Yet Another “Lady Gaga” Exposure Forces DOD to Wipe Drone Control Computers

On Friday, Wired broke the news that the DOD suffered yet another breach because they continue to leave computers exposed to outside storage systems. (h/t WO) In this case, the Ground Control Stations they use to control drones got infected with a keylogger virus.

But time and time again, the so-called “air gaps” between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.

Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.

After a virus was introduced into computers in Iraq three years ago via thumb drive, DOD claimed it had prohibited the use of any removable media with their computers. But then Bradley Manning allegedly removed hundreds of thousands of classified cables from SIPRNet using a Lady Gaga CD. Rather than making all computers inaccessible to removable media at that point, DOD left 12% of their computers vulnerable, deploying a buddy-system to prevent people from taking files inappropriately; but human buddy systems don’t necessarily prevent the transmission of viruses.

The good news is that the Host-Based Security System implemented in response to Wikileaks discovered the virus–two weeks ago.

But here’s the other interesting wrinkle. To get rid of these viruses, techs have resorted to wiping the hard drives of the targeting computers.

In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives. “That meant rebuilding them from scratch” — a time-consuming effort.

Given what little we know about the Anwar al-Awlaki assassination (which, as Wired points out, happened after the virus had knowingly infected these computers), this should not affect the computers that ten days ago killed two US citizens with no due process. The Newsweek story describing the CIA’s targeting process says that targeting is done in VA, not NV, where the virus hit.

But particularly given the questions about Samir Khan’s death, consider if that weren’t the case. That would mean a key piece of evidence about whether or not the US knowingly executed an American engaging in speech might be completely eliminated, wiped clean to fix a predictable virus.

That’s not the only risk, of course. We’ve talked before about how long it’ll take for Iran or Mexican drug cartels to hack our armed drones. If this virus were passed via deliberate hack, rather than sloppiness, then we might be one step closer to that eventuality.

All because DOD continues to refuse to take simple steps to secure their computers.

Tweet about this on Twitter0Share on Reddit0Share on Facebook0Google+0Email to someone

28 Responses to Yet Another “Lady Gaga” Exposure Forces DOD to Wipe Drone Control Computers

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
Emptywheel Twitterverse
emptywheel @granick So that's the fault of whom? Hell, there's FAR MORE than was confirmed in 2011 than that lets on. @normative
19mreplyretweetfavorite
emptywheel @normative First confirmation was NSL IG report released in August. https://t.co/pbO9QjMv6y Maybe I'm only one who read report? @granick
24mreplyretweetfavorite
emptywheel .@granick That's false. It was confirmed (also by DOJ IG) in August. https://t.co/pbO9QjMv6y
26mreplyretweetfavorite
emptywheel @regretblues AAG NSD. But she's a former USA. She should know these authorities bc she has had to approve them.
49mreplyretweetfavorite
emptywheel @KenDilanianAP Yup or providers may have already said they won't comply & Admin want to avoid challenge @froomkin @RachelBLevinson @granick
53mreplyretweetfavorite
emptywheel @KenDilanianAP @froomkin @RachelBLevinson They may have legal reasons not to want to: like a guarantee from providers they'll sue. @granick
56mreplyretweetfavorite
emptywheel @froomkin @PressSec may be trying to do say, "we're no longer going to ask for it. Either authorize us to get it way we want or we'll die"
1hreplyretweetfavorite
emptywheel DC Press: Ho hum. Rand Paul is running for President on same plank our forefathers revolted against King George. How cynical of him!
3hreplyretweetfavorite
emptywheel @granick There is one tiny area where DiFi's bill improves on USA F-ReDux tho (but I'm laying low about it) @jakelaperruque
3hreplyretweetfavorite
emptywheel RT @attackerman: After a decade reporting on "Guantanamo's Child," @shephardm interviews Omar Khadr. http://t.co/5CecJG8teO
3hreplyretweetfavorite
emptywheel @JakeLaperruque Bingo. 1) FISC has ALREADY approved 2) we have examples of summaries fr Vaughn 3) FISC proven unreliable arbiter @granick
3hreplyretweetfavorite
emptywheel @JakeLaperruque Once you've defined bulk as "all" then it's very easy for IC to get to "not-bulk" w/in terms of law. @granick
3hreplyretweetfavorite
October 2011
S M T W T F S
« Sep   Nov »
 1
2345678
9101112131415
16171819202122
23242526272829
3031