Flash media possible cause of Predator Drone Virus Published Oct. 28, 2011 By Staff Reports 90th Communications Squadron F. E. WARREN AIR FORCE BASE, Wyo. -- In mid-September, the military's Host-Based Security System detected a computer virus that infected the cockpits of Predator and Reaper drones, logging pilots' every keystroke as they remotely flew missions over Afghanistan and other warzones. The link below provides some additional detail into the virus that was possibly spread through use of flash media from the public network connected to the Global Information Grid and specific functional systems. http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/ In 2008, the commander of U.S. Strategic Command suspended the use of memory sticks, thumb drives and camera memory cards -- referred to collectively as flash media -- most commonly connected via USB ports on Defense Department non-secure Internet protocol network, secret Internet protocol router network and joint worldwide intelligence communications system computers using Windows operating systems. Use of such devices posed a severe security risk to the GIG. "Air gaps" between Air Force and public networks have been bridged, largely through the use of flash media and removable drives. This media helped introduce the agent.btz worm to hundreds of thousands of DoD computers, which was the original reason for their restricted use. Unfortunately, many people are still connecting unauthorized USB devices to Air Force computers. The Integrated Network Operations and Security Center has begun providing names, machine names, times and devices that are connected to computers so there is a better idea of the magnitude of the problem at F. E. Warren. In 2010, the USSTRATCOM commander approved limited use of removable flash media for mission essential use only. It is important to note many restrictions still remain and there are very specific procedures for gaining approval for use of such media. The 90th Communications Squadron Information Assurance Office takes the following actions if the flash media policy is violated: 1. They notify all first time violators of their USB offense and require them to re-accomplish IA training online and provide proof of completion of training via e-mail within seven days of notification. 2. If IA training is not completed within the seven day deadline, the user's account is disabled until IA is contacted for user to re-accomplish IA training. The user is given 24 hours to complete the training online, otherwise their account will again be disabled. Once completed and proof of completion is provided their account will remain enabled. 3. IA will notify commanders of second-time offenders. The user will consequently have their account disabled for a 14-day period due to their reoccurring violations. Also, they will be required to participate in one-on-one training with the wing IA office to ensure they are aware and properly trained based upon their repeating offenses. Bottom line, do not use flash or removable media unless it is approved and the specific instructions for its use is understood. Please direct any questions regarding the use of flash or removable media to the 90th CS Information Assurance office at 773-5139.