I was astonished when so many people on the HN thread discussing the viruses on "the Predator system" couldn't distinguish between flight critical software and everything else. Lots of comments along the lines of "what do they expect, letting Windows fly an airplane" and so on. There seems to be similiar confusion here.

Can you explain further? I am pretty sure the Predator drones do not feature in-flight entertainment, so unlike the plane + entertainment system in this article, the infected computer systems must be related to flight operations.

With the Predator, it was more or less a flight- vs ground-software distinction, as my sibling commenter says. But even with the inflight entertainment system, where everything's in flight, there are separate computer systems (meaning, CPU's, software loads, operating systems, power busses, communications networks, air supplies for cooling - the whole nine yards) for the flight critical software (flight-critical meaning that an error or malfunction could cause the plane to be unable to fly) and the in-flight entertainment center or any other system of lesser criticality.

Even with UAV's, it's not just a flight-vs-ground distinction either. For example, any drone that's being used for reconnaissance is going to keep a big imagery database on board, simply because there's not enough satellite bandwidth to stream lots of data back to the ground while it's on the air. That server could be running Unix or Windows or whatever, and probably is, because the UAV designers will have gone to a lot of trouble to make sure it can't interfere with any flight critical software.

The infected computer systems were ground side, not the aircraft themselves.

Exactly. This is sort of a stretch of a metaphor here, but consider the predator having a server system that provides an API. The ground station is just a client putting out requests to that API. The ground station computers had the virus. That whole series of articles in the press was kind of stupid. If I use github, have a virus on my computer, it doesn't mean that github has a virus on their computers.

But that virus might steal the password for my github account. Or even delete one of my repositories.

And by deleting a repository I mean firing a Hellfire missile.

Yes, in this case though the virus was apparently a keylogger on a system that isn't (supposed to be) connected to the internet. So while it may have gathered information on what the operators typed in, it wasn't getting any magic passwords. Most of that (if done properly) would involve some secret keys that operators don't directly access.

So does it matter if it was a ground control computer that was infected and took over/blocked control of the drone - rather than an attack on the onboard system that did the same?

It's an interesting question. In my opinion, it's probably more serious to have the ground station compromised than the onboard software. The Predator is just a drone and the onboard software is going to be pretty dumb, so even if an attacker were able to take it over completely, it couldn't actually do much besides crash the plane or launch its missiles. (That sounds serious, but it really isn't. If you're using a drone in the first place, it's safe to assume it's somewhere where you don't have many friendly forces to begin with. That might change if the US keeps turning into a police state, but that's another discussion.)

If an attacker compromises the ground station software, on the other hand, he gets to try to snoop on whatever intelligence information comes down from the network that computer is on. Things like lists of likely targets for the operator to watch for, or anticipated positions of friendly units in the area, and so on. You get the idea.