Boeing Hit By WannaCry Virus, Fears It Could Cripple Some Jet Production (seattletimes.com) 122
An anonymous reader quotes a report from The Seattle Times: Boeing was hit Wednesday by the WannaCry computer virus, raising fears within the company that it could cripple some vital airplane production equipment. Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out an alarming memo calling for "All hands on deck." "It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down," VanderWel wrote, adding that he's concerned the virus will hit equipment used in functional tests of airplanes ready to roll out and potentially "spread to airplane software." Indicating widespread alarm within the company at the potential impact, VanderWel said the attack required "a battery-like response," a reference to the 787 in-flight battery fires in 2013 that grounded the world's fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix.
Re: Analogous to Big Ag... (Score:2)
Re: (Score:1)
You seem very certain.
How is it you know those things are true?
Computer virus? (Score:5, Insightful)
No sir. It is not a computer virus.
It is -once again, a Microsoft Windows virus.
Call things by their names.
Wanna Cry may turn into Wanna Fall Down (Score:1)
No sir. It is not a computer virus.
It is -once again, a Microsoft Windows virus.
Call things by their names.
Boeing got hit by Wanna Cry
Would that make their planes Wanna Fall Down From The Sky ??
NSA (Score:3, Insightful)
Thanks again, NSA! Glad you had our backs...
Re: (Score:2)
Re:NSA (Score:5, Interesting)
NSA isn't the only one to blame, Microsoft knew about the exploits that were going to be released when the NSA lost their data and chose to only patch some of the malware that the NSA had held onto, only after ShadowBrokers released WannaCry in the wild did they release the emergency fixes. They released a patch for XP about 2 months after WannaCry went public.
Microsoft deliberately held back patches and fixes for Windows for god knows how long because it benefited the NSA.
Re: (Score:3)
Re: NSA; wrong (Score:2)
Re: (Score:2)
And what OS are they running?
Unless this is a new version of WannaCry, they probably aren't running XP. It ran fine on Win7 but did not get onto any of our (less common) XP systems.
If we had avoided "up"grading to shinier operating systems, would we have entirely missed out on the fun last may?
Not Enough Time (Score:5, Insightful)
Hey you business types who moan about not enough time to test updates and that it takes away from software projects that will generate income?
Pay attention.
[John]
Re: (Score:3, Informative)
Until it becomes less profitable to outsource risk, don't expect much to change.
Still waiting for those equifax execs to be thrown in jail.
Re: (Score:2)
Re: (Score:3)
To continue in the same style - also maybe us IT-types could actually disable SMBv1 one day in our networks so this crap wouldn't happen. It's been deprecated for couple of decades now.
Re: (Score:2)
who moan about not enough time to test updates
There's not enough time, and then there's this. It was over 6 months already.
Should have used (Score:5, Insightful)
Use a real OS that has real security for real work.
Re:Should have used (Score:4, Insightful)
What makes you think any other desktop OS would be less vulnerably to ransomware? Security through obscurity perhaps.
Let's say they were running Linux. The infection vector is usually a browser exploit or email attachment. Linux does nothing extra to prevent the user from executing code that Windows doesn't also do. Then the malware is running, and has access to the user's file, and any other files that the user has access to on the network. Again, Linux does nothing extra to prevent this.
The virus spreads via exploits stolen from the NSA. Even assuming they are not zero-day and a patch is available, it's up to the organization to install that patch. If they were not installing Windows patches, why would they be installing Linux patches?
No, the problem is not the OS. The problem is the IT staff not locking the system down properly. Just switching OS would not help them.
Re:Should have used (Score:4, Insightful)
I doubt they are reading emails on a machine controlling a piece of machinery - these things are generally on a special "technical network" that cannot reach the internet directly. AFAIK these are true remote exploits, not user intervention needed. So yes, it is the OS's fault, and you are off target by blaming the user.
Re: (Score:2)
Okay, it's a remote exploit through a network connection. Again, how would a different OS help other than security through obscurity? Other operating systems are not magically bug-free.
