Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Security

Report: US air-traffic control systems hacked

Summary: Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to a report.

Elinor Mills

By Elinor Mills |

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency's mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming "insiders," according to the report dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator's password in Oklahoma, installed "malicious codes" with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.

And in 2006, a virus spread to the air traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

"In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations," the report concluded.

This article was originally posted on CNET News.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

92 comments
Log in or register to join the discussion

  • Why does....

    The FAA need to have these systems linked to a public facing system? Couldn't they use private networks and segment this stuff from the internet? I just don't understand why there needs to be a connection. I would just like someone to explain that to me.
    OhTheHumanity
    Reply Vote

  • I was asuming 24 or Die Hard

    Even SS numbers should be in a database encrypted. They should be easily viewable. AES encryption requires a coded word to decrypt any AES encryption. So the time that they had would not be enough to decrypt the SS#. One layer of security is not enough, you need internal monitoring and levels.
    Maarek Stele
    Reply Vote

  • Hmmmm, now, which OS gets viruses?

    Why was a virus-prone OS used for ATC?
    whisperycat
    Reply Vote

    • I agree

      http://www.theinquirer.net/inquirer/news/1008257/faa-switches-air-traffic-control-to-linux

      But It does not matter what Operating system they use, it all comes down to

      http://www.cioinsight.com/c/a/Past-News/Report-Air-Traffic-Systems-Wide-Open-to-Hacker-Attacks/
      GuidingLight
      Reply Vote

      • LOL

        pwned!
        Hallowed are the Ori
        Reply Vote

        • Pawned? NOT

          When did [i]OpenSolaris[/i] become a version of Linux?

          http://www.eweek.com/c/a/IT-Infrastructure/How-the-FAA-Is-Bringing-Its-Air-Traffic-Systems-into-the-21st-Century/1/

          eMJayy
          Reply Vote

        • Admin passwords stolen in 2006 and earlier. Unix implemented in 2006

          Windoze is at fault!!!
          InAction Man
          Reply Vote

      • You just missed another excellent oportunity

        to remain silent.

        On page 9 of the report you can read:

        <i>"These Web vulnerabilities occurred because (1) Web applications were not adequately configured to prevent unauthorized access and (2) Web application software with known vulnerabilities was not corrected in a timely manner by installing readily available security software patches released to the public by <b><u>software vendors</u></b>."</i>

        Is Linux a software vendor?
        InAction Man
        Reply Vote

        • And..

          "... was not corrected in a timely manner by installing readily available security software patches released to the public by software vendors."

          Just to drive the point home. Security updates had been published by the vendors but those had not been installed.
          vmaatta
          Reply Vote

  • The FAA won't even willingly report bird stikes!

    What makes any of us think the FAA is REALLY interested in security and safety?
    They have a track record of puting safety second to "smooth" commercial operations (you wouldn't suppose $$money$$ has anything to do with this?)!
    kd5auq
    Reply Vote

    • The answer to all our problems....

      Throw money at it, that will fix it. So this day in age, I would say hey worry about the money and the rest will follow. Looks like we have come real far as a human race. Money.. money.money....money.........money.
      OhTheHumanity
      Reply Vote

    • And yet flying is still the safest form of travel

      So I'm really not sure what your complaint is. Everything could be safer, but by far the safest way to travel is to fly. Walking down a sidewalk is more dangerous.
      LiquidLearner
      Reply Vote

      • Even ONE death due to FAA's foot dragging is one too many!

        Especially if you magically know it is going to be YOUR life lost due to stupidity, incompetence, or worse - greed!
        kd5auq
        Reply Vote

        • Maybe

          but considering the stupidity of other drivers has a far bigger impact on our lives than this I think maybe we're focusing too much in a relatively unimportant part. It's sort of like our reaction to the Swine Flu. No more deadly than the regular flu and yet it's treated like the black plague. Conficker is another good case of overreaction to one problem rather than focusing on the bigger picture.
          LiquidLearner
          Reply Vote

        • uh how does that work?

          How does greed lead to someone getting killed?
          No one is paying anyone to lose lives. If
          anything, greed would motivate air travel to
          become safer.
          AccesPublic
          Reply Vote

    • Dear kdSauq

      What makes YOU think that the FAA is NOT interested in security and safety.

      That is what they exist for!

      Do you know anything about aviation?
      elderlybloke
      Reply Vote

  • Why did they switch from reliable UNIX to $hitty Windows?

    That's the reason these got hacked - how may more
    Windows security breaches will we tolerate before we
    banish Windows to the scrap heap?
    itguy08
    Reply Vote

    • The did not. They switched to [b]Linux[/b]

      http://ultraviolet.org/blog-old/faa-migrates-to-linux-saves-big-money

      http://www.linuxinsider.com/story/LsB1h2Ftrztp7M/Red-Hat-Move-to-Linux-Saved-FAA-15-Million.xhtml?wlc=1241803203
      GuidingLight
      Reply Vote

      • Yeah....

        They saved $15 million because they stopped managing their systems with the proper techs it seems. Switching OS's is not were the savings is it is mostly with the cost of maintenance. Someone probably told them they could switch to linux and get rid of the techs. They probably lost the $15 million they saved in putting out the fires. Again, it makes you wonder?
        OhTheHumanity
        Reply Vote

      • Yeah, but Red Hat? That's just a windows wannabe..

        If they really wanted to do the job right, they
        would've moved to a real distribution... Red Hat
        is like the runt of the litter... purely designed
        new users, simplistic admin and those too stuck in
        winedows mode to move on to the real stability,
        security and performance Linux can provide such as
        from a customized Debian installation.
        L33tCh
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close