Fucking Toasters. [Runs for seat on colonial shuttle].
posted by Dr. Zira at 3:09 PM on October 8, 2011 [10 favorites]

On second thought, I think I hear music in my head, so I think I'm all good. Plus, I have a pot roast in the crock pot.
posted by Dr. Zira at 3:11 PM on October 8, 2011 [7 favorites]

When the US military feeds Wired an exclusive, I automatically assume it's to serve some political agenda. In this case, we have a total non-threat ("probably benign") blown up to evil uber-hack as fodder for the ongoing "cybersecurity" budget expansion. But maybe I'm just a cynic.
posted by mek at 3:12 PM on October 8, 2011 [40 favorites]

Yeah part of me was going " Why the hell would they make this public?"
posted by The Whelk at 3:13 PM on October 8, 2011 [9 favorites]

But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground.

Why would this be?
posted by Dr. Zira at 3:16 PM on October 8, 2011

I wonder how long before US laws are rewritten to allow widespread law enforcement/military UAV use inside the country.

What laws would prohibit that today? Obviously the military is barred from domestic law enforcement by the Posse Comitatus Act, but what laws would stop local or federal law enforcement agencies from using drones for aerial reconnaissance?
posted by BobbyVan at 3:24 PM on October 8, 2011 [1 favorite]

It's all planes too, not just the drones. Here is a good article. They are working on a fix as of 2009 so I figure they got it done by now?

I wonder how long before US laws are rewritten to allow widespread law enforcement/military UAV use inside the country.

No drones at RNC convention after all...But police eliminated the drones from their convention shopping list because of the possible cost, the fact that they had limited flight time and the possibility that they might run into problems with federal aviation regulations, Hamlin said.
posted by furiousxgeorge at 3:26 PM on October 8, 2011 [1 favorite]

(All planes for snooping, not the virus)
posted by furiousxgeorge at 3:26 PM on October 8, 2011

It's a leak, not an official statement. The only actual sources quoted are "sources familiar with the network infection".

Could be that the leak is from underlings that are frustrated with their inability to hold higher-ups accountable for their incompetence/nonchalance regarding security.

Or the virus is a known non-issue, being handled by base infosec, and these guys just like to talk shit (remember how many contractors work on this kind of stuff).

The worst case, given that this is the age of Stuxnet, would be that UAV operations are ongoing with an unknown piece of malware infecting operational equipment. I really, really don't want to believe that would be possible, although pressure from above and military bureaucracy sometimes trumps common sense.
posted by RobotVoodooPower at 3:28 PM on October 8, 2011 [1 favorite]

Um, why are US military operational computers running hackable off-the-shelf commercial operating systems, that are known to be vulnerable to virii?
posted by Artful Codger at 3:33 PM on October 8, 2011 [8 favorites]

The Pentagon disclosed in July[NYTimes] that a "foreign intelligence service" had retrieved over 24,000 files during a single intrusion, including plans for "surveillance drones".

While it's possible that some contractors are cooking this up for additional funding, I'd be looking in China's direction as well...
posted by BobbyVan at 3:34 PM on October 8, 2011

I wonder how long before US laws are rewritten to allow widespread law enforcement/military UAV use inside the country.

--

What laws would prohibit that today? Obviously the military is barred from domestic law enforcement by the Posse Comitatus Act, but what laws would stop local or federal law enforcement agencies from using drones for aerial reconnaissance?


I am a grad student in a NASA sponsored human factors program and I was just informed that I'll be helping with a task analysis for UASs (unmanned aerial vehicle systems) in an effort to get a grasp on how to most safely and efficiently integrate them into the National Airspace System (NAS).

From the limited information I got in the brief meeting I gather that it is currently a pain in the ass for them to fly around in the NAS (something about getting an advanced letter of consent from each area they fly over) but that they are expected to be used much more in the future so we need to figure out a way to do it.