In fact, we say ransomware on MacOS. And that industrial control software they are using, why would the Linux version be any more secure than the Windows version? We have seen infections via application updates before, including people infiltrating open source repos and replacing packages with trojaned ones.
The way to secure
Re: (Score:2)
> At the very least, put them on a separate secure network
Aka. "Technical network". At least that's what it is called where I work. And yes, we do run (mainly) Linux for our controls stuff.
> Again, how would a different OS help other than security through obscurity? Other operating systems are not magically bug-free.
Sure, they are not, but putting them on a separate network, and avoiding using the operating system that has holes so large that you can fly a 747 through them generally helps.
> We ha
Re: (Score:1)
First: Qubes OS. https://www.qubes-os.org/ [qubes-os.org]
Second: Regardless of IT staffs' intention, management makes the final decision to let the systems be locked down. In many cases, they don't.
Re: (Score:2)
Re:They use windows on planes! (Score:5, Interesting)
I can't believe they removed the F8 safe mode function from Windows 10. Now you need to be in Windows to tell it to reboot in safe mode. Good job there. What if your install is fucked and won't boot?
Re: (Score:3)
Re:They use windows on planes! (Score:4, Informative)
What if your install is fucked and won't boot?
After 3 failures to boot to the desktop windows will automatically trigger the startup repair program where among other options you can attempt to boot into various forms of safe mode.
If you for some reason can't get there (i.e. your computer boots to desktop and then somehow cleanly reboots preventing Windows from triggering the startup repair) you can do it manually from the recovery partition, USB or Windows 10 install media, or just go all out brute force and hit the reset button 3 times while the windows logo comes up to trigger 3 boot failures.
As to why they don't do it, that much is obvious. Windows no longer goes through a proper boot process anymore unless you either a) manually reboot using the start menu, or b) install a windows update. After all booting is a big waste of time in the eyes of MS, as is giving the user 3 seconds to hit F8. On my desktop those 3 seconds make up the vast majority of the boot time.
And no shutting down windows and then turning the power on is not a proper reboot anymore. That puts windows into some kind of half state which is how they dramatically cut down the boot time.
Re:They use windows on planes! (Score:5, Interesting)
No. But they do use it on manufacturing equipment now. I was there when they got hit with the Code Red virus. Fortunately, in 2001 they were running Solaris, HP-UX and Linux on the shop floor. When management came running out in a panic about possible effects on production, we told them, "No problem. We don't run Windows."
Management's response was, "Why aren't we running Windows?" I guess now they'll find out.
Re: (Score:2)
Linux was *NOT* the only alternative. Not even the most secure alternative. Just the most actively developed.
Other alternatives are the various BSDs. They existed then and were stable then. I'm not really sure about the differences between them, or whether they are more significant than the differences between the various Linux distros.
Re: (Score:3)
Its a sad fact that many niche apps like CAD and so on are written for Windows. Yes you can get a CAD program for Linux but it has to meet the requirements and *nix OSs have lagged far behind in applications which have efficient workflow the features needed for many situations. Linux is fine if you need a word processor but when you get into large, specialized technical apps falls behind.
Re: (Score:3)
Believe it or not, you can get a command and file compatible alternative to AutoCAD on Linux now called BricsCAD. Haven't tried it on Linux, but have on OSX and Windows.
Re: (Score:2)
Re:They use windows on planes! (Score:5, Interesting)
applications which have efficient workflow the features needed for many situations
Interesting. Because it was the 'efficient workflow features' that we had to build on UNIX systems at Boeing which were simply unavailable on Windows systems. CATIA started out running on UNIX (AIX and Solaris at Boeing) and was finally ported to Windows NT when the Microsoft fanbois cried hard enough. The backend 'workflow management' was never ported to a Windows platform during my time there. We just couldn't buy enough NT servers that would handle the load a Sun system could handle.
Data integrity was (and still appears to be) a problem for Windows systems. We had a requirement to keep people from modifying datasets not a part of their scheduled workflow. The NT folks could never figure out how to implement that. And more than a decade later, this is fundamentally what the WannaCry virus does. Windows just isn't ready for enterprise use yet.
