Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security United States

Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues To Fly (vice.com) 67

A woman allegedly hacked into the systems of a flight training school in Florida to delete and tamper with information related to the school's airplanes. In some cases, planes that previously had maintenance issues had been "cleared" to fly, according to a police report. The hack, according to the school's CEO, could have put pilots in danger. From a report: Lauren Lide, a 26-year-old who used to work for the Melbourne Flight Training school, resigned from her position of Flight Operations Manager at the end of November of 2019, after the company fired her father. Months later, she allegedly hacked into the systems of her former company, deleting and changing records, in an apparent attempt to get back at her former employer, according to court records obtained by Motherboard. The news of her arrest was first reported by local TV station News Channel 8.

Derek Fallon, the CEO of Melbourne Flight Training called the police on January 17, 2020, and reported that five days before, he logged onto his account for Flight Circle, an app his company uses to manage and keep track of its airplanes, and found that there was missing information. Fallon found that someone had removed records related to planes with maintenance issues and reminders of inspections had all been deleted, "meaning aircraft which may have been unsafe to fly were purposely made 'airworthy,'" according to a document written by a Melbourne Airport Police officer.

This discussion has been archived. No new comments can be posted.

Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues To Fly

Comments Filter:
  • Still have paper logbooks for maintenance?? I thought it was mandatory?

    • They will have paperwork on maintenance that was completed. The issue is scheduled maintenance that was not done. As I recall, a flight school has to perform annual and 100 hour inspections per FAA rules. These inspections are no small thing, usually with lots of things that need to be repaired or replaced because they are time limited,
    • They still need and use the log books. But, they keep the schedules, reminders, and status in the computer. She deleted schedules, reminders, and changed the status of planes that were scheduled for maintenance or in for service. They look up the status in the computer before checking out a plane so by changing the status, it would be possible for a plane that is in for maintenance could be checked out, flown, and crash because of her actions.
      • Comment removed (Score:5, Insightful)

        by account_deleted ( 4530225 ) on Tuesday October 12, 2021 @04:01PM (#61885441)
        Comment removed based on user account deletion
        • I'm not trying to justify what this woman did, but it looks to me like her aim was to cause chaos, not to cause actual deaths. Pilots would have taken the planes out, gotten ready to fly them, and then found they couldn't, and the mismatch between what the computer said and what the paperwork said would have resulted in several days of exasperation, followed by a shutdown while the company rebuilds its computer records.

          Doesn't it depend on what exactly the maintenance was? The pilot inspection doesn't go terribly far into depth which what was fixed with what was ailing a plane. If something deep in an engine or obscure part of a plane isn't visible in a walk-around, they can't see it. There has to be some level of trust.

          What she (allegedly) did was pretty egregious. I wonder what the punishment will be, because what she (allegedly) did has an impact far beyond just that one place. It erodes confidence. It begs the ques

          • What she (allegedly) did was pretty egregious. I wonder what the punishment will be, because what she (allegedly) did has an impact far beyond just that one place. It erodes confidence. It begs the question of who are these places hiring?

            People who don't say on their resume that their sociopaths.

            • What she (allegedly) did was pretty egregious. I wonder what the punishment will be, because what she (allegedly) did has an impact far beyond just that one place. It erodes confidence. It begs the question of who are these places hiring?

              People who don't say on their resume that their sociopaths.

              Surely. Hopefully they do background checks though.

        • by tlhIngan ( 30335 )

          My recollection from at one point looking into flying lessons is that this isn't how it's supposed to work. The computer may say "Take plane #3, it's available!", but the pilot is supposed to inspect the plane and examine the log book before actually flying it, regardless of what the computer said.

          I'm not trying to justify what this woman did, but it looks to me like her aim was to cause chaos, not to cause actual deaths. Pilots would have taken the planes out, gotten ready to fly them, and then found they

        • A preflight check is not going to catch an intermittent failure or a component past its service life, both of which would be in the records.

