The malware, which was detected on “standalone” systems at Nevada's Creech Air Force Base, has not affected the U.S. military's remotely piloted aircraft operations, the Air Force said Wednesday in its first official statement about the matter, initially reported by Wired late last week.
"It's standard policy not to discuss the operational status of our forces,” Col. Kathleen Cook, spokeswoman for Air Force Space Command, said in a statement. “However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question.”
In its statement, the Air Force contradicted numerous earlier reports, which classified the malware as a keylogger capable of capturing pilots' keystrokes as they carry out missions over Afghanistan and Pakistan.
“The malware in question is a credential stealer, not a keylogger, found routinely on computer networks and is considered more of a nuisance than an operational threat,” the Air Force said. “It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer.”
The compromised machines were part of a ground control system, which supports the military's remotely piloted aircraft operations, but is separate from the system that actually directs the weapons, the Air Force said.
The ability to fly the drones “remained secure throughout the incident,” the statement said.The Air Force also disputed earlier reports of how the malware was discovered. Wired reported that Creech security specialists first discovered the infection and spent two weeks attempting to eradicate it on their own, failing to notify the 24th Air Force, the unit in charge of cybersecurity for the military branch. The Air Force, however, said the malware was actually first discovered on Sept. 15 by the 24th Air Force, which subsequently notified Creech of the issue.
Upon discovering the compromise, the Air Force began a forensic investigation to determine its origin and to clean infected systems. Previous reports state that the malware persevered through several removal attempts.
In its statement, the Air Force did not name the threat or state whether it had been expunged from affected systems.
And despite what the Air Force claims, the virus was “absolutely” crafted to steal data, Jeffrey Carr, founder and CEO of Taia Global, which specializes in cybersecurity countermeasures for corporate executives and government officials who travel overseas, wrote in a blog post Thursday.
He added that he was disappointed an Air Force spokesperson declined to reveal the name of the malware."The [news] release makes a distinction between a 'credential stealer' and a 'keylogger,'" he wrote. "Well, that's a distinction without a difference. What we're really talking about is a trojan that steals credentials by logging keystrokes."