Cross Posted from TheAviationist.
2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).
But, if Information Security professionals are quite familiar with the idea that military contractors could be primary and preferred targets of the current Cyberwar, as the infographic on the left shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting, for instance, the multirole Joint Strike Fighter is still something hard to accept.
However, things are about change dramatically. And quickly.
The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.
For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.
Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.
As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.
Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.
While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.
Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.
As usual the references are after the jump…
Christmas has just gone and here it is my personal way to wish you a Happy New Year: the second part of my personal chart (first part here) of Main 2011 Cyber Attacks covering the time window from August to November 2011 (December is not yet finished, and featuring remarkable events, so expect an update very soon). This memorable year is nearly over and is time, if you feel nostalgic, to scroll down the second part of the list to review the main Cyber Events that contributed, in my opinion, to change the landscape and the rules of the (information security) game. Many events in this period among whom, IMHO, the most noticeable is the one carried on against Diginotar. Since then our trust in conventional authentication models is not (and will not be) the same anymore.
Of course this is my personal selection. Suggestions are well accepted and if you need more details about the cyber events in 2011, feel free to consult my 2011 Cyber Attacks Master Index. As usual after the page break you find all the references…
Do you remember the intrepid Jeff Goldbum injecting malicious code on the Alien mothership during one of the most famous scenes of Independence Day? Easy, no alien invasion is happening, simply a similar event occurred for US drones which were targeted with a common Key-Logger “civil” malware.
Of course no foreign country plugged any malicious ship to US facilities, indeed what has really happened was much more simple and common, an hard-drive which accidentally infected the Ground Control System at Creech Air Force Base in Nevada.
This does not sound surprising to me since I wrote several posts about the growing use of Consumer Technologies for military purposes (but I should have included consumer anti-malware software as well), moreover I also predicted specific malware targeting military planes. Although this is not exactly what happened, there are several points in common with my prediction, essentially the fact that consumer technologies (as simple PCs are) open security doors inside sophisticated military weapons.
So, at this point it should not be surprising, as Wired reports, that a computer virus has infected Predator drones and Reaper drones, logging pilots’ keystroke during their fly missions over Afghanistan and other warzones.
The virus was detected nearly two weeks ago at the Ground Control System (GCS) at Creech Air Force Base in Nevada and has not prevented drones from flying their missions. Nevertheless it has shown an unexpected strength so that multiple efforts were necessary to remove it from Creech’s computers, network security, Wired reposts.
Although Fox News quotes a senior Air Force source according to whom, Wired’s story is “blown out of proportion” and “vastly overwritten.”, this event points out the risks associated with the use of standard technologies to control sophisticated military weapons that play a central role in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking human lives.
Although they suffer of native security holes (for instance the footage is transmitted in clear), that they are just computers, after all, and hence controlled by standard PCs, that may get virtually sick like any other civil companion.
Although the malware seemed benign, it is still not clear how it could make its way inside the systems and most of all, since it affected classified and unclassified system, if it was able to leak information and send it to a remote source. On the other hand a key-logger is able to steal whatever information is typed on the keyboard to control the drone. As the famous aviation expert David Cenciotti said:
Do you want to know what a keylogger can grab fm a Predator control station? Think to your keyboard inputs when playing w/ Flight Simulator.
Maybe the virus could have accidentally spread: the Ground Control Stations handling more exotic operations are top secret and none of the remote cockpits are supposed to be connected to the public internet, this should make them immune to viruses and other network security threats.
Unfortunately hard disks and pen drives may build bridges connecting public and classified networks, and this could have possibly have happened at the base at Creech since the Predator andcrews use removable hard drives to load map updates and transport mission videos from one computer to another. The same hard drives could have spread the malware and, as a consequence, drone units at other Air Force bases worldwide have now been ordered to stop their use.
This is not the first time that an infection has been spread through an hard drive: in late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. It looks like the Pentagon is still disinfecting machines, three years later.
Curiously the virus showed to be very resistant to digital vaccines, and after several attempts to remove it with standard procedures (following removal instructions posted on the website of the Kaspersky security firm), the only safe method to clean it was to wipe the infected hard drives and rebuild them from scratch: a time consuming operations. As to say: sophisticated military weapons and technologies suffer the same issues than civil users (how many Windows installations from scratch after a malware infection), on the other hand the drone virus was detected by the military’s Host-Based Security System, a flexible, commercial-off-the-shelf (COTS)-based application. If you look carefully at the HBSS web site you will also be able to identify the commercial security technology which lays behind the HBSS.
Is it times for drones to be natively equipped with anti malware?
- Exclusive: Computer Virus Hits U.S. Drone Fleet (wired.com)