        • by ebvwfbw ( 864834 )

          No. She deleted aircraft squawks. Pilot complaints about the aircraft. This is a problem that another pilot found with the plane and needs to be addressed. Often a problem removes the plane from being airworthy. Even something as minor as the fuel gauge not working can ground an airplane (the FSDO can give you a pass to fly it back for maintenance). It can be as major as cracks forming, something breaking in flight and so on. Things you wouldn't necessarily notice upon inspection. The pilot is not a mechani

      • An aircraft in for maintenance could not be checked out, flown, and crashed, because if you read the article, she deleted:
        The entire schedule and blocked out all the instructors and pilots for the next day
        The aircraft information for all 12 planes including make, model, and tail number
        Maintenance reminders
        Squawks (pilot reported maintenance problems with the airplanes)

        She did not remove aircraft maintenance records, only the reminders and the current pilot reported problems. On the planes which could not be

        • It's still a felony unlawful access of a computer system for 10 years of federal prison, even if all she did was to change the system Message of the Day to "Boss is a wanker, carry on."
    • Yes. Paper logs are mandatory. The online information is handy, but the information in the paper logs is definitive: when I sign my plane's journey log I'm signing a legal document. Going through a plane's logs to confirm when various maintenance is due (e.g. prop inspection, ELT certification) can be a chore on a plane that flies a lot.

      This is also why a plane without logs is worth very little. All time-limited parts must be replaced or otherwise certified before the plane can fly again.

      ...laura

      • by Faldgan ( 13738 )

        Unfortunately that's not fully correct. There is no requirement for paper maintenance records. There are requirements for signatures but those can be digital.

  • From the article
    "...would likely have had to come from an employee with Melbourne Flight Training with 'administrator rights..."

    didn't hack shit... can't let that get in the way of a bullshit headline...

    • by Anonymous Coward

      You don't own or control the english language. People have been using 'hacked' to mean 'unauthorized access' for a long time. Get over it.

      • From the article "...would likely have had to come from an employee with Melbourne Flight Training with 'administrator rights..."

        didn't hack shit... can't let that get in the way of a bullshit headline...

        Of course not. These editors apparently gave themselves quota on posting at least one "ebil haxx0rz!!!1!" headline a day. So if it's a slow news day they just have to call "using a working credential" "hacking".

        You won't learn what is hacking from slashdot. But you can look at EditorDavid, msmash, and BeauHD their "hacking" headlines to learn what it is not. Just like you can look at their "summaries" to learn what summaries are not. Similar rules to Betteridge's law of headlines.

        You don't own or control the English language. People have been using 'hacked' to mean 'unauthorized access' for a long time. Get over it.

        Those people don't contro

    • It's unclear how she allegedly obtained his password.

      She obtained authorized access to the administrator account. Maybe it was social engineering. Maybe she guessed his password. Maybe she found a flaw in the security. Regardless, it was some form of a hack.

      • by Amezick ( 102131 )

        Heck, maybe they didn't change passwords after she left....

        • Re: (Score:2, Informative)

          by Anonymous Coward

          This is probably the answer. She used the old credentials for her role (Flight Operations Manager) which weren't changed between November 2019 when she left and January 2020 when the police were called.

      • Or maybe she had the password when she was employed, and they did not change it when she left.
      • It's unclear how she allegedly obtained his password.

        She obtained authorized access to the administrator account. Maybe it was social engineering. Maybe she guessed his password.

        None of those are "hacking". The use of the word "hacking" in this story is just lame clickbait.

    • If I guess the password to your email account is that hacking or something else? Sure she didn't "hack" their system by sending malware or gaining access through some software flaw. Sounds like the flaw was human error. Either social engineering or she just knew the admin password from being an employee with lax or non-existent security protocols in place. Sounds like a small company and they probably don't employee an IT person at all. The small handful of employees they have most likely have way more
      • If I guess the password to your email account is that hacking or something else?

        If you use a random password generator to guess the password is that hacking?

        • by sjames ( 1099 )

          Yes. It's very lame hacking but it is technically hacking.

          • So a mentally generated random password (a lucky guess) could also be hacking by loose usage of agreed upon terms. Pointless to get stuck on that point when the article is not written from a domain specific news source.