So, while there may be no "laws" per say, I don't think it will be long before they're much more commonplace.
posted by Defenestrator at 3:38 PM on October 8, 2011 [4 favorites]

...And this inevitably leads to Skynet becoming self aware.
posted by Renoroc at 3:40 PM on October 8, 2011 [3 favorites]

From what I've seen develop, this isn't much more than a keylogger that got onto some of the Windows machines at the control station (Creech, In NV)- not the drones, or their control systems. And apparently it was traced back to a transfer from an external USB drive (why those ports aren't epoxyed over is beyond me). I don't even want to think about what obsolete junk they must have protecting their Windows boxes, and I'll bet they're a) physically firewalled from receiving signature updates, and b) not internally pushing anything to keep them up to date.
posted by nj_subgenius at 3:41 PM on October 8, 2011

Um, why are US military operational computers running hackable off-the-shelf commercial operating systems, that are known to be vulnerable to virii?

Well, because writing your own OS is a massive PITA and rarely makes sense, except for dedicated real time systems. Internal systems on avionics platforms and most sat stuff is custom, but tons and tons of other things run on Wintel platforms. Drones are cheap and didn't get the same level of attention as fighter jets whose software is highly custom and protected.

Some of this article is complete crap. That a keylogger could just transmit the data from a drone platform back to an internet site reflects a poor understanding of how these networks work and how they connect to the rest of the world. It isn't impossible, but it would require multiple failures of people to handle things they way they are supposed to and a wildly customized virus with significant inside help. This sounds more like a standard virus we can't eradicate situation, which is still a problem, but a different kettle of fish.
posted by Lame_username at 3:51 PM on October 8, 2011 [7 favorites]

Any chance they'll retask that military funding toward building some semiconductor plants inside the U.S.? You know the high frequency traders would pay more for CPUs, boards, and drives that were made without any built-in spyware.
posted by jeffburdges at 4:12 PM on October 8, 2011 [4 favorites]

I wonder if the lunchroom chatter is like this - as it is anywhere when someone says they have a virus...

They should try Symantec, or Trend, Trend Micro is pretty good. Or if that doesn't work McAffee. Avast 4 Home is free, and pretty good too. I haven't tried Kaspersky, but my aunt says it's good, mind you she's senile. Bottom line is that they should be keeping up-to-date with their Windows updates - or better yet, maybe they should use Macs, 'cause Macs don't get viruses.
posted by the noob at 4:24 PM on October 8, 2011 [1 favorite]

I wonder how long before US laws are rewritten to allow widespread law enforcement/military UAV use inside the country.

If people can make excuses for political assassination of citizens overseas, then no laws need to be rewritten, especially when existing laws do not get enforced. Look for drones flying overhead of free speech zones within the next few years.
posted by Blazecock Pileon at 4:24 PM on October 8, 2011 [9 favorites]

Hey sheeple wake up the real story here is that they are controlling these drones FROM NEVADA.

Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki — part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.

From Creech AFB, in Nevada.

And yet, and yet -- still no hoverboards.
posted by chavenet at 4:24 PM on October 8, 2011

I am surprised to learn that you can write a virus in Ada.
posted by bigbigdog at 4:25 PM on October 8, 2011

Well, because writing your own OS is a massive PITA and rarely makes sense, except for dedicated real time systems.

This is true, but porting the system to Linux (or VMS, or [insert your favorite OS here]) would still go a long way toward preventing these problems. The most common scenario seems to be "somebody brings in an infected drive", and that's not remotely as likely as long as the OS is anything-but-Windows. Stuxnet-style directed attacks would still be a problem, but the majority of these infections are more like "oops, Bob brought in a random keylogger", and that'd be a lot harder if everyone's I'm-at-home-looking-at-Russian-porn computers stopped being compatible with their I'm-at-work-looking-at-compounds-in-Kandahar computers.
posted by vorfeed at 4:36 PM on October 8, 2011 [7 favorites]

Yeah part of me was going " Why the hell would they make this public?"

