Report: US air-traffic control systems hacked
Summary
Topics
In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.
Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency's mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming "insiders," according to the report dated Monday.
Then, taking advantage of interconnected networks, hackers later stole an administrator's password in Oklahoma, installed "malicious codes" with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.
And in 2006, a virus spread to the air traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.
The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.
"In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations," the report concluded.
This article was originally posted on CNET News.
Talkback Most Recent of 92 Talkback(s)
-
Why does....
The FAA need to have these systems linked to a public facing system? Couldn't they use private networks and segment this stuff from the internet? I just don't understand why there needs to be a connection. I would just like someone to explain that to me.
OhTheHumanity8th May 2009 -
I was asuming 24 or Die Hard
Even SS numbers should be in a database encrypted. They should be easily viewable. AES encryption requires a coded word to decrypt any AES encryption. So the time that they had would not be enough to decrypt the SS#. One layer of security is not enough, you need internal monitoring and levels.
Maarek Stele8th May 2009 -
Hmmmm, now, which OS gets viruses?
Why was a virus-prone OS used for ATC?
whisperycat8th May 2009 -
I agree
http://www.theinquirer.net/inquirer/news/1008257/faa-switches-air-traffic-control-to-linux
But It does not matter what Operating system they use, it all comes down to
http://www.cioinsight.com/c/a/Past-News/Report-Air-Traffic-Systems-Wide-Open-to-Hacker-Attacks/
GuidingLight8th May 2009 -
LOL
pwned!
Hallowed are the Ori8th May 2009 -
Pawned? NOT
When did OpenSolaris become a version of Linux?
http://www.eweek.com/c/a/IT-Infrastructure/How-the-FAA-Is-Bringing-Its-Air-Traffic-Systems-into-the-21st-Century/1/
eMJayy8th May 2009 -
Admin passwords stolen in 2006 and earlier. Unix implemented in 2006
Windoze is at fault!!!
InAction Man9th May 2009 -
You just missed another excellent oportunity
to remain silent.
On page 9 of the report you can read:
"These Web vulnerabilities occurred because (1) Web applications were not adequately configured to prevent unauthorized access and (2) Web application software with known vulnerabilities was not corrected in a timely manner by installing readily available security software patches released to the public by software vendors ."
Is Linux a software vendor?InAction Man9th May 2009 -
And..
"... was not corrected in a timely manner by installing readily available security software patches released to the public by software vendors."
Just to drive the point home. Security updates had been published by the vendors but those had not been installed.
vmaatta11th May 2009 -
The FAA won't even willingly report bird stikes!
What makes any of us think the FAA is REALLY interested in security and safety?
They have a track record of puting safety second to "smooth" commercial operations (you wouldn't suppose $$money$$ has anything to do with this?)!
kd5auq8th May 2009 -
The answer to all our problems....
Throw money at it, that will fix it. So this day in age, I would say hey worry about the money and the rest will follow. Looks like we have come real far as a human race. Money.. money.money....money.........money.OhTheHumanity8th May 2009 -
And yet flying is still the safest form of travel
So I'm really not sure what your complaint is. Everything could be safer, but by far the safest way to travel is to fly. Walking down a sidewalk is more dangerous.
LiquidLearner8th May 2009 -
Even ONE death due to FAA's foot dragging is one too many!
Especially if you magically know it is going to be YOUR life lost due to stupidity, incompetence, or worse - greed!kd5auq8th May 2009 -
Maybe
but considering the stupidity of other drivers has a far bigger impact on our lives than this I think maybe we're focusing too much in a relatively unimportant part. It's sort of like our reaction to the Swine Flu. No more deadly than the regular flu and yet it's treated like the black plague. Conficker is another good case of overreaction to one problem rather than focusing on the bigger picture.LiquidLearner9th May 2009 -
uh how does that work?
How does greed lead to someone getting killed?
No one is paying anyone to lose lives. If
anything, greed would motivate air travel to
become safer.
AccesPublic10th May 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
