A computer virus that captures the keystrokes of pilots who control US Air Force drones flown over Afghanistan and other warzones is resisting efforts to remove it, according to US reports.
The virus was detected two weeks ago by the US military's Host-Based Security System, but is resisting efforts to remove it from the network at Creech air force base in Nevada, which carries out most of the US drone missions, Wired.com has revealed.
Military network security specialists are not sure whether the virus was introduced intentionally or is just a common piece of malware that ended up on a sensitive network by accident.
The virus is believed to have spread through removable hard drives used by drone crews to load map updates and transport mission videos from one computer to another.
Drone units at other air force bases worldwide have now been ordered to stop using removable drives in line with restrictions introduced elsewhere in the military after several cases in which such drives resulted in security air-gaps being bridged.
The report also reveals that the specialists do not know exactly how far the virus has spread, but they have confirmed that the infection has hit both classified and unclassified machines at Creech.
This raises the possibility that secret data may have been captured by the keylogger and sent to a command and control centre outside the military.
The US Air Force claims the virus has not prevented pilots from carrying out missions overseas and there have been no confirmed incidents of classified information being lost or stolen, but the infection highlights security risks in an important US military weapons system.
The widespread use of drones has come under criticism in the past because of security flaws such as not encrypting video transmitted to US troops on the ground.
In 2009, US forces discovered Iraqi militants had captured drone video using an inexpensive piece of software.
The US Air Force declined to comment directly on the virus, but said it had invested a lot in protecting and monitoring its systems to counter threats and ensure security.
According to sources cited by Wired, senior officers at Creech are being briefed daily on the virus, but no-one is unduly concerned.
- Self-encrypting drives: SED - the best-kept secret in hard drive encryption security
- Self-encrypting drives: What's holding back SED hard drive encryption security?
- Social engineering against information systems: What it is and how it works
- CW+: Identifying and mitigating man-in-the-middle attacks
- Cyber criminals deploy TDL-4 virus to create indestructible botnet of 4.5m computers
- UK second on SpyEye banking Trojan hit list, study shows