US killer spy drone controls switch to Linux

[kamrananvaar]

US killer spy drone controls switch to Linux
Flying assassins upgraded after Windows virus outbreak
The control of US military spy drones appears to have shifted from Windows to Linux following an embarrassing malware infection.

Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned aircraft, became infected with a virus last September. In a statement at the time the Air Force dismissed the electronic nasty as a nuisance and said it posed no threat to the operation of Reaper drones, but the intrusion was nonetheless treated seriously.

"The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the pilots to safely fly these aircraft remained secure throughout the incident," it said.

The discovery of the virus was nonetheless hugely embarrassing for the Air Force. The credential-stealing malware, first reported by Wired, made its way from a portable hard drive onto ground systems, which control the drones' weapons and surveillance functions. Portable disks are used to load map updates and transfer mission videos from one computer to another, Defense News added.

"The malware was detected on a standalone mission support network using a Windows-based operating system," a US Air Force statement at the time explained. "The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat. It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer. Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach."

Drone units were advised to stop using the removable drives to prevent another outbreak. Behind the scenes other changes appear to have been made: screenshots of drone control computers uploaded by security researcher Mikko Hypponen suggest that at least some of the consoles have been migrated from Microsoft Windows to open source Linux.

Photos of US drone control systems taken in 2009 (here) and 2011 (here) provide evidence of the change - in the earlier picture the Windows desktop GUI can be easily discerned whereas the latter slide indicates the new systems are Linux-based and have "improved displays".

The 2009 photo originally came from the air force base's website but the image has since been removed. A cropped copy can be found here. The 2010 slide came from an unclassified presentation on the US's unmanned drone operations.

Hypponen told The Reg: "If I would need to select between Windows XP and a Linux based system while building a military system, I wouldn't doubt a second which one I would take."

 

[kamrananvaar]

Open Source: Why Military Forces Should Use Linux
Why? Because the level of skill required to crack a Unix-like OS is much higher than that needed for a Microsoft OS. Further, properly configured Unix-like systems are much more robust than Microsoft systems. Were Military forces using properly configured and properly secured Unix or Linux systems we would not see items like these below being reported.

I just had a, “What were they thinking?!”, moment while reading this article at ars technica: Computer virus hits US Predator and Reaper drone fleet. First, it is not a “computer virus”, it is a Microsoft operating system virus. Second, using Microsoft operating systems for any critical Military computer systems is just wrong. I know the US Military has specifications for rugged computer systems that must be made in the USA. That makes sense. What does not make sense is the fact that the US Military will accept Microsoft operating systems on its critical, sensitive hardware at this date in time. That is like specifying a bank vault that can withstand a nearby nuclear blast, but allowing the builder to install a screen door for access to the vault. It is just a Bad Idea!

This was a deja vu moment as well. I was following news about Military systems back in the 1990′s and had a similar experience when I read about the US Navy “smart ship” running Microsoft Windows NT … and having a ship killing system failure: Software glitches leave Navy Smart Ship dead in the water. I completely agreed with Ron Redman, deputy technical director of the Fleet Introduction Division of the Aegis Program Executive Office, at the time when he stated:

“Unix is a better system for control of equipment and machinery, whereas NT is a better system for the transfer of information and data. NT has never been fully refined and there are times when we have had shutdowns that resulted from NT.” … and … “Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT,” Redman said. “If it were up to me I probably would not have used Windows NT in this particular application. If we used Unix, we would have a system that has less of a tendency to go down.”

Actually, after re-reading that, I disagree that NT, or any Microsoft OS, was or is “a better system for the transfer of information and data” when compared to a Unix-like OS. I would use Linux for that too. Especially in a critical Military system like a “smart ship” or a drone control center. Frankly I do use Linux for operational security and the secure transfer of information and data in my own small business. I thank God that I do not have to succumb to political pressure forcing me to use a Microsoft OS for my business. It seems to me, if I can figure out how to implement Linux for my personal and business use, surely the US Military can do the same for its critical systems infrastructure. Obviously some people in the Military “get it” when it comes down to what system is best for critical control systems. Now if only the Microsoft lobbyists can be shut down from affecting the decisions as to what systems are best for the US Military.

Microsoft still makes a decent gaming operating system. But that is about the sum total for which I would agree a Microsoft system should be used. Even there I am agreeing reluctantly only because the majority of current PC game development targets the Microsoft OS.

Hey, US Military folk and US Senators with military oversight, if it has to be from the USA, ever hear of Red Hat Linux? How about the US NSA’s own Security-Enhanced Linux? Perhaps it is time for you folk to rethink the requirements for Military computing systems and make one of these Linux operating systems part of the requirement. Or take the Linux kernel source code and use your own internal Military IT staff and programmers to collaborate and build a custom system just for Military use. Any of these would be a better option than relying on a “known to be owned” OS like any of those from Microsoft. I will be glad to introduce you to Linux if you want to pay me for a Linux consultation. Just sayin’ …
htt-----/blog.eracc.com/2011/10/08/open-source-why-military-forces-should-use-linux/

---------- Post added at 02:06 AM ---------- Previous post was at 02:04 AM ----------

Iran may have captured U.S. stealth drone by hacking its GPS
The CIA and the U.S. military may have a serious security flaw to deal with if an Iranian engineer's story proves to be true. Speaking to Christian Science Monitor (CSM), he detailed how a team of specialists from his country hacked into a U.S. spy drone's GPS navigator in order to capture it. That's the same one the U.S. government claimed has landed in Iran's territory in early December due to a malfunction.

