Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Hundreds of Squid Wash Up on Southern California Beaches |
| New Attacks on CAPTCHAs »
October 10, 2011
U.S. Drones Have a Computer Virus
You'd think we would be more careful than this:
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
"We keep wiping it off, and it keeps coming back," says a source familiar with the network infection, one of three that told Danger Room about the virus. "We think it’s benign. But we just don’t know."
EDITED TO ADD (10/13): No one told the IT department for two weeks.
Posted on October 10, 2011 at 6:38 AM
• 64 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I also read that they now think it is actually an internal monitoring tool, and the reason it keeps coming back is because it automatically gets reinstalled by the IT department.
"We keep wiping it off, and it keeps coming back"
Yes but do they have to keep droning on about it?
Dave, the problem is plane and simple, and predates the pilot program. They don't have the remotest chance to fix it.
... Oh dear. If I've helped start a pun thread on Bruce Schneier's blog, will I go to hell?
Airgaps are double-edged sword -- they also stop security patches.
BTW, did they make (daily) backups?
Sorry, folks, no puns here. When I read these sorts of articles I wonder--are they really so clueless, or does their knowledge get lost in transmission?
Somewhere, a newspaper pointed out that the black hats being droned upon were able to capture the drone feed. Presumably that would provide them with actionable intelligence (Duck!).
Who, however, would want the keystrokes? That seems far, far more subtle.
Where are the wise men to quit punning and start enlightening?
@Jeroen: If it were an intentional tool that gets (re)installed by the IT department, wouldn't SOMEBODY be able to tell them "Yeah, that's intentional. It's part of the code base that was checked in by Person on MM/DD/YYYY, and the person in the chain of command who approved the key-logger was __________." ?
As it stands, you have one of two kinds of dysfunction here:
-IT is working against itself. One person in IT is wiping the key-logging software off the machines, but someone else is putting it back on. And the two parts (or people) in IT are not communicating with each other, making it unclear why the key-logging software is on there or if it is, indeed, intentional.
-IT is inept. If the malware is, indeed, from an outside source, the people in IT that handle the drone software are a) unable to protect their software updating vectors, b) unable to detect the source of the malicious code, and c) unable to properly revert to a previous version of the code that is uninfected.
Either of those two scenarios is bad. I leave it to the other commentators to determine which is worse.
Am I the only who saw this story and thought "oh crap, it's Skynet"?
Just my thoughts 8-)
There are a lot of different scenarios, all of which are just as stupid.
1) Due to budget cuts, someone neglected to sign the renewal of the license for the antivirus/antimalware subscriptions on their Windows based computers. Some botnet master in Russia is now very confused what the heck it is these machines are actually doing.
2) They're actually spying on themselves, the right hand not knowing what the left is doing and vice versa.
3) The R2D2/0zapftis trojan is not the only piece of malware the Germans have been working on.
4) It's a scheme by military/government lawyers so they can plead plausible deniability if ever a specific death-by-drone killing is ruled unconstitutional. After all, everybody knows Chinese APT's are everywhere.
5) They really haven't got the foggiest idea what they're doing.
I clearly go with option 5.
I've seen such an infection in a ground-station above the polar circle operating a very expensive satellite. (I really can't name specifics).
The virus seem to have come from an usb stick and messed up everything and they were not able to remove it for weeks. And this was a known virus.
Luckily enough some specialized mission critical equipment was windows NT and to old for the virus. Otherwise a multi-hundred million spacecraft would have been at risk.
It was an unfortunate combination of lack of a security policy, incompetence and stupidity.
i am not sure about the virus. it may be a possible future excuse for "oops we hit you by mistake" military trojan defence is the new trend. :)
From these reports I have to assume they are running some variant of MS Windows. Doh! Can you spell "insecure"? How long before someone that doesn't like us gets control over an armed drone and blows up some of our assets?
I keep wondering, what "benign" is supposed to mean in the context of a key-logger on a remote controlled, airborne war machine.
Maybe it means the keystrokes by themselves are worthless: no passwords, no secret messages, no magic codes.
Think about the normally valuable output product of a keylogger: bank acct nums, PINs, passwords, etc. Probably no one's doing banking or Facebook logins from a Reaper control station.
@Brad "oh crap, it's Skynet"
Yeah. pondering that. . .
