Malware found on US drone base was gaming keylogger
Transferred on portable hard drive
The malware reported last week to have infected computers used inside the Nevada Air Force base that directs US drone missile attacks has turned out to be a harmless keylogger for stealing gaming passwords.
The story recounted to the Associated Press agency will calm fears that the Creech base had suffered a targeted attack designed to disrupt or gather information on a critical part of the US military’s offensive capability.
The unnamed malware was described by officials speaking anonymously as having infected workstations and non-critical system used in ground support and which had no direct bearing on the drone missions themselves.
Related Articles on Techworld
Given that such systems will have been isolated from external networks, this much was probably a given. But the US Air Force has still found itself in the embarrassing position of having to over-explain a chain of events that would be mundane in almost any other context.
According to Colonel Kathleen Cook of Air Force Space Command, the gaming keylogger got on to the base’s systems after being transferred on a portable drive.
“We felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question,” Cook was quoted as saying.
The US military has a troubled history of security incidents connected to portable drives, which have become an integral and probably essential part of a giant sneakernet.
In 2008, the US department of Defense suffered a worm outbreak connected to a USB flash drive, which led to a widespread if temporary ban. After the Wikileaks scandal in 2010 – during which a soldier was believed to have copied classified diplomatic cables and other sensitive files on to a CD before sending them to organisation - all removable media were banned by the Air Force.
It seems from the latest outbreak that the sneakernet found ways around this ban or that some exceptions were allowed.