AP: Drone Virus Could Have Come From Games Like 'Mafia Wars'

Oct 13, 2011
Originally published on October 13, 2011 1:06 pm

In a story today, the Associated Press talks to an anonymous Air Force official, who said the virus that attacked the Pentagon's drone program last month was common malware and wasn't designed to specifically infect the aircraft.

The part that caught our attention, however, was that the virus infected "ground control systems that run backup power supplies, environmental controls and work stations," and that virus was "common malware" that looks at keystrokes to steal log-in and password information.

The kicker: The virus might have come from "people who gamble or play games like Mafia Wars online."

As we reported last week, this story was broken by the guys at the Wired blog Danger Room. They reported that a virus had jumped onto military computers and it recorded every keystroke made by Air Force pilots who control Predator and Reaper drones that fly missions in places like Afghanistan and Pakistan.

Here's how Noah Shachtman, who reported the story, described the virus to NPR's Guy Raz over the weekend:

SHACHTMAN: It's called a key logger and it records people's keystrokes. And that's important because the way that drone pilots communicate with guys on the ground is through instant messenger. And so, if you record all that information, that's secret stuff. And if that gets to the outside that is bad.

RAZ: It all sounds very war games. Any sense of this virus has the potential to take over command of any of these drones?

SHACHTMAN: Look, there's a good chance this might all just be an accident. OK, that a virus that comes from computer to computer happened to jump onto a military network. If it's a deliberate network breach, it's a way to gain information not bring down any system.

What the Airforce said in a statement Wednesday (.docx), and what it told the AP in the story today is that this virus wasn't a deliberate network breach.

But Wired asks more questions, today:

The Air Force didn't say whether the clean-up process had been completed; insiders report that the infection has been particularly difficult to remove, requiring hard drives to be erased and rebuilt.

But the Air Force did provide a few details about the malware. They said it was first noticed on "a stand-alone mission support network using a Windows-based operating system." And they called it "a credential stealer," transmitted by portable hard drives. (Security specialists had previously identified it as a program that logged pilots' keystrokes.) "Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach," the Air Force added.

The malware "is routinely used to steal log-in and password data from people who gamble or play games like Mafia Wars online," noted the Associated Press, relying on the word of an anonymous defense official. That official did not explain why drone crews were playing Mafia Wars or similar games during their overseas missions.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.