Hackers Broke Into FAA Air Traffic Control Systems

PL/SQL Guy writes "Hackers have repeatedly broken into the air traffic control mission-support systems of the US Federal Aviation Administration, according to an Inspector General report sent to the FAA this week, and the FAA's increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said. Intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities. In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, 'including critical incidents in which hackers may have taken over control' of operations computers, the report said."

I guess this is what happens

[Anonymous Coward]

when 4chan goes down for a week. Seems that keeping that site running is a matter of national security!

Someone call Jack Bauer

[Anonymous Coward]

They have the CIP device.

Question

[grassy_knoll]

Why are critical systems not protected by a one inch air gap between the NIC and cable from remote exploit?

Seems like from TFA [cnet.com] they're not:

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

Well that would explain

[mandark1967]

Why my last 4 flights arrived on time.

Obligatory

[plaxion]

"Where do you want to go today?"

Yup

[mkcmkc]

I'm not sure it gets much worse than this. I guess the local nuke plant could install a "whack-a-rod" live webcam game and secure it with DMCA technology...

Re:Question

[dangle]

Posting to delete accidental mod "funny" instead of "informative." I've only had one drink, sorry.

No, use IBM's SNA . . .

[PolygamousRanchKid]

. . . it's proprietary, so no one, not even IBM, understands how it works.

The script kiddies will have to learn JCL. Have fun, you little rotten bastards!

And even if they manage to break into a machine, they will be confronted with z/OS ISPF . . . can they get their tn3270 sessions to work? Hee, hee! Find your PA1 key!

The best choice for a truly secure system, is to use some weird shit, that nobody else wants to use. And thus, there are not a lot of folks hacking about trying to poke holes in it.

Wait for a script kiddie post, on how to use nmap to probe for ports on LU6.2.

Re:Someone call Jack Bauer

[Anonymous Coward]

I hadn't heard the guy ran Mac.