News

Creech virus a common 'nuisance' virus aimed at online gaming

  • Review-Journal File Photo

    A remotely piloted Predator spy plane with a Hellfire missile under its wing makes a final approach at Creech Air Force Base in 2008. The base, 45 miles northwest of Las Vegas, recently had problems with what's suspected of being a common computer virus aimed at online gaming. » Buy this photo

Previous image Enlarge Close Next image
/

Related Content

By Keith Rogers
LAS VEGAS REVIEW-JOURNAL
Posted: Oct. 12, 2011 | 8:53 p.m.
Updated: Oct. 13, 2011 | 11:05 a.m.

A computer virus reported to have threatened the drone program at Creech Air Force Base is suspected to be a common virus used to steal passwords and log-ins for online gaming -- not spyware that records the actions of pilots guiding unmanned reconnaissance aircraft, military officials said Wednesday.

"It's standard policy not to discuss the operational status of our forces," said Col. Kathleen Cook, spokeswoman for Air Force Space Command at Peterson Air Force Base, Colo. "However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission."

Cook was responding to a Friday story from technology magazine Wired. The story quoted an unidentified source familiar with a drone network computer virus that surfaced last month at Creech, a hub for Unmanned Aircraft Systems such as MQ-1 Predators and MQ-9 Reapers. The base is 45 miles northwest of Las Vegas at Indian Springs.

The magazine described a virus that charts keystrokes made by pilots and sensor operators of spy planes used in combat missions over Afghanistan and Iraq. An anonymous source quoted in the Wired story said, "We keep wiping it off, and it keeps coming back. We think it's benign. But we just don't know."

The story suggested that data about secret warfare operations could be transmitted over the Internet to receivers outside the U.S. military.

That wasn't the case, however, according to the Air Force Space Command.

"The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat," according to the Air Force statement. "It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer."

Air Force officials said the problem was detected Sept. 15 by the 24th Air Force, which is the arm of the service that defends computer networks and conducts cyberspace operations.

The 24th Air Force alerted commanders at Creech that portable hard drives used to transfer data between systems had been infected. Air Force Space Command officials said the virus infected computers that were part of the ground-control system that supports remotely piloted aircraft operations.

"The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the ... pilots to safely fly these aircraft remained secure throughout the incident," the Air Force statement said.

Remote-controlled sorties involving Predator and Reaper drones are conducted through a satellite link on computer consoles at Creech and elsewhere.

George Smith, an expert and author on cyberspace security issues, said computer viruses aren't rare on military networks and have a history that dates to the 1990s.

"There are many examples. Some of them have made news, (but) many incidences don't rise to that level," said Smith, a senior fellow at globalsecurity.org, a military information website.

"The military is exposed in the same way as everyone else on the world network," he wrote in an email to the Review-Journal.

One example of an attempt to intercept drone signals surfaced in 2009 when footage from video cameras was found on laptop computers carried by insurgents in Iraq. A relatively cheap software program made the intrusion possible.

Computer virus incidents like the recent one at Creech are difficult if not impossible to prevent.

The reason, Smith said, is that new viruses are written that aren't detected by industry standard software.

"This means there's a window in which a new piece of malicious software can always sneak through the defenses," he said.

"When it eventually gives itself away ... new cures can be programmed for it."

Smith said the cost to the military from a computer virus varies depending on what is spent on detection, removal and repairs or updates to the system.

So who was behind the event at Creech? You would have to analyze the virus to determine that, Smith said.

"Then you can start making some educated analyses which toss it into a variety of baskets, from spyware for criminal intent, extortionware for organized crime, spyware for a hacking group ... or malware aimed at creating a network of compromised computers for future unspecified exploitation."

Contact reporter Keith Rogers at krogers@reviewjournal.com or 702-383-0308.

Comments

Registration Notice: The Review-Journal has implemented a new registration procedure that requires all existing and new accounts to validate and login using Facebook. Visit the Registration FAQ for more information.
Terms & Conditions

The following comments are provided by readers and are the sole responsiblity of the authors. The Review-Journal does not review comments before publication nor guarantee their accuracy. By publishing a comment here you agree to abide by the comment policy. If you see a comment that violates the policy, please use the Report Abuse button.

Some comments may not display immediately due to an automatic filter. These comments will be reviewed within 24 hours. Please do not submit a comment more than once.

Note: Comments made by reporters and editors of the Las Vegas Review-Journal are presented with a yellow background.

  1. JR Oct. 14, 2011 | 10:13 a.m. Report Abuse

    And the military and government always tell the truth?

  2. local_voice Oct. 13, 2011 | 7:41 p.m. Report Abuse

    It's a keylogger for crying out loud. That's a very dangerous piece of malware. The logins and passwords to those drones have been compromised, and it's no big deal?

  3. dario.m Oct. 13, 2011 | 10:17 a.m. Report Abuse

    asleep at the wheel in Creech

    nothing to see here, move along

  4. dodgerchuck Oct. 13, 2011 | 9:02 a.m. Report Abuse

    ok,let me get this right.so its likely a virus that infiltrates computers from on-line games.so were these airforce guys online gaming then to get infected.

  5. Gary1959 Oct. 12, 2011 | 11:08 p.m. Report Abuse

    Sounds like the computer system is vulnerable to outside influences which could lead to bigger problems.....

Friday, May 25, 2012
Overcast Overcast, 79° Weather Forecast