Drones: invisible to radar but vulnerable to primitive viruses?
Sykipot, a malicious piece of malware that has been around since at least 2006, was recently waged at the computer systems of US governmental department and defense contractors. Although Symantec, a world-wide leader in anti-virus protection calls the Trojan neither “sophisticated” nor “well-coded,” new reports confirm that the malware was emailed to DoD-affiliated authorities in an attempt to do even more damage to the top-secret drone program.
Drones, unmanned robotic aircraft used by the Pentagon and CIA in surveillance and missile-firing missions, are controlled from remote bases across the world. Despite the advanced technology of the impressive crafts, however, the US recently lost two planes in just as many weeks. First came the interception of a Sentinel RQ-170 craft in Iran on December 4, with a similar craft succumbing to a fiery crash in the Indian Ocean days later.
In the wake of the downing of the Sentinel, Iran engineers made claims that they hacked into the GPS network used by the drone commanders by way of a loophole they say the US government well aware of. In the days since, other reports have suggested the CIA headquarters have also been infiltrated by anti-American forces, with military officials telling Israel-based news outlet Debka that the downing of the drone over Iran could only have been conducted with a high-tech attack on the command center itself.
Now the website Information Week has tried making light of the latest virus, Sykipot, and in identifying it has realized that it has been waged against the Pentagon in hopes of damaging more drones.
According to Information Week’s Mathew J Schwartz, Sykipot was sent in the form of an email attachment to DoD contractors. Often the email will include a malicious Adobe Acrobat .PDF file or a hyperlink that will trigger the virus.
“In targeted attacks,” writes Schwartz, “attackers often include information--in the form of attachments--that they think recipients will find interesting. Conversely, this highlights the type of information that attackers are seeking.” In the case of a slew of emails sent to Pentagon pals, the messages related to drone crafts, specifically the Boeing joint unmanned combat air system X-45 and the Boeing X-37 orbital vehicle.
The Alien Labs Vault blog dives deeper into explaining Sykipot, noting that the Trojan infects Microsoft’s Internet Explorer and Outlook programs, as well as Mozilla’s Firefox browser. From there, the virus connects into internal servers and retrieves encrypted configuration files which can then be executed externally, the results of which are then relayed to a server where the maker of the malware can investigate the results.
The site also notes that most of the servers that manipulate the malicious program are running off a particular webserver named Netbox, which while used across the world, is almost exclusively operated from China.
Symantec adds on their website, “Given the long list of command and control servers being used for controlling the botnet, the attackers are unlikely to be a single person, but rather a group of people. Thus, the Sykipot attackers are likely to be an organized and skilled group of individuals. Given their persistence and their long-running campaigns, the attackers are likely to have consistent funding for their efforts.”