The malware that hit Creech Air Force Base was a credential stealer and not a keylogger as originally thought, and the drone remote piloted computers were never at risk according to a media release from the Air Force.
The report claims that the malware was detected on September 15th and isolated by the 24th Air Force using standard monitoring and protection procedures. The malware was also quarantined to prevent infection of additional systems:
The malware was detected on a stand-alone mission support network using a Windows-based operating system. The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat. It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer. Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach.
The report also states that the ground control system was infected, which is separate from the machines that are used to fly the UAV’s. The UAV pilot systems were not at risk:
The infected computers were part of the ground control system that supports RPA operations. The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the RPA pilots to safely fly these aircraft remained secure throughout the incident.
Apparently, the UAV drone system were not the target of the malware. Instead, according to an anonymous defense official, the malware discovered was the kind that is “routinely used to steal log-in and password data from people who gamble or play games like Mafia Wars online.”
The next question would be, is online gaming and surfing allowed on the systems in this area? It is common for tech savvy employees to use ssh tunneling to bypass restrictive outbound firewall policies.
It is a good thing that the malware was stopped, but with the military’s increasing dependence on drone systems this “near miss” really has to be taken to heart.