.
  • by kaoshin (110328) on Tuesday October 11, 2011 @08:05PM (#37685470)
    Ok, is this what they meant by downgraded provisional cyber command? As in, a room with pictures of maps on big flat screens and no actual command of anything? If this is the best the most elite hackers our military can muster, then I think my wife should try and apply. She knows how to use Excel pretty well.
    • by Stray7Xi (698337)

      If this is the best the most elite hackers our military can muster, then I think my wife should try and apply. She knows how to use Excel pretty well.

      In fact that is exactly how military works. They hire mostly people with high school education and train them into career fields. Cyber command started just over a year ago. Apparently you think the military should be able to train up people in 1 year for what takes colleges 4 years to do.

      I prefer to think of them as CS college sophomores... they're still thinking about switching majors because "math is hard."

      • by hedwards (940851)

        That approach used to work, prior to the US Army Air Corps., there wasn't much in the way of pilots available so, they had to train them quickly after enlistment. Especially since the pilots that were available didn't come with dog fighting strategies already in hand. Cybersecurity isn't a new field and trying to train people from scratch without having the infrastructure in place is just going to end badly.

        I'm not really sure what the solution is, but it strikes me as naive to assume that just because they

  • ..military, they really excelled when they added those bottom two mental categories (Category 5, unbelievably dumb, and Category 6, do not compete with a Pet Rock, sir!). Seriously, though, this is a prime example of what transpires when they've shipped the bulk of tech jobs offshore (as of July, 1999, there has been NO NET NEW job creation in the USA --- thanks Wall Street!!!): they keep erasing it and it just keeps coming back. Hmmm......and they do bisynchronous broadcasting: back and forth between t
  • We don't and probably won't ever really know the true nature of this virus. Assuming there is a C&C outside the network or a traitor inside, the thing probably was either told to self-destruct, plant a bogus virus and delete its trace - or it was manually deleted. And since no one was actively monitoring the systems, I'm guessing their logs and back-ups are in such a disarray that forensics won't yield much about the original infection.

    *sarcasm* way to go, Obama. You can hire the world's best data minin

    • start by hiring people based on skills and not BA's. It IT hands on work / training / tech school is a lot better then a 4 year CS class load.

      Also there needs to be a way to get tech people in with out the boot camp part and or having to deal all the rank crap or the move up or get out idea. Some tech people can do good as a manager other not so much.

      Also no stay away from lot's of non tech mangers.

      • by Zakabog (603757)

        ... I'm technical and I made it in boot camp (USMC). Every Marine a rifleman. Its not hard and they don't just want IT people. Yes maybe if we get rid of boot camp and increase the pay for certain jobs and stop requiring everyone know how to shoot then the IT staff might be a little better, but I really doubt by much. There are some smart guys in the military things like this are usually a management issue.

        • ... I'm technical and I made it in boot camp (USMC). Every Marine a rifleman. Its not hard and they don't just want IT people. Yes maybe if we get rid of boot camp and increase the pay for certain jobs and stop requiring everyone know how to shoot then the IT staff might be a little better, but I really doubt by much. There are some smart guys in the military things like this are usually a management issue.

          well you want IT people to be IT not rifleman or other stuff that can let then be pulled from the IT to a non IT rifleman job even more so for a state side job.

          Also there are IT people who are to old for boot camp and or are hacker types / people with Asburger / other stuff who can do a IT job but can't be the type of person you want on the front lines as a rifleman or the people who will fail boot camp.

          It needs to be out side of the enlisted / officer side of things. Maybe direct commission like with scien

          • well you want IT people to be IT not rifleman or other stuff that can let then be pulled from the IT to a non IT rifleman job even more so for a state side job.

            IIRC 'every man a rifleman' is characteristic of the Marines, and not the same as other branches. The Marines consider it very important that every member of the team can operate that way. This is related to the particular job that Marines are intended to do, operating as small groups often out of touch with higher levels of command. So everyone on the team has to be able to pick up the slack when they lose someone. (IANA military guy - I've just read a lot.)

            It's worth noting that in Desert Storm the Ma

  • So apparently Wired had the story in the first place, and now they have a second story reporting that the Air Force never knew about the problem until reading about it in their first story? There are two serious problems here.

    First, it seems like Wired has motive for some exaggeration or misrepresentation here: "Our investigative reporting is so top notch they don't even know they're being investigated!" Certainly major exposes make it to press without a leak, it happens all the time, but any journalistic
    • by biodata (1981610)
      Yes but on the other hand if you find flaws in Microsoft or credit card systems the worst that would happen is some fraud and/or inconvenience if the flaws are exploited. The possibility of automated remote controlled murder is a different thing entirely and should perhaps be treated differently. Going public early with maximum sensationalism might increase the likelihood of people realising that remote controlled killing machines are ultimately too dangerous to us all to allow their continued proliferatio
    • by DrVomact (726065)

      So apparently Wired had the story in the first place, and now they have a second story reporting that the Air Force never knew about the problem until reading about it in their first story? There are two serious problems here.