Since the AF has been using Kapersky Labs clearing instructions it's a known threat. Probably written for banking fraud and just found it's way into the pilot consols (airdales t'cha!) I wonder if they'd jack a usb drive into an aircraft usb port if their butts were actually in the craft?
As for who would want the keystrokes (assuming the code can talk out to it's command and control - DoD does a LOT of egress blocking) I'd like to see THAT negotiation retired KGB talking to a Col in People’s Liberation Army Blue division.
would it be on the swinging rivera one day or in a Bombay back ally the next day?
I can't think this is malicious, because even a halfway intelligent would-be spy should have figured out by now that yes, they can detect an infection on their network, and should have stopped reintroducing it.
I wonder if they're checking the thumb drives with map data etc. that people are bringing in, to see if the infection really is coming in that way. Though if the real source is someone bringing in music or videos from their home computer, I suppose that drive is already evading any official checks anyway...
As I understand it, the keylogger is a WOW account stealing variant - the command center is not network connected so they use USB keys to move things back and forth...
"I wonder if they'd jack a usb drive into an aircraft usb port if their butts were actually in the craft?"
I'm sure they would. So far as I know, there's no special computer security training for pilots.
lol, windows on us drones, i can sleep secure tonight
It's justification for all of the cyberwarfare rhetoric.
First two links are the same, Bruce--is that on purpose?
people are the weakest link.
I read this post the other day and was infuriated by the sheer carelessness displayed. Above and beyond the malware infestation, they haven't even been encrypting the drones' video feeds!
I've wondered for a long time whether the remote, risk-free, videogame-like nature of drone warfare is giving the drone pilots - and the military in general - an itchier trigger finger; now I'm pretty much convinced that the remote, risk-free, videogame-like nature of drone warfare has convinced these people that it isn't warfare at all. I can't help thinking that, if there were actual pilots in those cockpits, there would be some actual accountability being demanded right now.
Waitaminnit. Are these machines being serviced by the same guys who did the Diebold voting machines?...
Drones (Unmanned Ariel Vehicles) don't have cockpits.
I'm with Marc: the big surprise wasn't that they thought it would be hard to hack the drones. People make that sort of security mistake all the time.
The fact that they are broadcasting unencrypted video feed from the drones is breathtakingly bad, in comparison.
@ Marc, Pat Cahalan,
"...unencrypted video feed..."
This bit of news is several years old, the story at the time is a drone spotted some turban wearing type sitting behind a rise with a laptop on his lap looking at the live feed which got relayed back through the drone and produced one of those "1970 TV Special effects".
If the story is true or not I have no idea but certainly the feeds are unencrypted and you can pick them up with less than 500USD of equipment and software.
And this is what I was refering to over on the Friday Squid page, when indicating that the design of the drones was "not secure" because the project emphasis was getting "drones on target" for field evaluation. Unfortunatly they kind of missed out on the next few project steps as they then went to live combat field testing.
Now there are several questions about encrypting or not encrypting the video feeds. In a tactical situation encryption is not going to add a loapart from less reliability and a false sense of security (you don't need to see the feed to know it's time to "duck and kiss your tail feathers" just hearing the carrier is sufficient for that.
So to make any encryption worth while you would have to encrypt both the base band signal (video) and the RF (carrier) via the likes of Spread Spectrum.
Think back ten or so years to what the state of the Joint Tactical Radio Systems and how unreliable they were (and still are for that matter) and the size and weight of the "secret equipment" required to use it.
Now think of one of the original intended purposes of the drones which was "online tactical intel to engaged front line troops" and ask do you realy want them toting large heavy secret equipment around whilst under direct enemy fire?
This is really pathetic. Unless it is intentional misdirection (possible), it points to extreme incompetence (also possible). I tend to lean to "incompetence".
Drones (Unmanned Ariel Vehicles) don't have cockpits.
So what would you call the control booth in Langley or Nevada that contains the pilot/video-gamer if not a (remote) cockpit?
@ Daniel Clark
"So what would you call the control booth in Langley or Nevada that contains the pilot/video-gamer if not a (remote) cockpit?"
An RDC (remote drone cockpit). Except when not located in Nevada or Langley. Then it would be a "Bruce".
Time for the cypherpunks to stop referring to their systems/crypto as "military grade". Clearly, they are better than military grade.
Actually the sources quote was "we think we're benighted..."
A bad joke seemed appropriate since this is nothing serious, just arms control using Windows.
