Tech

Hackers prompt flight cancellation at Polish airport

A cyberattack against airline ground computer systems affected 1,400 passengers due to fly out across Europe.

Written by Charlie Osborne, Contributing Writer June 22, 2015 at 1:03 a.m. PT

A cyberattack against Warsaw's Chopin airport caused a number of flights to be delayed and cancelled altogether.

On Sunday, Polish airline LOT was forced to ground and cancel flights after computer systems used to issue flight plans were the target of a cyberattack, as reported by Reuters. The attack took place in the afternoon and, after detection, required roughly five hours to repair the damage.

While details are thin on the ground, airline spokesman Adrian Kubicki told the Associated Press that the cybercriminals were able to "temporarily paralyze" LOT's computers at the airport, which in turn delayed passenger flight processing. In total, approximately 1,400 passengers scheduled to fly to areas including Hamburg, Dusseldorf and Copenhagen were affected by 10 cancellations and about a dozen delays.

LOT was able to transfer some passengers to other flights on Sunday, and placed others in hotels when they needed to stay overnight. In a press release, the airline said:

"The situation after the IT attack on our ground operation system is already under control. We are working on restoring the regularity as soon as possible. Our operating center is already preparing flight plans. We will try to ensure that the largest number of passengers are informed and continue commenced journeys."

No other airports were affected and the safety of ongoing flights were not compromised, according to the spokesman. The cyberattack is now under investigation by authorities.

Featured

"We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry," Kubicki noted.

Cyberthreats to aviation, naturally, are critical in nature as they potentially could result in the loss of life. As a result, threats to systems are taken seriously -- such as in the case of Chris Roberts, who was banned from flying from Colorado to San Francisco with United Airlines after tweeting that he could probably hack into the airline's on-board systems. The researcher said he could connect to computer systems through an under-the-seat connection to view data on the aircraft's engines, fuel and flight management systems.

United insisted the company was "confident" the flight control systems were secure and could not be accessed.

In December last year, the International Civil Aviation Organization (ICAO), Airports Council International (ACI), the Civil Air Navigation Services Organisation (CANSO), the International Air Transport Association (IATA) and the International Coordinating Council of Aerospace Industry Associations (ICCAIA) agreed to thrash out a "common roadmap" to combat cyberthreats. The five organizations signed a new cybersecurity agreement to "promote a robust cybersecurity culture and strategy," including sharing threat identification, risk assessments and cybersecurity best practices.

Ruben Santamarta, principal security consultant for IOActive told ZDNet:

"Initially, it seems that flights plan couldn't be generated which may indicate that key nodes in the back office were compromised. On the other hand the inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices.
There are multiple systems at ground level that provide critical services for airlines and aircraft, in terms of operations, maintenance, safety and logistics. The first stage of an attack against an aircraft may begin on the ground. However, in order to properly assess the impact and the target of this attack we still need more information, so every scenario is just speculation."