Re: (Score:2)
Because it was the 'efficient workflow features' that we had to build
So you built something yourself? You and the GP are talking about two different things.
Re: (Score:2)
So you built something yourself?
Of course. Business rules have to be set up and workflows have to be defined.
Re: (Score:3)
Business rules have to be set up and workflows have to be defined
Again you and the GP talked about two different things. The GP talked about pre-defined software based workflows to suit the business. You're talking about designing a business workflow then custom making software to suit.
It may sound like splitting hairs, but it will be precisely that hair which fundamentally changes the procurement process. Also many industries in general are overwhelmingly moving to the process described by the GP as they learn that their own defined business workflows are often either n
Re: (Score:2)
their own defined business workflows are often either not the most efficient, or require so much bespoke software that it costs them a lot of money to maintain that workflow.
That might work for a plumbing repair business. But I don't think there is an item in the pull down menu to select the "commercial aircraft manufacturing" workflow. And it doesn't really cost that much if you start out with a flexible tool set. Compared to having some consultants from a Windows shop "waste the better part of last year" trying to sell you their canned solution.
The biggest part of any process re-engineering is to sit down with the customer, identify their processes and the inefficiencies the
Re: (Score:2)
However, I thought the data integrity requirements you mention were largely resolved by Teamcenter.
Re: (Score:2)
resolved by Teamcenter
I'm not sure. They were looking at a lot of different products to implement DCAC/MRM when I left. This may have been one of them.
Their problems were that whatever tool suite they tried to implement on top of an NT infrastructure, it was pretty easy to go in 'underneath' the apps and fiddle with the data. And this is probably what leads to stuff like WannaCry. Once one system in a domain is cracked, it seems to be pretty easy to get into pretty much anything else.
Re: (Score:2)
Why Windows NT Server 4.0 continues to exist in the enterprise would be a topic appropriate for an investigative report in the field of psychology or marketing, not an article on information technology. Technically, Windows NT Server 4.0 is no match for any UNIX operating system, not even the non-commercial BSDs or Linux.
http://linux.math.tifr.res.in/... [tifr.res.in]
Re: (Score:2)
I bet wannacry will never hit an Antanov.
Yeah. But Boeing will never have to run down to Radio Shack to test vacuum tubes.
Re: (Score:3)
Antonov is Ukrainian FYI.
And given the sorry state of their aircraft production (the overwhelming majority of An-148s was built in Russia, not in the Ukraine) the only Antonov computers that could get hit by WannaCry would be the laptop of the managing director and the workstation of his typist.
Re: (Score:2)
No argument about your second sentence - I have witnessed that myself. Worst country in Europe.
Re: They use windows on planes! (Score:2)
Back-ups... Back-ups... Back-ups... (Score:4, Insightful)
This is why my back-up drives aren't connected to my computer 24-7. When I finish backing up stuff, I disconnect the drive(s).
Come on people, you gotta be smarter than this by now.
Re: (Score:3)
Also if it doesn't need to be connected, do not connect it. If scanned sneaker net from one secured location to another secured location is good enough because it only happens once a week, not every second, that use scanned sneaker net, a lot more expensive per transaction maybe like an extra $10,000 over a year but the alternative hundreds of millions of dollars lost, makes that $10,000 look like nothing. Wireless quick easy, stupidly insecure. Wired not so quick not so easy but a lot more secure. Sneaker
Re: (Score:3)
This is why my back-up drives aren't connected to my computer 24-7. When I finish backing up stuff, I disconnect the drive(s).
Come on people, you gotta be smarter than this by now.
No where do they say they lost data. Just that they were worried about being crippled. You're crippled too while you're slowly recovering your backups rather than getting actual work done.
Re: (Score:2)
Also, they last longer. :)
Re: (Score:2)
Supporting Windows was to be cheaper as everyone can use Windows.
A really powerful firewall would always protect Windows.
Windows would have the easy to use GUI software aircraft workers crave.
Re: (Score:1)
Its a sad fact that many niche apps like CAD and so on are written for Windows. Yes you can get a CAD program for Linux but tends to pale in comparison, it has to meet the requirements and *nix OSs have lagged far behind in applications which have efficient workflow the features needed for many situations. Linux is fine if you need a word processor but when you get into large, specialized technical apps falls behind.