"That was the problem with WikiLeaks and Stuxnet but now new rules are being introduced by the White House to speed up this process."
I hear the sounds of stable doors banging in the wind accompanied by the distant sound of hooves...
The problem with the idea is two fold,
1, It's a security "add on".
2, It's another collection of secret data.
As an "add on" it is in all likley hood to be badly integrated and thus have boundery conditions that can be exploited in one way or another.
But more. importantly the database created to record access etc becomes it's own "top secret", just being able to see who has accessed what and when will hemorrhage highly sensitive information, and thus will become a target in it's own right...
In a way it will be similar to "traffic analysis" where the "contact information" reveals more than actually knowing the contents of any given communication.
Infected drones lead to subtle issues.
Instead of a blue sky of death, victims of drone attacks will see a blue screen of death.
"So to make any encryption worth while you would have to encrypt both the base band signal (video) and the RF (carrier) via the likes of Spread Spectrum."
Good Idea if we can wind the clock back 20 years, these days it is not difficult to detect changes in the RF noise floor, which makes simple DSSS (carrier spreading) a lot less secure than it used to be.
The problem is that modern mobile comms equipment (OFDM/LTE...) is targeted at commercial markets and the "build your own" breadboard equivalents fro defense purposes take require a truck load of space and weigh far to much for the minimalist drones.
The only possible answer is the continued militarization of commercial communication equipment. Now the problem is the military wants a 3 year to 5 year ramp / qualification and a 20 year availability. Commercial electronics works on a 6 month production ramp and 2 year product cycle. this creates a situation where "militarized" chips are already out of production 1 to 2 years before the military version is even field deployed...
If you've got a solution to this problem, than there are a lot of interested parties...
on a side note. Why the hell do they have to put on their flight overalls to pilot the drone?
I bet they also wear them when playing CoD
"Why the hell do they have to put on their flight overalls to pilot the drone? "
Common practice. I used to wear a bike helmet when playing X-Wing or Tie Fighter back in the 486DX days.
No this was an European story and luckily no human lives were at risk but on the other hand it never made the press.
I wonder how much of this is going on and we never find out about it.
This could be better written. . .
"disabled 87 percent of its computers to prevent people from downloading classified data onto memory sticks, CDs or DVDs"
Did the editor just remove unnecessary words?
Did DoD turn off the computers or remove/turn off thier writable drives. We once applied C2 to a network and disabled floppy drives (386s). Didn't work. Support costs went up to include an adminstrator going on site to apply AV updates.
"State Department stopped distributing its diplomatic cables over a classified e-mail system "
Classic displacement behavior. Manning got his data from a database. Why mess about with the mail system when it was just there to be grabbed. Or is the State Dept really circulating cables from the 60s in email now?
"say the new policies and procedures are relatively untested. "
Well yeah. how can you test a reflex?
@TheRedSeven: "If it were an intentional tool that gets (re)installed by the IT department, wouldn't SOMEBODY be able to tell them"...
Sure, if IT was run by someone competent and on a reasonable budget. However, their IT is probably like every other IT department in the world - infested with normal human beings not allowed to finish one project before starting on the next because a) the boss is clueless, b) there's no time (and money) allocated in the projects for little things like docs, or c) both - my choice. Hence, documentation and support information are probably non-existent.
Good luck figuring out what this is if IT installs it. They're probably better off treating it as malicious and getting someone to clean house for them.
My understanding about drone camera feed being clear rather then encrypted is that plain and simple it's not high value data. This is a paraphrase of the reasons given in one of the papers when it first came to light.
Unless you tap into a UAV feed and watch it from take off, it can actually be quite difficult to locate the drone from the feed (it's difficult even if you do know take off unless you have flown the areas to be able to recognise location from the air). Being able to locate a drone from the feed does not give information on target of the drone, it is likely to be too late to take action once the target is apparent. The data is even less useful after the attack has completed.
So why try to encrypt with all the costs associated to that when the feed data is not as valuable as some would think and there is a clear chance to crack anyway.
"If you've got a solution to this problem, than there are a lot of interested parties..."
Oh I've a number of solutions all right but as it involves sensible resourcing as a primary requirment the conversation stops at that point.
The crux of the issue is the politics of resources which always equates to "spending" and that is a "dirty word up on the hill" unless certain people are being lubricated by pork grease.
