Hackers breach US air traffic control computers

May 08, 2009
The seal of the Federal Aviation Adminstration (FAA). Hackers broke into US air traffic control computers on several occasions over the past few years and increased reliance on Web applications and commercial software has made networks more vulnerable, according to a government audit.

Hackers broke into US air traffic control computers on several occasions over the past few years and increased reliance on Web applications and commercial software has made networks more vulnerable, according to a government audit.

Among the breaches was an attack on a (FAA) computer in February 2009 in which hackers gained access to personal information on 48,000 current and former FAA employees, the report said.

In 2006, it said, a viral attack on the Internet spread and forced the FAA to shut down some of its (ATC) systems in Alaska.

The audit was conducted by an assistant inspector general in the US Transportation Department and released this week. A copy of the report was obtained by Internet news agency CNET and posted online.

"The need to protect ATC systems from cyber attacks requires enhanced attention because the (FAA) has increasingly turned toward the use of commercial software and Internet Protocol-based technologies to modernize ATC systems," the report said.

It said the use of commercial software and Web applications may increase efficiency but "inevitably poses a higher security risk to ATC systems than when they were developed primarily with proprietary software."

Software vulnerabilities were "especially worrisome at a time when the nation is facing increased threats from sophisticated nation-state sponsored cyber attacks," the report said.

"By exploiting these vulnerabilities, the public could gain unauthorized access to information stored on Web application computers," it said.

"In addition, these vulnerabilities could allow attackers to compromise FAA user computers by injecting malicious code onto the computers," it said.

The report said a test identified 763 "high-risk" vulnerabilities which could provide an attacker with immediate access into a computer system and allow them, for example, to execute remote commands.

The Wall Street Journal said an FAA spokeswoman, Laura Brown, had rejected some of the report's conclusions, including the extent of the 2006 breach that led to the partial ATC shutdown in Alaska.

(c) 2009 AFP

Explore further: Startups offer banking for smartphone users

add to favorites email to friend print save as pdf

Related Stories

Audit: Air traffic systems vulnerable to attack

May 06, 2009

(AP) -- The nation's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months allowing hackers access to personnel records and network servers, according to a new ...

Security gurus see even harsher browser attacks for '07

Jan 31, 2007

Another year, another round of sneaky online attacks. IBM security experts anticipate 2007 will see more sophisticated profit-motivated cyber attacks, including more focus on Web browsers as well as advances in image-based ...

Hackers grabbed more than 285M records in 2008

Apr 15, 2009

(AP) -- Hackers made off with at least 285 million electronic records in 2008, more than in the four previous years combined, according to a new study that shows identity thieves are getting better at exploiting careless ...

Recommended for you

Startups offer banking for smartphone users

Aug 30, 2014

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

WEF unveils 'crowdsourcing' push on how to run the Web

Aug 28, 2014

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

docknowledge
not rated yet May 09, 2009
They can't switch the FAA over to proprietary software -- that would strike at the Internet's basic, underlying commercial purpose!