The Iranian specialists reportedly figured out that the RQ-170 Sentinel's weakest point is its GPS by examining previously downed American drones back in September. Using this knowledge, they designed a trap for one of the drones doing reconnaissance work in the country: "By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain," the engineer says. The team then simply programmed it to "land on its own where [they] wanted it to." The engineer asserts that the whole process is as easy as hacking into a Google account. The attack was ultimately successful, leading the unmanned vehicle to land in Iran instead of its home base in Afghanistan.

A 2003 study on GPS vulnerability indicates that the U.S. military has known about the problem for nearly a decade. If the RQ-170 in Iran's possession was indeed hacked, it means the susceptibility is yet to be fixed. This isn't the first time a U.S. drone's security was compromised: back in 2009, videos sent by stealth drones to their ground control stations were intercepted by Iraqi insurgents. And earlier this year, a virus had infected not one, but a whole fleet of unmanned vehicles.

 

[Abu Zolfiqar]

they should switch to android


droid does apps!

 

[nalandapride]

Is that Fedora or Redhat Linux.

 

[livingdead]

Is that Fedora or Redhat Linux.

Whats the difference?

 

[Sinnerman108]

I will seriously doubt the authenticity of this article and the accuracy of the same.

I am in agreement that a RTOS embedded kernel can be developed and Blue cat's been around for several years now.

Blue cat has been a favorite before too,

however when options like VxWorks etc are available, I thought the Americans would go for some thing more advanced.

The remarks about viruses are not believable.

 

[nalandapride]

Whats the difference?

Fedora is Free version but you have to buy RedHat linux just like Windows OS and have more features than Fedora.

 

[Sinnerman108]

Is that Fedora or Redhat Linux.

Whats the difference?

Fedora is an open source Linux clone ( it is some times testing release for new RHEL) , which is supported by users with no central support structure.

RedHat is the more mature version, and comes with support services from RedHat and uses the GCC compiler.

 

[Donatello]

Military is using Windows? Like Seriously? WTF.

I though they would have their own OS for such tasks.

 

[Sinnerman108]

Fedora is Free version but you have to buy RedHat linux just like Windows OS and have more features than Fedora.

Nopes, you DO NOT have to purchase a license to use, you always purchase support.

Linux is free to use.

---------- Post added at 09:41 PM ---------- Previous post was at 09:39 PM ----------

Military is using Windows? Like Seriously? WTF.

I though they would have their own OS for such tasks.

C4I was given this Idea when it was c3, however to no avail at that time.
I have not seen them develop anything in this regard what so ever !
the processes and infrastructure are non existent and outdated when there are any.
Windows (cracked 30Rs) is used extensively by rookie YOs .......

I am however hopeful that coming head of C4I will take this seriously.

 

[nalandapride]

Nopes, you DO NOT have to purchase a license to use, you always purchase support.

Linux is free to use.

Did I use the word license. you need to purchase Redhat Linux, its not free. Fedora and Ubuntu are free versions.

 

[Peaceful Civilian]

I'll bet the drone control room is filled with 60" plasma tv and Nintendo/PlayStation controllers.

 

[Mav3rick]

Did I use the word license. you need to purchase Redhat Linux, its not free. Fedora and Ubuntu are free versions.

It is indeed free, however the mandatory support is not free! Even Oracle unbreakable Linux is free but the support is not. Since one has to pay for support every year, you may be inclined to say that redhat linux is not really free.

 

[hunter_hunted]

wow KILLER DRONE WINDOW. this is going to be windows 9

 

[kamrananvaar]

The remarks about viruses are not believable.

by salman108

How Stuxnet crippled Iran’s nuclear dreams
Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions
In the 20th century, this would have been a job for James Bond.

The mission: Infiltrate the highly advanced, securely guarded enemy headquarters where scientists in the clutches of an evil master are secretly building a weapon that can destroy the world. Then render that weapon harmless and escape undetected.

But in the 21st century, Bond doesn't get the call. Instead, the job is handled by a suave and very sophisticated secret computer worm, a jumble of code called Stuxnet, which in the last year has not only crippled Iran's nuclear program but has caused a major rethinking of computer security around the globe.

Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they've all found, says Sean McGurk, the Homeland Security Department's acting director of national cyber security and communications integration, is a “game changer.”

The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized” computer virus.

Simply put, Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program.

The target was seemingly impenetrable; for security reasons, it lay several stories underground and was not connected to the World Wide Web. And that meant Stuxnet had to act as sort of a computer cruise missile: As it made its passage through a set of unconnected computers, it had to grow and adapt to security measures and other changes until it reached one that could bring it into the nuclear facility.