With regards "detectability" by those on the ground I agree SS is only a partial solution that is not aging as well as one might expect. The solution is to lower the energy at their antenna to below the noise floor. If you look at it purely as energy then there are only two solutions,
1, Reduce the energy radiated from the drone.
2, Confine the energy to radiate in a different direction.
Both of these are limited in the scope of what can be achieved due to the base band bandwidth and the distance ratio of drone to blue and red forces.
The simplest first thought being a narow beam width low power X-band or above signal up to another plane or satellite. Obviously the first problem with this is the weight/size of the tracking equipment in the drone needed to keep the beam pointing where it should be. Then there are a whole load of secondary and tertiary problems.
Thus put simply "detectability of the energy" needed for the video due to baseband bandwidth is going to be an issue when it comes to energy radiated. Importantly the red forces are almost always likley to be closer to the drone than blue forces when it is used so there is the very real possability that the energy signiture from the drone cannot be "put in the noise floor" with realtime video.
So logicaly the next thing to look at is how to reduce the baseband bandwidth. Although we have progressed a long way in video compression it has almost always been at the cost of CPU cycles which have energy, size and weight issues of their own which were considerably more significant 20years ago.
Even today in a new "intel drone" design you would still be looking at a significant increase in energy, size and weight compared to many other parts of a drones electronics. However in a "stand off drone" used as a weapons platform this is considerably less of a consideration.
All this is before the consideration of the actual electronics in use. As you note the product cycles for comercial products are at best 3years, whilst for military products 3years puts it at best into the first set of field tests.
Thus even today I suspect drone designers would look at reducing the energy, weight and size, and accept the loss in arguable security in favour of increased functionality on target.
But what are the reasons they don't encompass more contemporarie commercial equipment?
The reasons are actually more political than technical. You can see this by going through the options the military could consider.
One solution is to "roll your own" but as we have discussed before this is not realistic due to the level of investment required.
Another solution is bulk buy in the parts and stick them on a shelf untill required. However this requires a sensible inventory control policy and system, which lets be honest no military forces and few commercial organisations have ever managed on even a short time frame but over 20 years... forget it.
There is however a third option which is "standardise the interfaces". That is you just except that various bits of a system will need to be "upgraded due to obsolescence" during the life cycle of the system, and build it into the design.
This is one of the bits everybody forgets to talk about when using COST designs, because they are normally far to intent on showing cost savings.
However it needs carefull functional decomposition of the system and my previous experiance in the mil domain design sugest this is an area that they could considerably improve in.
The fourth option is "go fully comercial" that is assume your enemy is far from equal and that their ability to compete on the intel side is minimal. From this perspective, all you do is "ruggedize" ordinary commercial systems such that it will be more likley to survive battle field conditions.
We have already seen this with the likes of hand held GPS systems, and most manufactures would (providing the order is of sufficient size) be happy to provide more physicaly robust systems as there is actually a small but significant commercial requirment for such systems. The cost involved is usually that of enclosure re-tooling, which is usually around 0.5M USD, which is quite reasonable for +10K parts.
However there is still the "security" aspect to consider, and this is where the politics start, and it brings the military up against law enforcment when looking at commercial products.
From the military perspective putting high level security in comercial communications systems will have little impact on their intel functioning, mainly because apart from very high level circuits simple traffic analysis provides the bulk of their tactical SigInt (that is message content is mainly irrelevant compared to knowledge of endpoint location and traffic volume).
However politicaly LEO's don't want mil level security in commercial equipment as their expressed view is unfettered access to electronic communications content being "vital to law enforcment". It's bullshit as both crime and the LEO's have always been successful without mil grade security and will continue to do so irrespective of what level of secure products are available. This is because the simple fact is LEO's use humint not sigint to persue by far the majority of their cases, and will continue to do so.
However from a political viewpoint LEO's have an entrenched position against anything other than the most feeble of communications security and will fight any proposal to provide high level security. Mostly this is a "give us more resources" stance than a genuine problem, but they will play it out as long as they can. Likewise the military can likewise use the "LEO position" to argue for more resources...
So neither side is realy interested in resolving the issue...
For once (and I know this is dangerous) I'm going to disagree with Clive. The encryption doesn't have to be perfect to be useful. If the insurgents can't tell what's in the pictures and can just tell they are there then they will get many more false alarms and you can even drive that up sending in cheap $100 drones with a transmitter. This will be disruptive.
