Air Force UAV Controls Infected with Virus

I’m sure you’ve all heard this, but just in case you haven’t, the Internet is abuzz with reports that the Air Force’s UAV ground control systems (GCS) at Creech Air Force Base, Nev., have been infected by a computer virus. The virus, that’s apparently recording drone operators’ keystrokes, was detected about two weeks ago. While it hasn’t prevented the service from flying UAV missions, it has proven to be difficult to remove — Air Force technicians are having to completely wipe the GCS’ internal hard drives to get rid of the virus. Service officials still aren’t 100 percent sure how it penetrated Creech’s firewalls nor do they know where it came from. It may be a run of the mill computer virus that somehow made its way into the base’s systems or it may be a sophisticated cyber espionage tool specifically targeting the U.S.’ drone program — no one knows yet.

Keep in mind that UAV operators load external hard drives onto the GCS to upload maps and share images taken by the aircrafts’ sensors. The Air Force suspects that one of these hard drives was infected since many of the classified GCS are heavily defended against threats from unclassified networks. Needless to say, the service has put a a freeze on the use of external hard drives at its drone bases.

Creech is host to the Air Force’s UAV schoolhouse and units that operate the MQ-1 Predator and MQ-9 Reaper armed UAVs that are famously used for ISR and strike missions around the globe.

More details as the story, first reported by Wired, unfolds.

  • This is how it starts. It ends with me running across a field trying to hide from a Hunter-Killer.

  • TMB

    Someone taint an external drive with their IPOD or a bad email attachment?

    • brok3n

      Probably. Either way the person who leaked the news out should be punished for OPSEC.

  • BigRick

    I thought the air force were the master’s of “cyber” space-oh wait, that’s just the commercial LMAO

    • crackedlenses

      It’s in development…..

  • Steve

    It should be noted that the keylogs are not being sent anywhere

  • JE McKellar

    Maybe a hacker can write a virus that prevents the drones from assassinating US citizens…

  • Bill

    Let me guess, a Microsoft Windows based system. Big surprise.

  • mpower6428

    i have a bad feeling that this is how its gonna be from now on.

  • wqedsd

    Doesn’t that raise questions about other possible undiscovered infections?

  • MacK

    USB Thumb drives and idiots and their email attachments play havoc with multi-million dollar IT departments and professionals, much less military members.

    • Zepheris

      no matter how good the IT department is, no matter how diligent and vigilant the IT manager is, at the end of the day the defense is only as strong as the weakest link. And despite the layered security systems the IT dept put on… ordinary employees will defy common sense and do something spectacularly stupid and cause a breach anyway.

  • William C.

    “Hey Colonel, this says I’ve won $10,000, should I click on it?”

  • Belesari

    Holy crap! Sir! I just got a email from my long lost brother in Nigeria! Dont worry only took me a second to send him my info!

    And guess what! He’s Rich!

    • fubard

      I guess that makes us brothers. I got the same e-mail

  • To prevent this I would force downloads from only approved upstream computers. Those upstream gis/command computers would be connected only by dark fiber to operational uav computers. I would centralize the data with SAN and use EMCs continus replicaton to replicate the data to remote disaster recover locations around the world that could be stood up instantly. I would use encrypted hard drives in the san envirnoment to prevent unautherized access even when removed. I would ensure that remote access was also only available to the upstream computers by secure nodes. I would virtualize the environment for high aviailability and disaster recovery using the newest most secure commercial technologies.

  • TLAM Strike

    Rumor has it that they have discovered that ‘Ctrl+Alt+F5’ fires the Hellfire missiles on the Predator, and that the pilots have sent chat messages to Al Qaeda stating they are “noobs” and have been “pwned”.

  • ew-3

    After doing 35 years of software/firmware development it’s hard to believe they can’t capture the problem.

    If needed single step the processor and get a history trace !

    Most systems have debug capability and they can trap on the problem.

    This sounds like BS.

  • Black Owl

    Manned warplanes are the answer!

    • TLAM Strike

      Why do they not have computers?