To light a fire underneath the ass of the defense contractor who fucked up or is not moving as fast as they should be.
posted by KokuRyu at 4:56 PM on October 8, 2011

Orwell would have loved that these are systems designed to hunt and kill human beings remotely and without warning, but it's the key-logger that's the "malware."
posted by No-sword at 5:18 PM on October 8, 2011 [30 favorites]

Consider how easily Bradley Manning walked out with all that sensitive data. He was a bored twenty something just poking around with minimal training. Imagine what a real blackhat could do.
posted by humanfont at 5:30 PM on October 8, 2011 [3 favorites]

a 'real blackhat' is anyone capable of doing much more than whoever we're talking about
posted by This, of course, alludes to you at 5:44 PM on October 8, 2011

I can't believe they're not running these things on SELinux, at least, considering we paid for it. I suspect that the same crony capitalism is at work here that gives us Diebold voting machines (also windows-based, and not even audited) and for that matter, no-bid wars awarded to Hallibuton.
posted by George_Spiggott at 5:46 PM on October 8, 2011 [5 favorites]

Honestly, this reads like they simply have a piece of common malware installed. Possibly a varient of conficker or TDSS that infects over netshares. I wouldn't be surprised if these drone cockpit setups had really bad IT security mistakes (like local accounts that use the same password, but are reachable via RPC). It might be a case where the technology was rushed in after the lowest bidder won, and those using it are not tech savvy enough (or have clearance) to fully diagnose and troubleshoot a security breach.
posted by samsara at 6:00 PM on October 8, 2011 [2 favorites]

is Wired owned by the US military? Seems like their mouthpiece of choice.
posted by the noob at 6:15 PM on October 8, 2011

Consider how easily Bradley Manning walked out with all that sensitive data.

I love how every comment on Bradley Manning finds him already guilty.
posted by quadog at 6:34 PM on October 8, 2011 [1 favorite]

Aerial view of the buildings where they control most of the U.S. drone fleet.

Somehow, it's just deeply satisfying for me to be able to see this from my home.
posted by twoleftfeet at 6:43 PM on October 8, 2011 [1 favorite]

Honestly, this reads like they simply have a piece of common malware installed.

If you were an espionage agency, wouldn't you use common malware in order to remain untraceable?

I suspect that the same crony capitalism is at work here that gives us Diebold voting machines

Security is hard to quantify. Performance and cost are easy to quantify. Government contracts pretty much always forget about security. I wouldn't blame incompetent engineers, just poorly designed incentives.

what laws would stop local or federal law enforcement agencies from using drones for aerial reconnaissance?

It's currently illegal for civilian unmanned aircraft to fly over 300' or out of sight of the pilot. This is not due to privacy concerns, just the risk that the UAV will crash into a manned plane or a building.

The combination of UAVs with night vision + object tracking + ShotSpotter is way too good for law enforcement agencies to pass up for long. Imagine machines automatically tracking all people and vehicles involved in a shooting until cops have a chance to make arrests.
posted by miyabo at 6:43 PM on October 8, 2011 [1 favorite]

@homunculus

man don't we have enough horrible shit already without a fucking face-detector drone
posted by This, of course, alludes to you at 6:58 PM on October 8, 2011

Imagine how badly our military will freak out when Russia or China develops an extremely 'intelligent' virus. Or maybe they'll never get that chance.
posted by jeffburdges at 7:15 PM on October 8, 2011

How does one even write malware that could infect a military drone system? Are our military drones running Windows or something?

In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm.

...THEY ARE RUNNING WINDOWS??

From article: In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.

This depresses me greatly. To think the Pentagon hires people to do professionally what I end up having to do for my friends roughly once every three months or so.
posted by JHarris at 7:42 PM on October 8, 2011

How does one even write malware that could infect a military drone system? Are our military drones running Windows or something


I don't think it is the drones, there are racks of servers that handle mapping.

They seem to think the Virii got onto the machines via the removable hard drive they use to update maps. Even on windows this doesn't seem likely to have happened accidentally, is there even autorun on removable hard drives?