            • by sjames ( 1099 )

              You seem to be mistaking me for someone who cares. All I did was agree that using a brute force attack on a password would (barely) qualify as hacking.

              In fact, using research and applied psychology to guess right first try would be more impressive. Getting the password through social engineering would also show more skill than brute forcing.

      • Yes, brute force attempts to gain root access are a kind of hacking.

    • It's hard to argue that this wasn't a hack job, if they found out...
    • by sjames ( 1099 )

      Yep, she made unauthorized use of credentials that should have been revoked when she was terminated.

  • I guess the instructors and students were to blame for her father's firing.
  • Isn't hacking getting into systems that you don't have the credentials to get into? Seems like she had access that was never revoked when she left.

    • No. There is the technical angle, and there is the legal angle. The company may also have been negligent not to remove access, but employment contracts typically state that access to any system is legally revoked after termination of employment.

      No company should ever rely on the threat of law to keep former employees in line, but the law makes it clear that her access is legally revoked regardless of actual access.
      • TIL. Thanks

      • by vux984 ( 928602 )

        Nevertheless, while illegal, you aren't "hacking" by any reasonable use of the word. Unauthorized use of credentials, misuse of property, digital tresspass... whatever... but 'hacking' (in the modern 'cracking' sense requires a 'breach'... not simply using your old still working keys.

        Just as we don't call you a "safecracker" if you get fired from Wendy's and then sneak into the back room and empty the safe on your way out because they haven't changed the combination yet. A burglar sure, a criminal, very mu

      • Where the company could face liability is if someone were injured or killed because proper maintenance wasn't done. At that point, both the company and the person who accessed the system without authorization would be codefendants, and almost certainly a court would find the company partially liable for the injury or death. But that's civil law. From a criminal standpoint, if she gained unauthorized access to the system (even if by using her old credentials), she could be found guilty.

  • by Sitnalta ( 1051230 ) on Tuesday October 12, 2021 @03:47PM (#61885377)

    While digital maintenance databases are important (mainly for archiving), there is always paper master that has to get physically signed off before the plane can fly. That paper master is then entered into the database when the job is complete.

    So "clearing the airplane to fly" in the computer would have done absolutely nothing. The mechanic doesn't care what the computer says, it's only a way of bookkeeping and tracking preventive mx.

    • I wouldn't be so sure. At the very least it would screw up scheduling for Students who'd log into the system and book time in an Aircraft that were in reality unavailable.

      However, if the system was relied upon for squawks including one's that should completely ground the plane. This could result in an aircraft taking to the ski when it wasn't airworthy or in the worst case truly unsafe. So if say the airplane was grounded until checked/repaired but the keys were returned to the pool at dispatch. Dispatch
    • In a perfect world.

      Pilots have been known to fly into the ground because of a single broken altimeter. If a pilot is willing to angle downwards for 30 minutes because the altimeter says he is climbing, he is willing to take a plane out flying because the computer says maintenance was done on it.

      This reminds me of when my construction crew built the wrong building after the office sent 2 blueprints and one of them was outdated, but we did not know that.

  • Maybe she can get their planes back in the air.

  • "aircraft which may have been unsafe to fly were purposely made 'airworthy,'"

    The plane not airworthy but the pilot spongeworthy?
    Imagine the loss.

  • She should be crushed as an example and locked up for life. There is no redemption but her punishment can at least be exemplary and give what remains of her life a bit of value.

    The US is a strange place where victimless crimes are punished cruelly but victimful crimes often punished lightly.

    • Locked for life? Maybe a bit harsh. But maybe attempted manslaughter or attempted homicide? Yeah. This is a bit like cutting the brake lines on the car of someone youre mad at. This person needs to be locked in a box for a while. This simply cant be tolerated. Very malicious, and very physically dangerous.

      As for what you said about the US in general We’re actually slowly but surely moving away from victimless crimes. When I was a kid, getting caught with weed was probably jail time, and dont get
  • To be fair she was just booking her son. Little Bobby Drop Tables.

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...