The Microsoft Tax: Virus infects Windows PC control systems of US Predator and Reaper drones

“The U.S. government’s unmanned Predator and Reaper drones are continuing to fly remote missions overseas despite a computer virus that has infected the plane’s U.S.-based cockpits, according to one source familiar with the infection,” Andrea Shalal-Esa and Phil Stewart report for Reuters.

“Government officials are still investigating whether the virus is benign, and how it managed to infect the heavily protected computer systems at Creech Air Force Base in Nevada, where U.S. pilots remotely fly the planes on their missions over Iraq, Afghanistan and elsewhere,” Shalal-Esa and Phil Stewart report. “Armed tactical unmanned planes have become an increasingly valuable tool used by the U.S. government to track and attack individuals and small groups overseas, but the virus underscores the vulnerability of such systems to attacks on the computer networks used to fly them from great distances.”

MacDailyNews Take: “Such systems.” Next time, use a real system.

Full article here.

Noah Shachtman reports for Wired, “The virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system. ‘We keep wiping it off, and it keeps coming back,’ says a source familiar with the network infection, one of three that told Danger Room about the virus. ‘We think it’s benign. But we just don’t know.'”

MacDailyNews Take: Well, that’s reassuring. (smirk)

“Military network security specialists aren’t sure whether the virus and its so-called ‘keylogger’ payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech,” Shachtman reports. “That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.”

Shachtman reports, “Despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered ‘days and days and hours and hours’ of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.”

“None of the remote cockpits are supposed to be connected to the public internet. Which means they are supposed to be largely immune to viruses and other network security threats,” Shachtman reports. “But time and time again, the so-called ‘air gaps’ between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.”

MacDailyNews Take: Some “security specialists.” What’s their code name, “The Keystone Kops?”

Read more in the full article here.

MacDailyNews Take: Gee, neither Reuters nor Wired seem to have seen fit to mention which insecure mess of an OS is at fault here. You’d think people would want to know that bit of info, would’t you? Let’s look elsewhere…

NewsCore reports, “A senior Air Force source with knowledge of the drone program told FOX News Channel that the… virus “showed up on a Microsoft based Windows system.”

MacDailyNews Take: Wow, what a huge surprise.

Read more in the full article here.

MacDailyNews Take: When you stupidly deploy insecure junk, expect to get trashed.

Related articles:
The Microsoft Tax: ‘Indestructible’ botnet attacks millions of Windows PCs; Macintosh unaffected – July 1, 2011
The Microsoft tax: Stuxnet computer worm infects Microsoft’s porous Windows OS; Mac unaffected – September 27, 2010
The Microsoft Tax: New undetectable Windows trojan empties bank accounts worldwide; Mac unaffected – August 11, 2010
The Microsoft Tax: Windows zero-day flaw exposes users to code execution attack; Mac unaffected – August 09, 2010
The Microsoft Tax: Critical flaw lets hackers take remote control of Windows PCs; Mac unaffected – August 07, 2010
The Microsoft Tax: New attack bypasses every Windows XP security product tested; Mac unaffected – May 11, 2010
The Microsoft Tax: McAfee correctly identifies Windows as malware; Macintosh unaffected – April 21, 2010
The Microsoft Tax: DNS Windows PC Trojan poses as iPhone unlock utility; Mac and iPhone unaffected – April 15, 2010
The Microsoft Tax: 1-in-10 Windows PCs still vulnerable to Conficker worm; Macintosh unaffected – April 08, 2010
The Microsoft Tax: 74,000 Windows PCs in 2,500 companies attacked globally; Mac users unaffected – February 18, 2010
The Microsoft Tax: Widespread attacks exploit Internet Explorer flaw; Macintosh unaffected – January 22, 2010
The Microsoft Tax: Windows 7 zero-day flaw enables attackers to cripple PCs; Macintosh unaffected – November 16, 2009
The Microsoft Tax: Windows 7 flaw allows attackers to remotely crash PCs; Macintosh unaffected – November 12, 2009
The Microsoft Tax: Windows virus delivers child porn to PCs, users go to jail; Mac users unaffected – November 09, 2009
The Microsoft Tax: Worms infest Windows PCs worldwide; Mac users unaffected – November 02, 2009
The Microsoft Tax: Banking Trojan horse steals money from Windows sufferers; Mac users unaffected – September 30, 2009
The Microsoft Tax: Serious Windows security flaw lets hackers to take over PCs; Macintosh unaffected – July 07, 2009
The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected – April 29, 2009
The Microsoft Tax: Conficker virus begins to attack Windows PCs; Macintosh unaffected – April 27, 2009
The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion – April 24, 2009


    1. Even quite dumb people have to know that they should not choose any military or otherwise critical mission systems to be controlled by such contaminated platform as Windows.