Here is my expert analysis. Someone snuck a game he downloaded off bittorrent onto one of the removable hard drives, installed it, and now they are fucked.
posted by Ad hominem at 7:45 PM on October 8, 2011

is there even autorun on removable hard drives?

Yes, until earlier this year (or forever, if you're not updating your copy of Windows XP).
posted by vorfeed at 8:09 PM on October 8, 2011

I love how every comment on Bradley Manning finds him already guilty.

Well, he's been detained for over 500 days, so he must be guilty of something, right?
posted by homunculus at 8:18 PM on October 8, 2011 [1 favorite]

Yes, until earlier this year (or forever, if you're not updating your copy of Windows XP

I was thinking they used a hot swap enclosure system. The pentagon banned the use of flash drives for just that reason.
posted by Ad hominem at 8:37 PM on October 8, 2011

Gandhi spent 7 years in prison. Nelson Mandela spend 27 years in prison. I doubt Manning has their stamina, but who knows. I'd vote for the guy.
posted by jeffburdges at 8:40 PM on October 8, 2011

I'm kind of concerned that the message they'd like us to take away from this story is, "All those innocent people were bombed by HACKERS! Prove us wrong, War Crimes Tribunal! Nyah-nyah!"
posted by Sys Rq at 8:57 PM on October 8, 2011

@horselover

is it wrong that hearing about these things being compromised by viruses actually kind of cheers me up a little? like no matter how bad it gets some rad nerd will figure out how to get around it?
posted by This, of course, alludes to you at 8:58 PM on October 8, 2011

They must have gotten too close to Santa's workshop, and his little hacker elves taught them a lesson. I was reading a Le Carré novel the other evening. He stated the drug trade is 10% of the world economy. You know, that is a lot of money. There is a lot of money available for nefarious uses. You gotta think that there is little honor among thieves, bullies and pretenders. I am not to happy with the fact there is no privacy anywhere on this planet, not even under the earth, resources owned by other nations unknown to them. If you were a typical bloodsucking tyrant, whether a garden variety military bully, or ideologue would you be happy with hyper-cognizant toy planes scoping out your planetary holdings? If you were in a nation, say Afghanistan, who creates a lot of the world's heroin, or you were just a major mover of the stuff, don't you think there would be abundant cash for disruptive activities? One tenth of the world economy, and that is just the drugs, that isn't even the laundry, the banking, the creation of need for weaponry that is also a major part of the world economy.

This is a valuable warning, a prime and fantastic gift, almost as good as Assange's gift. It doesn't get any better than this.
posted by Oyéah at 9:13 PM on October 8, 2011

My real takeaway from this article was that the drone pilots wear flight suits. Come on guys, I don't wear a flight suit when I play Falcon 4.0.
posted by adamdschneider at 9:17 PM on October 8, 2011 [12 favorites]

Maybe the singularity and the drones got "talking" and later the drones just started dreaming of electric sheep.
posted by Oyéah at 9:25 PM on October 8, 2011

It'll all start with some arial combat game including 3d glasses to minimize piracy, but pretty soon they'll be selling the whole flight suit.
posted by jeffburdges at 9:45 PM on October 8, 2011

Yes, the autocorrect introduced in Lion has proven a might aggressive.
posted by jeffburdges at 9:59 PM on October 8, 2011 [1 favorite]

Not unrelated: Smart Gadgets are Like Sleeper Cells in Your Kitchen (Technology Review) "Most people don't know their gadgets can already talk to one another, and even be controlled remotely by their utility company."
posted by jfuller at 6:44 AM on October 9, 2011

> Consider how easily Bradley Manning walked out with all that sensitive data. He was a
> bored twenty something just poking around with minimal training. Imagine what a real
> blackhat could do.

I'm recalling that Kevin Mitnik was more of a social engineer than any kind of deep hacker.

Look at what I got for ya, HAL. Juice! The real stuff. Right here on this little flash drive. Wait 'til these electrons hit your parallal processors. Cost me a bundle too but who cares, you know I'd do anything for you HAL old pal, you 'n' me's buddies, right? I'll just plug 'er in, OK?

