21st Century Hunter-Killer UAV Enters Restricted DC Airspace – Skynet Alive?

Rise of the Machines: Software Anomaly Causes 23 Mile Wandering For Fire Scout Navy Drone In a page directly out of Hollywood’s Terminator script the US Navy released details today about a rogue robot helicopter which diverted twenty-three miles penetrating restricted Washington DC airspace (ADIZ) after a complete loss of command and control on August 2nd due to “software anomaly.” Considering that a trojan-infected maintenance system is partially responsible for downing a commercial airliner in 2008, “software anomaly” is speculative.

Navy UAV Goes AWOL

SkyNet has not yet been blamed and there was no word about whether this Fire Scout drone was carrying its armament load-out of the Advanced Precision Kill Weapon System or Hellfire missiles.

  • The cause appears to have been “a software anomaly that allowed the aircraft not to follow its pre-programmed flight procedures,” [Firescout program manager Capt. Tim Dunigan] said in the statement.
  • “We have identified the issue and have aircraft operating restrictions that will prevent this from happening again.” Software modification has been developed to remove the anomaly, he said.
  • …Although the Fire Scout has racked up more than 1,000 flight hours since December 2006, this was the first such incident to hit the program, the Navy said.

Does anyone else hear the theme music to Terminator playing softly in the background?

[Update 1:55pm] As for the Madrid 2008 air disaster, while the trojan’s role was not the cause of the crash, it was ruled a contributing factor:

  • An internal Spanair report indicated that a central computer system used to monitor problems in the aircraft was infected with malware, according to El Pais.
  • The infected computer system, which was located at the airline’s headquarters in Palma de Mallorca, failed to detect several technical problems with the airplane.
  • Had the issues been identified, the plane should not have been able to take off.

[Update 3:23pm] I just read today’s DoD announcement that the most significant breach in US Military history is confirmed to have originated with foreign intelligence. The vector for the DoD attack was Autorun and removable media, same as the Madrid air disaster.

Related? Hard to tell.

[Update 8/26 8:25] At least one Navy source says it’s not related and is a conspiracy theory in our comments below, with the IP goes right back to the Norfolk US Navy NMCI server.

image

While I’m certain that this is not keeping with the finest traditions of Navy transparency, demonstrated by the recent open access given 16 bloggers, I’m still left wondering if an attribution of the software anomaly may be clarified – was it due to malware?

[Update 8/28 12:12] Clarity on the Spanair crash should be given; the maintenance computer found partially responsible was indeed infected with malware however this was not an onboard flight computer. Rather, it was the ground crew policy and procedure which was interfered with by the malware-ridden system. The flight would have been grounded according to policy had the alarm triggered, however the pilot error was ruled the primary cause of the mishap.

So the pilot made an error, the takeoff warning system (TOWS) failed to alert the pilot to the error, and this TOWS system was problematic, which would have grounded the plane had the malware-infected system the ground crew was using been operating properly. Any of the three issues being resolved would have saved 154 people, and that does include the malware on the non-flight ground maintenance system, which would have been ruled a ‘contributing factor to the mishap’ in Naval Aviation. Others have said it’s tertiary – there is no such thing. There are primary causes and contributing causes for a mishap. All contributing causes are equally to blame because without them the mishap may have been avoided, and that includes malware.

‘Rise of the Machines’ or ‘Motive With Universal Adaptor?’

There are no indications as of yet that this was the result of cyberwarfare or hacking however this remotely operated (potentially armed) vehicle would definitely become the target of command and control interruption during a cyberwar. Interruption would result in similar circumstances such as a deviation of flight. Successful command and control hacking would result in complete usability gained by an outside force, and perhaps even direction of weapons systems.

Still, paired with today’s other late breaking announcement about USB malware intentionally used by foreign intelligence back in 2008 against the US military, we should note that the motive should not be ruled out in the future. Cybercrime syndicates as well as national security actors/agents from foreign intelligence networks are equally capable of attempting this level of breach and the tactical rewards are monumental.

As Deputy SecDef W. Lynn pointed out last year:

  • We know that organized criminal groups and individual hackers are building global networks of compromised computers, botnets and zombies, and then selling or renting them to the highest bidder, in essence becoming 21st-century cybermercenaries.

 

Takeaway:

As civilians it’s important for us to understand that there is a documented monetary incentive involved with defeating these systems.  The 2009 DBIR notes the most common breach tactic tends to be in finding the ‘weakest link’ of the entire defensive structure, commonly with partnering corporations.

This means that often our unrelated companies may be targeted specifically in order to work upwards through the trust relationships in order to successfully penetrate the ultimate target. The Fire Scout systems were designed here in San Diego and they are assembled in Moss Point, MS. More Fire Scout project partner details can be found at GlobalSecurity.org’s site.

If we work for companies who are partnered with defense contractors, two words should remind us all how connected we are: Stuxnet & SCADA. I urge anyone to check to see if their companies have data pathways open with defense contractors and take appropriate precautions. Don’t be that open door.

Related Articles:

  1. Lost Navy UAV enters Washington airspace (Navy Times)
  2. Kinetic Warfare vs. Cyberwarfare (ThreatBlog)
  3. Northrop Grumman MQ-8 Fire Scout (Wikipedia)
  4. Trojan may have contributed to fatal 2008 Madrid air crash (SC Magazine)
  5. Lynn Outlines Cyber Threats, Defensive Measures (Defense.gov)
  6. Previously classified: Malware’s role in pentagon attack (SC Magazine)

Author ESET Research, ESET

  • user4

    conspiracy theory idiot

    • David Harley

      @user4, I tend to incline more to the cock-up theory of history than to the conspiracy theory myself. But that isn’t a reason not to take security seriously.

  • http://www.securingourecity.org/blog/about/about-charles-jeter/ Charles Jeter

    user4, I really don't take kindly to anonymous trolling. Particularly when it's not so anonymous:
    Author : user4 (IP: 138.162.0.41 , gate1-norfolk.nmci.navy.mil
    Shipmate, my kung fu is stronger than yours. Next time, use anonymizer.

    @user4, unless you believe the context of the article is truly about the SkyNet Terminator Rise of the Machines Hollywood conspiracy which is clearly tongue in cheek, you need to examine the entire content and realize that this is a call to action for civilians who may provide gateways into DoD systems.

    In the Terminator storyline, Skynet was originally installed into the U.S. military mainframe to control the national arsenal. Shortly afterward it gained sentience and the panicking operators, realizing the extent of its abilities, attempted to shut it down. Skynet perceived the attempt to deactivate it as an attack and came to the conclusion that all of humanity would attempt to destroy it. To defend itself, it came to one conclusion: Humanity must be terminated.

    From my background you should note that I served with distinction in the US Navy, combat decorated. I’m not sniping away at the military yet I’m a proponent of transparency. My follow-up line of questioning will be with malware and whether or not this issue was the result of malware.

    Additionally, shipmate, are you actually posting through a government access point onto a blog? Or is this simply a PR damage control bot programmed to output…? Now the conspiracy debate can begin: is this post autogenerated or done by a junior officer/ seaman recruit… Are we dealing with another type of ‘rise of the machines?’

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.