Air Force says drone malware infection a "nuisance"

By on
Air Force says drone malware infection a "nuisance"

US military says unnamed malware was a 'credential stealer'.

The US Air Force said a virus that reportedly compromised systems used to control its unmanned drones was a mere “nuisance.” 

The malware was detected on “standalone” systems at Nevada's Creech Air Force Base but had not affected the US military's remotely piloted aircraft operations, officials said. 

"It's standard policy not to discuss the operational status of our forces,” Col. Kathleen Cook, spokeswoman for Air Force Space Command, said in a statement.

“However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question.”


In its statement, the Air Force contradicted numerous earlier reports, which classified the malware as a keylogger capable of capturing pilots' keystrokes as they carry out missions over Afghanistan and Pakistan.

“The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat,” the Air Force said. “It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer.”

The compromised machines were part of a ground control system, which supports the military's remotely piloted aircraft operations, but is separate from the system that actually directs the weapons, the Air Force said.

The ability to fly the drones “remained secure throughout the incident,” the statement said.

The Air Force also disputed earlier reports of how the malware was discovered. Wired reported that Creech security specialists first discovered the infection and spent two weeks attempting to eradicate it on their own, failing to notify the 24th Air Force, the unit in charge of cybersecurity for the military branch.

The Air Force, however, said the malware was first discovered on 15 September by the 24th Air Force, which subsequently notified Creech of the issue.

The Air Force began a forensic investigation to determine the origin of the malware and to clean infected systems. Previous reports state that the malware persevered through several removal attempts.

In its statement, the Air Force did not name the threat or state whether it had been expunged from affected systems.

Jeffrey Carr, founder and CEO of Taia Global, which specialises in cybersecurity countermeasures for corporate exethieves, said the Air Force spokesperson should reveal the name of the malware.

"The [news] release makes a distinction between a 'credential stealer' and a 'keylogger,'" he said. "Well, that's a distinction without a difference. What we're really talking about is a trojan that steals credentials by logging keystrokes."

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?