Announcement

Collapse
No announcement yet.

FAA hacked... repeatedly

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FAA hacked... repeatedly

    http://news.cnet.com/8301-1009_3-10236028-83.html

    Yeah, that's pretty jacked
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: FAA hacked... repeatedly

    I read about this...

    I'm wondering if it stands as much as the power grids being hacked. 'Cause from what I'm told, they weren't.
    Saving the world one computer at a time...

    or possibly destroying, I haven't figured that out yet.

    Comment


    • #3
      Re: FAA hacked... repeatedly

      This is another report where bad reporting is going to cause people to over react. The actual air traffic control network is not connected to the internet at the moment. While they are working on making the network IP enabled, currently there is no link to the internet. The TRACON's and such are all linked via an old network from the 1960s that's been slightly upgraded (imagine racks of IBM PS/2 terminals with modems stuffed in them). The new IP based network is using dedicated network runs and only uses the internet for site to site tunneling. Even if someone were to get on the network, and if they were able to forge an alert, that's only the flight strip information on a plane. The real data is all local to the center, fed from the local radar dishes. If they were to DoS the link, all it takes is a phone call. Remember, this data used to be transmitted over dedicated phone lines using modems. The amount of planes transferring from zone to zone is so small, you don't need massive amounts of data transfer....

      What they're talking about is access to the organization's office network. Most of whats on that network is just emails about where everyone is going that night. These reporters tend to be really good recently at causing hype by neglecting to mention key facts...
      afterburn

      Comment


      • #4
        Re: FAA hacked... repeatedly

        Originally posted by afterburn188 View Post
        This is another report where bad reporting is going to cause people to over react. The actual air traffic control network is not connected to the internet at the moment. While they are working on making the network IP enabled, currently there is no link to the internet. The TRACON's and such are all linked via an old network from the 1960s that's been slightly upgraded (imagine racks of IBM PS/2 terminals with modems stuffed in them). The new IP based network is using dedicated network runs and only uses the internet for site to site tunneling. Even if someone were to get on the network, and if they were able to forge an alert, that's only the flight strip information on a plane. The real data is all local to the center, fed from the local radar dishes. If they were to DoS the link, all it takes is a phone call. Remember, this data used to be transmitted over dedicated phone lines using modems. The amount of planes transferring from zone to zone is so small, you don't need massive amounts of data transfer....

        What they're talking about is access to the organization's office network. Most of whats on that network is just emails about where everyone is going that night. These reporters tend to be really good recently at causing hype by neglecting to mention key facts...

        You mean you can't take control and fly the plane from the seat back terminals? (rolls eyes) Dam I was so looking forward to entertaining myself with some 1g barrel rolls on the way to Defcon this year.

        xor

        Actually a little irrational earth person hysteria mite be good for Infosec. Budgets go up, more jobs get created, better standards and accounting; security comes from the back burner to the front. You are no longer the little paranoid computer guy you are the wise IT Sage. This enables you to consolidate your power, crush the vexing naysayer competition, and get the corner office with the door.
        Last edited by xor; May 10, 2009, 11:52.
        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

        Comment


        • #5
          Re: FAA hacked... repeatedly

          Originally posted by xor View Post

          Actually a little irrational earth person hysteria mite be good for Infosec. Budgets go up, more jobs get created, better standards and accounting; security comes from the back burner to the front. You are no longer the little paranoid computer guy you are the wise IT Sage. This enables you to consolidate your power, crush the vexing naysayer competition, and get the corner office with the door.
          Yes, I agree with this, but look at what happened in the late 90's with this idea when Y2k was threatening to end the world as we know it. The MSCE mills were pushing out useless people who expected to make $120k/y just for having a piece of paper with their name on it.

          I would hope that the IT managers of today are smarter than they were, but I doubt it highly.
          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

          Comment


          • #6
            Re: FAA hacked... repeatedly

            Sure, more money for infosec is great and yes there are some serious issues that need to be tackled. I just don't think creating hysteria so that people throw money at it is the greatest solution. What I fear is someone coming in, collecting the money, and going "yeah sure i've got this covered. it's secure now, you betcha!" while they do 1/10th of the job that should be done. Let's make it so that every user has to have an ultrasecure password and then not spend time securing the server. A whole lot of good that did you right there. Then the next time a concern arises about a security issue (like that pesky server not being secure) the bureaucrats in charge will say "well we already paid for it to be secured in fiscal year XXXX, it's secure, they told us so." Then what? This idea that security can be taken care of in large spikes is what I think is wrong. In my opinion, security is something that evolves over time, and is constantly changing. If you're in the mindset that a giant influx of resources once ever X number of years will solve all your problems, it seems to be just asking for trouble during those in between years. It's like saying "i'm only going to patch my system once a year, when I pay a lot of money to have some guy come in and do them all for me"

            Reports and stories like this are what cause these hysteria's and this mentality that security is only something you take care of in spurts. Sure maybe the nation needs this kick in the butt to get our act together. Then again this just feels like the swine flu situation to me. People are instructed to do things that you should do on a day to day basis such as wash your hands, cover your mouth, and don't go into public if you're sick. Then again what would I know? I'm just some silly person at a university that was recently quarantined, shut down, and cleansed like raccoon city....at least that's what twitter told me happened.
            afterburn

            Comment


            • #7
              Re: FAA hacked... repeatedly

              Originally posted by afterburn188 View Post

              Reports and stories like this are what cause these hysteria's and this mentality that security is only something you take care of in spurts. Sure maybe the nation needs this kick in the butt to get our act together. Then again this just feels like the swine flu situation to me. People are instructed to do things that you should do on a day to day basis such as wash your hands, cover your mouth, and don't go into public if you're sick. Then again what would I know? I'm just some silly person at a university that was recently quarantined, shut down, and cleansed like raccoon city....at least that's what twitter told me happened.
              Much like love, concern for IT security seems to come in spurts. At least it does for the bureaucrats. I think that if IT professionals were just left alone without bureaucrats getting involved we'd have everything taken care of.

              I do think that there's a lot of fearmongering going on right now, I have my own theories as to why it's happening, but they are beyond the accepted scope of the Defcon forum.
              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

              Comment

              Working...
              X