      The people who made the decision should be jailed, because they actually endanger people’s live with their bribed unexplainable choices.

      1. I do so agree with you. In the Navy we were forced to use M$ word and the like because some Adm wrote that we had to. Years later a rumor came about that M$ had hired a guy by the same name. Not sure if it’s true.

        But recall the ship that was ran by M$ software and the system crashed because of a divide by zero error? It had to be towed back to port. I am sure a bunch of people got promoted over that!

  1. what i do not get, WHY allow those using these computers to have free reign with internet access. restrict the access, certain sites only. they should have been closed systems. remove the drives, any any attempt to plug in a non secured USB thumb drive… flags a network admin. (It’s what we do at work here..)

    Military computers need to be more secure than they are, removing windows is just one security flaw.

    1. thumb drives have been banned in (networked) DoD PCs for years.
      Though it is sad the level of protections we’re forced to deal with due to being forced to use an inferior system.
      And replying to others’ comments, it is not uncommon to see senior officers and NCOs retire and come back the next week working for a civilian contractor pushing the same products they used to use and push as service members.

    2. They don’t have free access.

      That’s those references to “air gaps” in the original article.

      And all DoD Windows PCs (classified & unclassified) have had their USB Mass Storage driver disabled since 2008 (3 years).

      And yet this stuff still happens.

  2. i would bet anything I’ve got that if iOS had been the software the media would have been all over it, and selected analysts would have predicted the future of apple is now linked to drone hackage, and, of course, the short sellers would have their usual faux apple tip field day..

  3. So the US Military is a super secure site gets malware, yet we hear from countless ‘expert’ Windows users that if you know what you are doing there’s no issue and THEY’ve never had any malware on their machines. Sure.

  4. I’ll bet that the operators have been plugging flash drives into these systems probably think they’re playing video games and are taking copies home to play on their home systems.
    Seriously, though, how are people being allowed to take flash drives or flash cards into a supposedly secure work space. It absolutely beggars believe.

  5. These control systems are running Windows? Is that what I’m reading? I find that HARD to believe. That would be the stupidest decision ever. They spend billions building these systems, why would they choose Windows instead of some form of UNIX or write their own proprietary operating system?

    This brings up a memory from the January 2007 keynote when Jobs proudly said:

    “iPhone runs OS X” – man, that was a beautiful moment.

    1. The avionics remote HUD and control side yep they run windows.

      Seriously if you wanted to take the whole thing down you’d just need to plant a trojan that showed some hot chick on chick action while it delivered its payload, put it on a flash drive and hand it to any pilot in that place.

      You’d 0wn them in no time.

      What worries me about this, and i do IT security, is this…. So they have a known security threat on their network…. ok. What is running that they DON’T KNOW ABOUT?

  6. The internet originated as the arpanet in the late 1960s. It was originally a DOD experiment in packet-switching networking limited to DOD and defense contractors and implemented on mainframes. Later there were two pieces of legislation that Al Gore pushed through that allowed the internet to be commercialized and extended to the general public. Since the Internet is at its heart a tool for the US military, and since they’ve been using it for the last 42 years, they can’t avoid it.

    The US Navy (including the Marines) has a one-size-fits-all policy about computers. Everyone has the same browser, the same browser version, the same version of WIndows, and everything is tightly locked down. One virus can knock them all down.

    The US Army, on the other hand, has a policy of diversity. If you look up in Netcraft, you find they are running Windows Server 2003, Linux, FreeBSD, and OS X. The idea is that a problem with one OS won’t affect another. One problem cannot bring down the entire Army.

    The Army’s main web site for the public,, is hosted on OS X.

  7. When I was about ten years old, I rode with my uncle to an military base. He went there to buy things at the post exchange. We watched two soldiers pick up a heavy item on one end of a loading dock and carry it about 50 feet to place it on a wheeled cart at the other end of the loading dock.

    Uncle Al said to me, “That is our first line of defense.”

    I’ve never forgotten that lesson.

  8. Im not shocked personally.

    2 things come to mind and i deal with interfacing with government computers at work.

    First thing is some parts the government move s.l.o.w in IT. A large chunk of their stuff still requires IE6 and very old versions of java for.crying out loud. Shit isn’t patched like it should be. Its ridiculous from a security standpoint dealing with them.

    2nd is the USB flash support in windows. Unless you take the steps to lock it down then right out of the box you have a barn door open for local exploitation.

  9. Our hospital MRI equipment was infected in the same way. Machines costing millions of dollars used to help humans deserve better software than the Windows crap.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.