Re:Wanna die? (Score:5, Insightful)
In what universe is an entire national medical system not the "wrong person?" If there was any way of getting at ransomware scammers, we would have deployed it by now.
https://www.telegraph.co.uk/ne... [telegraph.co.uk]
Re: (Score:3)
Re: (Score:2)
Organized crime reach into normal society is pretty overrated. Seriously... I dare them toaksj alkj;a kalwwwwwwwwwwwwwwwwwwww
Re: (Score:1)
... I dare them toaksj alkj;a kalwwwwwwwwwwwwwwwwwwww
"Sorry, squire! I scratched the record!"
Re: (Score:2)
Organized mobsters use the same hospitals as everyone else...
Re: (Score:2)
One of these days this virus is going to hit the wrong person and the authors are all going to wind up dead.
They did. One of the groups hit by the attack last spring was the FSB. They used to employ Vladimir Putin when they went by the name KGB. I can't think of a worse target.
Or perhaps they are now "under new management" after the old management all stopped having functioning nervous systems!
What a difference 2 days makes (Score:5, Interesting)
I'm very interested to hear what Boeing vice president Phil Musser has to say about this event given his reported comment just 2 days ago [seattletimes.com] in response to the closure of the Russian consulate in Seattle 'that the company has “rigorous IT and security protocols.”'.
Re:What a difference 2 days makes (Score:4, Interesting)
Probably very little given TFA said it took them half a day to contain and caused zero production loss as a result. Frankly that is quite a phenomenal IT response given how many companies were cut off at the knees for a whole week at a time.
Boeing probably forgot ... (Score:3)
Not your grandpa's Boeing (Score:5, Interesting)
Boeing used to be one of the world's most competent corporations.
Then they merged with McDonnellDouglas. They absorbed the McD defense products, and then the morons in the board room replaced a bunch of Boeing's old management structures with the McD people. The McD teams used to outsource more stuff, whereas the old Boeing people used to do stuff more in-house. This came to a head with the 787 program which ended up over budget and behind schedule in large part because Boeing, which used to do everything inhouse, was under the new management oursourcing parts all over the planet and bringing the parts into the Boeing facilities for final assy - a tactic the McD guys were used to but the boeing people and systems were not. The results were entirely predictable to anybody without an MBA degree.
The idea that the new & reckless Boeing management was running their internal systems on the super-crappy Windows operating system is both predictable and sad. These clowns should not be trusted with national security projects - they probably store all their stuff unencrypted in the cloud and run their Windows machines unpatched and without antivirus protections and hardware firewalls.
This is the company that has been charging billions of dollars per year for nearly a decade to convert a shuttle external tank into a 1st stage booster - which they MIGHT be able to fly manned 20 years after the design started. Incidentally, the SLS design was specifically chosen to re-use shuttle heritage hardware, including engines and engine plumbing stripped directly from working orbiters, in order to accellerate development time and save money [sigh]. While Musk at SpaceX has been moving to re-usable rockets, Boeing is actually regressing to throwing away expensive reusable shuttle engines on each SLS launch!
Same company that has been studying blended-wing-body airframes for 20+ years without builing a single manned example. The old Boeing could design a readically new aircraft and get a test article onto a flight line in MONTHS.
This virus incident is just the most-recent evidence that the federal government was completely incompetent when they allowed Boeing to absorb North American aviation, Rockwell International's aerospace division, Bell helicopter, McDonnellDouglas (itself a merger of McDonnell Aircraft, Douglas Aircraft, Convair and Consolidated) and others. Huge bloated incompetent defense contractors lose all interest in being efficient and competent as they become hooked on cost-plus government contracts combined with lack of competition resulting from the absorption of most or all competitors.
Re:Not your grandpa's Boeing (Score:4, Interesting)
The ONLY "Saving grace" for Boeing might be that they might be able to show that the systems hit with Wannacry are not covered under any DoD contract; ie not used for anything DoD related. However, it's also my opinion that ANYTHING relating to our "national aviation infrastructure" SHOULD be, at a minimum, 800-171 compliant; as should anything relating to electrical utilities, water and sewage, and medical.