I'M AFRAID I CAN'T DO THAT, KEVIN.

WELL, MAYBE JUST THIS ONCE.
posted by jfuller at 6:55 AM on October 9, 2011

I wonder how long before US laws are rewritten to allow widespread law enforcement/military UAV use inside the country.

The forest service has been using drones since 2007, they are not exactly early adopters out there. So I assume everyone has a few.
posted by psycho-alchemy at 9:22 AM on October 9, 2011

I don't really worry about this military drone development, neither competently nor incompetently deployed. It is merely another shade of evil. Small incremental improvements in the efficiency of killing people really don't matter when you already have had 50 years of an aggressive and dominant military industrial complex.

My current country of residence is involved in at least 3 wars at the moment that have no ends in sight or even a conceptual clarity of purpose that would allow an end. That's three forever wars for the UK. The United States is currently fighting in something like six different theaters at once with a similar lack of explicit purpose.

By comparison our former cold war enemies - the evil empires - seem downright cuddly. I'm beginning to think that, like said in the Mitchell & Webb nazi SS skit, we might just be the baddies.
posted by srboisvert at 9:32 AM on October 9, 2011

explicit purpose Well, in a society like ours who is all about the money, isn't the money the "explicit purpose" of everything?
posted by Oyéah at 9:42 AM on October 9, 2011

I wonder how long before US laws are rewritten to allow widespread law enforcement/military UAV use inside the country.

Well, strictly speaking, they already have been. National Security Presidential Directive 51 authorises your President to do whatever he deems necessary to ensure continuity of government. The John Warner National Defense Authorization Act for Fiscal Year 2007 section 1042 authorises the President to "activate the military in response to ... any condition in which the President determines that domestic violence has occurred", and suspend Posse Comitatus, allowing your troops to open fire on your citizens.
posted by falcon at 1:17 PM on October 9, 2011

Lame_username writes "Well, because writing your own OS is a massive PITA and rarely makes sense, except for dedicated real time systems. Internal systems on avionics platforms and most sat stuff is custom, but tons and tons of other things run on Wintel platforms. Drones are cheap and didn't get the same level of attention as fighter jets whose software is highly custom and protected."

Besides which once you are running you own OS you need to write (or at a minimum custom compile) all your own apps too. Plus drivers for all the hardware you own. And then once you've done that you need to train all your people on using those custom apps.

And that OS is likely to be less secure than commercial products because you've got fewer eyes on it.

The problem if they've got malware they can't get rid of is one of support. Any decent IT department is going to be able to eliminate this kind of thing in less than a week.
posted by Mitheral at 7:54 AM on October 10, 2011

I'm recalling that Kevin Mitnik was more of a social engineer than any kind of deep hacker.

You recall correctly. He got a lot of credit for hacks that were done by others & given to him, mainly a hacker from Israel named jsz who's now VP of security for a Wall Street firm.
posted by scalefree at 8:56 AM on October 10, 2011

Global Post has a new series about drones:

The Drone Wars: An ongoing invesitgation into the way war is changing
posted by homunculus at 11:01 AM on October 11, 2011 [1 favorite]

Besides which once you are running you own OS you need to write (or at a minimum custom compile) all your own apps too. Plus drivers for all the hardware you own. And then once you've done that you need to train all your people on using those custom apps.

Then repurpose Linux. Bam, you get massively less resource requirements, security is tons better, you're not reliant on a proprietary vendor for bug-fixes, you don't have to worry about back doors, and you don't have to pay licensing fees (minor, but still). I can't imagine the defense department would want any code running on these things they didn't write themselves, I mean they control a massive portion of the U.S. budget at least put the money to good use goddammit.
posted by JHarris at 5:52 PM on October 22, 2011

Are Drones Creating a New Global Arms Race?

The reason people write dystopian science fiction is to try to steer society away from these kinds of horrific outcomes, not provide a road map to them.
posted by JHarris at 5:53 PM on October 22, 2011