  • Balmner2

    [ ew-3 says: “This sounds like BS” ]

    Yup…. sounds really fishy.

    An ‘exclusive’ story from, based only upon ‘anonymous’ sources’. USAF (HQ ACC) officially declined to comment on the story.

    If the virus story is true — it would be heavily classified automatically — and any ‘leaks’ aggressively pursued by USAF OSI. Drone warfare is a really big deal these days — and any compromise of that capability would be a BIG crisis — not some fleeting news tidbit from a lone little web source.

    Or … the story (true or not) was intentionally leaked as propaganda to bolster support/funding for USAF’s Cyber Command mission and similar government efforts.

    Skeptical you should be.

  • Black Owl

    I’m wondering if this was actually something bigger or smaller than what is actually being stated. Could the system have been hacked by the Russians, Chinese, or some sort of terrorist organization and the Air Force didn’t want to face the humiliation of reporting it? I could be wrong, but it is just a possibility.

  • Tad

    Please tell me these systems do not run Windows.

    • Thomas L. Nielsen

      It does.

      If you press the “fire” button for the Hellfires, a message pops up: “Are you sure YES/NO”.

      Regards & all,

      Thomas L. Nielsen

      • Psypher

        Actually its probably some variant of Solaris…

      • SJE

        At least they got rid of the military version of “clippy” that used to pop up all the time and ask “it looks like you are trying to kill some Al Qaeda! Do you need some help with that?”

  • Dfens

    I’ll bet the same virus is resident in all of the computer components made in communist red China. So, let’s see what else we can outsource to our “buddies” over there…

  • Yep


  • A. Nonymous

    Frakkin’ Cylons!

    • marvel


  • Ranger Rick

    From British Forces News:

    The RAF has an entire British squadron of Predator and Reaper unmanned aircraft that have been operated out of Creech AFB. RAF 39 Squadron has been operating since 2007. As a matter of fact, the British crews operate within a combined US and British task force.

    The virus is so far only thought to have infected Americian systems, logging every keystroke of pilots and effecting operator consoles that control armed and reconnaissance drones in Afghanistan, Pakistan and Yemen. Attempts to wipe our the virus have so far failed.

    The website reports that the virus was first detected two weeks ago. The chances of a virus infecting systems has been increased by the use of portable drives by US pilots to upload terrain maps and mission videos.

  • m167a1


    This is a bit of a rookie mistake.
    Air gap security is fine, but anything you plug into it is a potential E-sec hole. I can see how useful the external drives are, but the zoomies are just going to have to do mission prep from secure terminals on site.

    As my business is IT. I’m a bit baffled why they can’t knock a keyloger back. Either they have some really bad juju on their hands or something is keeping them from taking basic steps to clear the system.

    Perhaps I should send in my vitae :-P

  • tiger

    Winblows still blows……

    MAC user forever.

  • Sanem2

    UAV’s get hacked, and they just keep on operating

    the F-22, the world’s most advanced fighter jet, has some oxygen problems and the entire fleet is grounded

    so not having a pilot makes drones actually more dependable

  • Uranium238

    “Skynet is the virus!”

  • cbmont

    I am fairly sure this has more to do with virus definitions being the cause, rather than an actual virus itself. Part of the security suite of products being used employ key loggers themselves as a way of relating to an asset baseline.

  • Interesting that duqu is a keylogger…

  • Thanks in favor of sharing such a nice thinking, piece of writing is
    nice, thats why i have read it entirely

  • Although they may incorporate general and bodybuilding workouts.
    After yesterday’s game, Whiteside’s explanation for his recent play was simple.

    Matches the quality will vary between them, and if you want to watch thematch on your TV
    and not your computer, you will need to purchase connecting cables.

  • The led headlights bulbs are designed for various vehicles as they can lead
    to brightness for the drivers. When you switch to this technology, assume that
    there is a considerable upfront charge. The LED lantern ends up being the more cost efficient option over time.

  • United Sttes federal brokers are thought to be especially interested in the loss of the Evolution dark net drug