Now the claim that this is simply "not high value data"? That's clearly not true. Why else would the US be willing to pay so much to get it? Think about the things under a drone's flight path. First, you have an aerial view of the airbase it starts from. If you want to target mortars at people hidden inside then this is the exact data that you want and are missing. Secondly, the drones will often be called out to support troops. This means that you fly over the troops as they are deploying and or attacking. Your opponent gets just as useful a view as you do. Great for targeting once again. Now just imagine the ISI monitoring centre just sitting there watching the streams and plotting the drones and what they see and then putting out text message alerts to those who can benefit.
Active attacks would be incredibly difficult, but even more interesting. Wait till the drone flys on a known standard path, then overlay some insurgent vehicles hiding at the last moment. Now you can set up a perfect ambush and/or drive a bunch of attacks on undefended civilian targets.
If cable TV operators can afford hardware encryption to every subscriber the the US Army could get something at least as good.
As I understand it, them Skynet machines can't fool a German shepherd. So all we gotta do is trot a coupla k-9's out to the runway every time the drones come back, and if the dogs go off on 'em, machinegun the drones. Man, I thought Bruce had TAUGHT you fellers to KEEP IT SIMPLE.
Even though nobody said so in the articles (they just talked about "computers") it seems clear from context that it was (as usual) vulnerabilities in Microsoft products that permitted the original "infection" as well as the subsequent inability to remove the malware. We're all apparently so numbed by the pervasiveness of the Microsoft monoculture that responsible journalists (assuming the ones in question qualify as such) no longer even feel obliged to name names.
And here I thought it was bad enough building voting machines that require anti-virus software.
Oy vey. But OTOH... not too surprising given all the infighting and turf wars regarding "US Cyber Command" and the drones themselves, I guess.
Wow. Stories like this do not exactly inspire confidence.
"For once (and I know this is dangerous) I'm going to disagree with Clive"
If you are a US citizen you have the legal right to do so (as for other jurisdictions check your statutes, either way feel free 8)
"The encryption doesn't have to be perfect to be useful."
I agree with this statment to a certain extent but only in this particular set of circumstances...
However the military doctrine in the past has assumed equal if not more skilled cryptographas on the red side, and that the crypto should be good for a known period of time.
The conservative military aproach in the past has thus been to treat all non front line comms as though they may be carrying high level traffic (to obviate the Field Marshal in the troop transport plane scenario). This viewpoint originated in WWII where low level weather and dockyard ciphers provided entries into higher level ciphers due to the same plaintext traffic being encrypted in several ciphers.
What makes a difference in the Iraq and Afghanistan conflicts is the "technology gap". However this not to say the gap cannot be bridged by other Nations who then pass on the methods.
And this brings into play the "little knowledge is a dangerous thing" and "false sense of security" rules of thumb.
People chatting on a known to be insecure line will be very circumspect about what they say. However they tend to be fairly free in what they say if they belive they are on a secure line....
Thus from the military perspective it is always preferable to go for high security at all points except for front line comms, simply to stop slips by use of insecure lower level ciphers, which the users believe incorrectly to be secure.
However the modern world has advanced in so many ways in the last 70 years that the use of what would have been "high level" ciphers back then is effectivly mandatory these days just to ensure a return on IP.
The changes over the last ten or so years has enabled high level encryption (AES etc) to be used inquite small energy efficient packages in the commercial sector, however not so the military, they are still playing "Chatche up".
"With regards "detectability" by those on the ground I agree SS is only a partial solution that is not aging as well as one might expect. The solution is to lower the energy at their antenna to below the noise floor. If you look at it purely as energy then there are only two solutions,
1, Reduce the energy radiated from the drone.
2, Confine the energy to radiate in a different direction."
Actually the problem is 'channel throughput'*detectability, low BW signals are easy to hide but Video even compressed is not low BW. to increase Throughput you need to use RF techniques that achieve throughput near the Shannon limit. Furthermore you want to channel modulation to automatically adapt to cope with the deteriorating signal quality as the drone moves away from you. In short you want an adaptive comms channel something like LTE.
"One solution is to "roll your own""
Yeah.. developing a 40nm LTE chip with Video / MM functions say H264 compression costs on the order of $100M and takes about 2 years. Unfortunately if you get defense contractors to do this, you will need to add at least one zero to both the schedule and cost columns.
"There is however a third option which is "standardise the interfaces".