If we actually "go to war", the USA is totally fucked on this front. I fully expect any transition to a "hot war" with, say North Korea, will immediately result in most of the electrical grid shorting out / shutting down, entire city networks being corrupted, and anything with a PC being pwned within 24 hours. We, as a country, are as about prepared for "modern warfare" as the Native Americans were to meeting the Europeans and their diseases.
Re: (Score:2)
'Cyberwarfare' is nearly the ultimate asymmetrical warfare scenario. It takes relatively insignificant effort to inflict massive, possibly fatal, harm on an opponent.
And it's universally true. You think the US is uniquely unable to attack foes in this manner? Or to mask such an attack, deflecting blame?
Truth is, MAD worked to mitigate the threat of nuclear war for decades. A similar protocol will be needed to prevent all-out cyberwar, which would be nearly as damaging the nuclear war, for everyone.
It's a s
Re: (Score:2)
You think the US is uniquely unable to attack foes in this manner?
Russian security services use typewriters [theguardian.com].
Re: (Score:2)
immediately result in most of the electrical grid shorting out / shutting down
I'm not worried. Our local power company put their first power plant on line in 1898. And they haven't changed much since then.
Re: (Score:2)
How come Airbus manages the distributed manufacturing just fine then? Boeing simply grew fat and lazy on defence contracts and reiterating the 707, that's all.
Re: (Score:2)
Because Airbus is run by socialist communist european aristocrats, thats why!
Should have patched (Score:5, Insightful)
Re: (Score:2)
We had a story when I worked there: A CS consultant was giving an embedded systems class to a bunch of Boeing engineers. He started the first day off by asking, "If you were on a Boeing plane taking off and you suddenly realized that your group was responsible for the avionics software, how many of you would be concerned?" Everyone raised their hands except for one lady sitting in the front row. So the instructor asked her why she wasn't worried. "If my department wrote the software, the plane wouldn't even
Which Defense Systems Failed? (Score:1)
Unlike so many the succumb to ransomware, I expect that Boeing had good defenses - practices and systems - in place to defend against ransomware and intrusion. It's possible or even probable that they had the best systems in place
Ransomware has been my biggest security fear for the last couple of years and defending against ransomware and the possibility of infection has been my biggest spend as well as time-sink for the past couple of years. The idea of a department or the entire company being infected sc
Re: (Score:3)
I expect that Boeing had good defenses
You owe me a new keyboard. And a coffee refill.
Dead? (Score:2)
Re: (Score:3)
There are (at least) two parts to WannaCry: The transport mechanism, based on the NSA's EternalBlue [wikipedia.org] exploit. And the payload, which does the privilege escalation and file encryption stuff. The 'kill switch' was a domain name that, when resolved by the transport mechanism, would stop it from spreading or deploying its payload on the current host.
Several different domain names appeared in the WannaCry virus, probably as its creators tried to circumvent the kill switch fix. It's possible that someone got hold
I miss sysadmin work less and less (Score:2)
First thing that comes to mind; the multiple layers of backups and images needed to assure recovery from these events. In a dynamic manufacturing environment, I would want stackable images, possibly hourly delta backups, maybe even run things in VMs with on-and off-line redundancy. I would be diving my VMware rep insane with demands to port the images into KVM or virtualbox, and always at the lowest possible version to permit restoration despite underlying OS or environmental changes... Data separation to a
Re: (Score:2)
No different than any Fortune 100/500 company, such as Intel, GE, Ford, any national bank, any number of organizations. 'Locking them down' doesn't bring them to a standstill. As if they are not 'locked down' now, for if not, they were pwned a few years ago. Totally.
'Locked down' is dog whistle for "I can't do whatever I want on the company laptop oh noes pimpage". Yeah. It's not even yours. Be happy you've got a job you can do from your mom's basement. My home office has a real window that shows me sunligh
Re: I miss sysadmin work less and less (Score:2)
Yeah, Deepak will just reach across the pond and toggle the power to the DNS server.