When it ultimately found its target, it would have to secretly manipulate it until it was so compromised it ceased normal functions.

And finally, after the job was done, the worm would have to destroy itself without leaving a trace.

That is what we are learning happened at Iran's nuclear facilities -- both at Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran's nuclear power plant.

At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.

At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.

Here's how it worked, according to experts who have examined the worm:

--The nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran's Natanz nuclear power plant -- just how may never be known -- to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant.

--Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)

--Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.

--After penetrating the Windows operating system, the code then targeted the siemens operating system that controlled the plant. Once that was in its grip it then took over the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.

--The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.

--Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.

Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated.

During this time the worms reported back to two mysterious servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms as they infiltrated Natanz. Efforts to find those servers since then have yielded no results.

This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.

But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.

“I had to use e-mail to send notices but I couldn’t reach everyone. Whoever made the worm had a full day to eliminate all traces of the worm that might lead us them,” Eric Byres, a computer security expert who has examined the Stuxnet. “No hacker could have done that.”

Experts, including inspectors from the International Atomic Energy Agency(IAEA,) say that, despite Iran's claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers and disabling their nuclear program.

Because of the secrecy surrounding the Iranian program, no one can be certain of the full extent of the damage. But sources inside Iran and elsewhere say that the Iranian centrifuge program has been operating far below its capacity and that the uranium enrichment program had “stagnated” during the time the worm penetrated the underground facility. Only 4,000 of the 9,000 centrifuges Iran was known to have were put into use. Some suspect that is because of the critical need to replace ones that were damaged.

And the limited number of those in use dwindled to an estimated 3,700 as problems engulfed their operation. IAEA inspectors say the sabotage better explains the slowness of the program, which they had earlier attributed to poor equipment manufacturing and management problems. As Iranians struggled with the setbacks, they began searching for signs of sabotage. From inside Iran there have been unconfirmed reports that the head of the plant was fired shortly after the worm wended its way into the system and began creating technical problems, and that some scientists who were suspected of espionage disappeared or were executed. And counter intelligence agents began monitoring all communications between scientists at the site, creating a climate of fear and paranoia.

Iran has adamantly stated that its nuclear program has not been hit by the bug. But in doing so it has backhandedly confirmed that its nuclear facilities were compromised. When Hamid Alipour, head of the nation’s Information Technology Company, announced in September that 30,000 Iranian computers had been hit by the worm but the nuclear facilities were safe, he added that among those hit were the personal computers of the scientists at the nuclear facilities. Experts say that Natanz and Bushehr could not have escaped the worm if it was in their engineers’ computers.

“We brought it into our lab to study it and even with precautions it spread everywhere at incredible speed,” Byres said.

“The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds, the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.

In other words the worm was designed to allow the Iranian program to continue but never succeed, and never to know why.

One additional impact that can be attributed to the worm, according to David Albright of the Institute for Science and International Studies, is that “the lives of the scientists working in the facility have become a living hell because of counter-intelligence agents brought into the plant” to battle the breach. Ironically, even after its discovery, the worm has succeeded in slowing down Iran's reputed effort to build an atomic weapon. And Langer says that the efforts by the Iranians to cleanse Stuxnet from their system “will probably take another year to complete,” and during that time the plant will not be able to function anywhere normally.

But as the extent of the worm’s capabilities is being understood, its genius and complexity has created another perplexing question: Who did it?

Speculation on the worm’s origin initially focused on hackers or even companies trying to disrupt competitors. But as engineers tore apart the virus they learned not only the depth of the code, its complex targeting mechanism, (despite infecting more than 100,000 computers it has only done damage at Natanz,) the enormous amount of work that went into it—Microsoft estimated that it consumed 10,000 man days of labor-- and about what the worm knew, the clues narrowed the number of players that have the capabilities to create it to a handful.

“This is what nation-states build, if their only other option would be to go to war,” Joseph Wouk, an Israeli security expert wrote.

Byres is more certain. “It is a military weapon,” he said.

And much of what the worm “knew” could only have come from a consortium of Western intelligence agencies, experts who have examined the code now believe.

Originally, all eyes turned toward Israel’s intelligence agencies. Engineers examining the worm found “clues” that hinted at Israel’s involvement. In one case they found the word “Myrtus” embedded in the code and argued that it was a reference to Esther, the biblical figure who saved the ancient Jewish state from the Persians. But computer experts say "Myrtus" is more likely a common reference to “My RTUS,” or remote terminal units.

Langer argues that no single Western intelligence agency had the skills to pull this off alone. The most likely answer, he says, is that a consortium of intelligence agencies worked together to build the cyber bomb. And he says the most likely confederates are the United States, because it has the technical skills to make the virus, Germany, because reverse-engineering Siemen’s product would have taken years without it, and Russia, because of its familiarity with both the Iranian nuclear plant and Siemen’s systems.

There is one clue that was left in the code that may tell us all we need to know.

Embedded in different section of the code is another common computer language reference, but this one is misspelled. Instead of saying “DEADFOOT,” a term stolen from pilots meaning a failed engine, this one reads “DEADFOO7.”

Yes, OO7 has returned -- as a computer worm.