The computers used to control Predator and Raptor drones used in Afghanistan and other war zones have been reportedly infected by a virus that captures the keystrokes of the pilots operating the unmanned aircraft.
Although detected two weeks ago by the military's network security systems, the military has been unable to purge its computers of the apparent keyboard logger, Noah Shactman reported Friday in Wired's Danger Room blog.
"We keep wiping it off, and it keeps coming back," a source familiar with the network infection told Shactman. "We think it's benign. But we just don't know."
According to the report, the virus hasn't prevented pilots stationed at Creech Air Force Base in Nevada--where the drone control center is located--from completing their missions. Nor has any classified information been lost or sent to an outside source, Wired reported.
No one knows how the malware got into the system or whether its arrival was deliberate or accidental, but it has infected both classified and unclassified machines. That means information nicked from the classified networks could be funneled to the unclassified networks where it could be leaked to clandestine locations on the public Internet.
According to Wired, the Air Force isn't commenting directly on the infection. A spokesman for the service's Air Combat Command, which oversees the drone program, said that that it doesn't discuss specific vulnerabilities, threats and responses to its computer networks because it can help intruders refine their attacks on military systems.
"We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover," the spokesman told Wired.
Although the keylogger appears to be harmless, some security experts found news of the intrusion alarming.
"This is bad in so many ways," Richard Stiennon, chief research analyst with IT-Harvest in Birmingham, Mich., told PCWorld. "It indicates that the military is using completely insecure operating systems and practices for the critical function of controlling drones."
"These are deadly weapons that must work as required and only when required," he continued. "To have their command and control corrupted by apparently common malware is inexcusable."
He maintained that the hard drives on the infected machines should be restored from a clean image. "A removal tool cannot be trusted to completely remove a virus," he asserted. "The fact that they attempted several times to remove this malware indicates the sorry state of protection within this critical military system."
John Bumgarner, chief technology officer with the U.S. Cyber Consequences Unit added: "It is highly troubling that the military computer systems used to fly classified Predator missions were breached by an unknown adversary. The security controls for these sensitive national security systems should have been held to a much higher standard by the Department of Defense."
Sign up for Computerworld eNewsletters.