Infosecurity

Hackers breach US air traffic system

By Alice Kok | 12 May 2009

According to a government audit, hackers broke into the air traffic control computers of the US Federal Aviation Administration (FAA) several times in recent years.

View photos

Related Categories

• INFOSECURITY

From this Section

• NEWS

Among the breaches was an attack on a FAA public-facing computer in February 2009 in which hackers gained access to personally identifiable information, such as social security numbers, on 48,000 current and former FAA employees.

The report said, last year, hackers took control of FAA critical network servers and were in a position to shut them down—a step that could have seriously disrupted the agency’s mission-support network.

The audit was conducted by an Assistant Inspector General in the US Transportation Department and released last week.

Last year again, hackers took over FAA computers in Alaska to effectively become agency “insiders”. Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed malicious codes with the stolen password and compromised the FAA domain controller in the Western Pacific Region—giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network.

The nature of one 2006 attack is a matter of dispute between the Inspector General and the FAA. The report said the attack spread from administration networks to air-traffic control systems, forcing the FAA to shut down a portion of its traffic control systems in Alaska. The FAA, however, claims it affected only the local administrative system that provides flight and weather data to pilots, primarily of small aircraft.

The report warned that attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed.

It stated that breaches were possible because web applications that support the air traffic control system operations were not properly secured against unauthorised access, and network intrusion-detection software is not adequately being used to monitor and detect cyber attacks.