Good idea, except the whole comms /video package is a single chip (one chip) Indivisible. OK this can be made as a module to slot into the Droid control system, but all the link comms protocols and encryption etc are on this chip.
The last problem is that the commercial chip guys are working on 2 year product schedules, so they don't even want to interface with anyone that is not on their schedule. Even minor changes to support some long tail app will usually get rejected, not because they are not good ideas, even good business ideas. They get rejected because the long tail apps guys are not ready with a team that moves fast enough to stay with the chip R&D team's schedule. At some point the Military guys fall behind and their module gets canceled. Trust me on this I've been there...
Where does this leave us... Basically uses fully commercial solutions and live with the inherent security problems. AND stockpile chips once you find one that works.
"Yeah.. developing a 40nm LTE chip with Video / MM functions say H264 compression costs on the order of $100M and takes about 2 years."
I've read before that ASIC designs average around $15-30 million dollars over several years. Were you jokingly exaggerating or serious about the $100 million? It's a truly jaw-dropping number for me. (You know, out of defense circles that is.)
"Unfortunately if you get defense contractors to do this, you will need to add at least one zero to both the schedule and cost columns."
LOL. Too true.
"Were you jokingly exaggerating or serious about the $100 million? It's a truly jaw-dropping number for me."
NO I'm not joking, actually it is kinda low, it takes a team of about 500 eng. 2 years( say average cost 200K / eng)
Look at the recent Trade sales Icera (LTE) => Nvidia for $360M and Beceem (Wimax)=> Broadcom this only got the acquires a starting point not a product, they will spend at least $30M getting from this start to a viable product.
Now if someone, (that's very generous) gives you the IP, knowhow and an experienced eng team. Than the actual product stage will probably only cost you $10M, maybe $15M in 40nm.
Unfortunately Military negotiators are their own worst enemy's, they come to you with a contract that states they will OWN all the IP required for the project and have the right to sell / reassign this IP. Under these circumstances I don't want $15M, I want at least $415M, they don't seem to understand that the starting IP worth about $400M and is not theirs.
After reading the article, I think this article was planted. By whom? Who knows, but it doesn't make much sense.
I find it hard to believe they're not encrypting the video. Maybe just on those birds they want to have intercepted? Whole thing reeks of carelessness.
dave: "Why the hell do they have to put on their flight overalls to pilot the drone?
I bet they also wear them when playing CoD"
I assume this is psychological - an attempt to keep their heads in the fact that this is real. I suspect it's not nearly enough. The overwhelming impression I have of drones is that they're simply no good for making sure people remember that actions can have very grave consequences.
Alternately, based on the comic Air Force Blues, it's because pilots have ego problems :)
Strad: "My understanding about drone camera feed being clear rather then encrypted is that plain and simple it's not high value data. ... "
The argument that the aerial camera data isn't very useful might hold water if a) Google Earth didn't exist and b) integrating well-tested crypto in a timely fashion wasn't a problem solved to heck and back. If my reddit login can be reasonably secure, so can a military camera feed.
It seems that drones are useful, if at all, only because we have air superiority and there is no ground-based attack yet. They are like the helicopters the Russians used to beat the hell out of the Afghans with. Those worked until the CIA imported lots of Stinger missiles which made the helicopters much less effective.
While I don't think that we will be losing air superiority soon, our use of drones seems to give another country the opportunity to develop the analog of the Stinger missile. Then our expensive drones get shot out of the sky by cheap missiles and the country that provides them gets enormous political clout.
The air force claims that the true story is a bit different. Actually, to me it makes complete sense. If this were a big incident there would be lots of people running around hushing it up. It has to be something trivial for it to have become so important in the media :-)
@moz - are they trying to downplay rather then hush things up to avoid the internet Streisand effect?
@strad, more likely they're trying to downplay it so that people think they're trying to act like they have something to hide so that people think that they think it's important so that people conclude they're trying to draw attention away from something else and thus reduce the Streisland effect.
I concur with most of your comment.
Drones are useful and yet a killing machine. Perhaps a well thought out tactic to blame the killing of innocent people on a worm/virus if the case goes to the court.
There's just something gut-clenchingly plausible, to me, about one day having somebody else take over a whole bunch of our drones via malware and use them to screw us over. ("So, Mr President, do you have any comment on today's drone-fired missile attacks on the Pakistani and Afghan presidential palaces and the headquarters of the ISI?")
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.