Saturday, October 8, 2011

Keystroke logger hits networks used by pilots who control U.S. Air Force drones

This was reported yesterday in Wired Magazine and I stumbled on it from a website called Ology.com.  Apparently Ology is not short for technology since they don't know what a key logger is.  Technically a keystroke logger stores every keystroke made .  Ology.com thinks that a key logger locks out the keyboard and they are freaking out and saying that you could do things like redirect the drone.  Granted, a virus may possibly be able to do this, however by definition this description is not a key logger.  A key logger is supposed to be stealthy and try to stay hidden in the background.  It's purpose is to try to obtain and transmit information as stealthily as possible.  The keystrokes could then be sent somewhere, even in real time.  So, you can say, predict where the drone was going and avoid it or intercept it. In all likelihood, it would probably store a batch of data and then somehow transmit it somewhere.  "How can you hide transmission?" you ask?

Well, let's say when data is transmitted, there are errors.  Technically this is the case in the real world on networking and when this happens data is transmitted again.  Now, let's backtrack a bit.  Data is made up of bytes which is made up of bits.  8 bits make up a byte and typically computers use 256 bytes for characters (A is ascii code 65 or 41 in hex).  You could set one of the bits of a byte every now and then.  So, let's say I set the first bit of 8 bytes to something.  Then a program looks at those 8 bits and translates it into a byte.  In other words, you would see this (O=original bit and H=hacked transmitted bit):
OOOOOOOH OOOOOOOH OOOOOOOH OOOOOOOH OOOOOOOH OOOOOOOH OOOOOOOH OOOOOOOH

Okay, yeah yeah, it looks like a song.  But still, 8 bits of 64 are bits I set.  I take those H bits and translate it to mean something.  Now, we stream a ton of data in a second, so maybe every now and then I do this for 128 bytes, sending 128 bits that gets translated to 25 characters of text.  So, I have some data that means something to me.  What happens with the program that is actually sending the data?  Well, to the receiver, it looks like something got garbled in the transmission and so the program resends the data.  So, I could get the retransmission and compare the first send with the second.  Why would I care?  Well, I don't know when my process is sending a message and when it is not.  So, if I check two sets of data and if over 87% of the bytes match, it's probably a resend.  So, then I look at the bits I care about and try to figure out if it translates to a message.  If it does, I have my stealth message that was sent by my key logger.

Now, what makes this key logger especially troublesome is they wipe it out and it comes back!  So, this could be in a bootup rom location or maybe there are a bunch of other programs that recreate the key logger if it can't find it.  So, they have to complete wipe out the hard drive.  So, they had to use BCWipe, a military grade way to completely and utterly delete a file.  (yes, when you "delete" something on the computer, it's not REALLY deleted ... the computer just forgets its there and puts the blocks back into group of the free to use spaces of your hard drive).

In any case, here's the original Wired article.
http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

Here's the Ology article.  Bear in mind that these guys have absolutely NO clue what the heck a key logger is.  And I have no clue what robotic Rockem Sockem robots have anything to do with Preditor Drones or key loggers.
http://ology.com/politics/robot-wars-begin-virus-strikes-us-unmanned-drone-fleet

No comments:

Post a Comment