      Not if you bothered to read the article. Here is the first paragraph:

      Officials at Creech Air Force Base in Nevada knew for two weeks about a virus infecting the drone “cockpits” there. But they kept the information about the infection to themselves — leaving the unit that’s supposed to serve as the Air Force’s cybersecurity specialists in the dark. The network defenders at the 24th Air Force learned of the virus by reading about it in Danger Room.

      Some people in the Air Force

      • by Rich0 (548339)

        Perhaps a bit of mental clouding is to be expected among individuals who run a weapon system "allowing U.S. forces to attack targets and spy on its foes without risking American lives"—apparently by killing them [mediaite.com]. Doublethink and duckspeak aren't conducive to organizational efficiency...but that's the price you have to pay to keep the terrorists from winning.

        Uh, anybody who joins the military should know that their primary function is killing people, or making other people more effective at killing people, or otherwise helping to kill people. I'm not sure how that results in mental clouding - pretty smart people have been killing each other since the dawn of time.

        And inefficient organizations are hardly something unique to the military. When people find a mistake in their records how many people drop what they're doing and call the corporate auditing group to

  • That's a headline we may see if we lose control of those things.
  • from TFA: There’s no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak

    Maybe it's for the better. If there was a central control of whole network it would make it a great target for attack.

  • Part of the shuffling around that created Cybercommand also created the 24th Air Force to be the AF's IT shop. They're still standing up and taking over operations from all the separate units.

    So it's not completely surprising they wouldn't know about it. They may not have taken over at that base yet.

  • by Anonymous Coward

    1) The network goons know they should report it. They dun goofed, they are in BIG trouble.

    2) Had this virus been on a network that crosses into the Internet then it WOULD be detected. End of story. Even if it didn't cross into the Internet, it was detected by HBSS - aka anti-virus. Somehow the reporting dun broke down.

    3) There will be fallout but most of this is FUD, telling the narrative "OMG teh US Military is not ready for CyberWarz!" Ok, chicken little, settle down... unless you are a airman in the

  • "Windows" was Orange Book C2 Rated in the 90s on WindowsNT v3.5SP3 on 3 certain Compaq Hardware Specs, with no CD Drive, Floppy Drive, no modem and no network connection. How much different could it be now. We have been told Windows 7 is the MOST SECURE Windows yet... so its gotta be better now than in the 90s. Right? The saying "Remember Ed Curry!" keeps popping up in my head for some reason.
  • The drone control systems should be completely isolated physically. A secure drone control network should be devoid of any physical/wireless/removable media connection to anything other than drones and other drone control devices under local command. This must include input vectors such as removable media or anything other than secure updates installed by military personnel.

    Think STUXnet.

    Or perhaps SINOnet?

    Paranoid? Or not paranoid enough?
    • Aww, I said should when I meant MUST. As in "A secure drone control system MUST be completely isolated physically. A secure drone control network MUST be devoid of any physical/wireless/removable media connection to anything other than drones and other drone control devices under local command. This MUST include input vectors such as removable media or anything other than secure updates installed by monitored military personnel.
  • One would think analyzing your own data traffic would be a good thing. sheesh...

  • If they're stupid enough to use Windows, why should we expect them to be smart about anything else? I was hoping the military would be more sensible than to use an OS with a history of security issues. It's only a matter of time before terrorists manage to hit us with our own weapons. It's pretty pathetic when we grow up in a computer centric culture and yet we allow people without adequate computer knowledge manage IT in the military as well as companies.

    Networking engineers tend to be fairly braindead. Th

  • "There's no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak of. "

    I am shocked that US runs it's country like this, build a big switch and glue someone's hand to it immediately you crazy fools.

  • by smash (1351)
    no IDS? no network sniffing?
  • What's really amazing is that no one at Creech AFB bothered to tell their cybersecurity guys for two weeks even after they knew they had it. Imagine that! For two weeks!!! So, since no one outside Creech knew of the exploit it makes me wonder who broke the store that finally informed the security folks. Obvsiously someone at Creech who knew about the virus and was somewhat upset that no one was reporting it.

    The USAF has more problems than just security. It has some serious disciplinary issues.

  • Any organization as large as the US military is going to make mistakes and have breaches. Hopefully, they are identifying breaches on a regular basis, because such events are likely frequent occurrences. What is most troubling about this is that this is a fairly significant breach of a critical strategic asset. After all, the greatest vulnerability of automated war machines is the ability of the enemy to compromise those machines. This sort of event is bound to happen, prevention isn't going to work every t
  • And I thought it was bad when we find out about virus infections when our firewall blocks the spambot...

  • If a war started right now we don't know who would choose where any of the major weapons would be pointed. Anonymous? The NSA? China? Russia?

    Of course the really secret weapons (buried by the opposition under Soviet and American cities) are probably still just as effective as they were when deployed in the 60s and 70s.

"I have more information in one place than anybody in the world." -- Jerry Pournelle, an absurd notion, apparently about the BIX BBS

Working...