Air Force Drone Controllers Embrace Linux, But Why?

U.S. Air Force switched drones ground control operating system after a credential-grabbing malware outbreak. Security expert thinks its more than coincidence.

Did a Windows virus outbreak in systems related to military drones cause the Air Force to switch its control systems from Windows to Linux?
Last year, U.S. military drone control systems were infected with Windows USB worms. They seem to be moving the control systems to Linux now, said Mikko Hypponen, chief research officer at F-Secure,
via Twitter
.
As evidence of the apparent shift, he posted pictures of a drone control system
from 2009
(the image was originally published by the Air Force), which appears to sport a Windows graphical user interface. (A
cropped version of the image
also appeared in
Air Force Times
in 2009.) For comparison, Hypponen then posted an unclassified
slide from a 2010 briefing
that details Linux as being part of a 2011 upgrade and refit for drone control systems, and which sports a different graphical user interface.
[ Malicious attacks accounted for 40% of disclosed breaches last year. Learn more:
Hack Attacks Now Leading Cause Of Data Breaches
. ]
Would the operating system switch provide an immediate drone control system security boost? If I would need to select between Windows XP and a Linux based system while building a military system, I wouldnt doubt a second which one I would take, Hypponen told
the
Register
.
While the timing of the apparent shift from Windows to Linux may be coincidental, it comes in the wake of a
malware outbreak involving drone control systems
last year. In October 2011, the Air Force acknowledged that
malware had been detected
on portable hard drives in use at Creech Air Force Base in Nevada. The majority of the countrys unmanned military drones are remotely flown from the base, and used for missions in Afghanistan and other war zones. But the Air Force said that the malware, discovered in September 2011, hadnt affected Remotely Piloted Aircraft (RPA) operations, but rather just ground control systems, which are responsible for drones weapons and surveillance capabilities.
The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the RPA pilots to safely fly these aircraft remained secure throughout the incident, according to a statement released by the Air Force.
The Air Force also downplayed the malwares threat, saying it wasnt a keylogger--as first reported by
Wired
, which broke the drone malware
story
--but rather a
credential stealer
, which is typically designed to capture logon credentials for Webmail, FTP sites, and online games.
The malware was detected on a stand-alone mission support network using a Windows-based operating system, read the Air Force statement. It is not designed to transmit data or video, nor is it designed to corrupt data, files, or programs on the infected computer. Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach.
Arguably, however, any intelligence gleaned by a credential stealer might be useful for someone who wanted to
compromise a drone
, as Iran recently did with a U.S. Sentinel drone, reportedly by jamming its remote-control channel, then feeding it fake GPS coordinates and making it believe it was landing at an American base.
But the Air Force said that the infected computers were part of a ground control system used to support unmanned aircraft operations, and that the malware never infected the aircrafts flight control systems. Furthermore, those flight control systems are supposed to be protected by an
air gap
, and never connected to the Internet. But the presence of
malware on portable drives
--approved for transferring information between systems, as the Air Force put it--indicates an obvious potential infection vector, should those drives have been plugged into flight control systems.
According to
Defense News
, the portable drives had been used to load map updates and to transfer surveillance videos between computers. After the malware outbreak, however, the use of such drives was banned.
InformationWeek is conducting our third annual State of Enterprise Storage survey on data management technologies and strategies. Upon completion, you will be eligible to enter a drawing to receive an Apple iPad 2. Take our
Enterprise Storage Survey
now. Survey ends Jan. 13.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps