Hackers Attacked FAA’s ATC Systems Several Times in Recent Past

A report sent to the US FAA (Federal Aviation Administration) in the 2nd week of May 2009 reveals that computer hackers have invaded the FAA's mission-support systems that control the air traffic across the country several times in recent years.

The report states that last year (2008), hackers gained access to the sensitive network servers of FAA that could have led to their shutdown, which in turn could have severely hampered the mission-support network of FAA. The attackers also compromised FAA PCs in Alaska; thus, behaving like 'insiders.'

Subsequently, the perpetrators, by using their access to the interconnected networks, captured the password of an administrator in Oklahoma, which helped them to install malware. This malware facilitated in hijacking the domain controller of the agency within the Western-Pacific region. Due to the control on the domain of the agency, they were able to access over 40,000 FAA usernames, passwords along with other information that was used to regulate part of the systems for mission-support, the report stated.

During 2006, a PC worm was disseminated to the ATC (Air Traffic Control) systems that compelled FAA to suspend its services in Alaska.

In February 2009, hackers also took over a public-facing PC of FAA with which they accessed the Social Security numbers belonging to 48,000 existing and non-existing employees of FAA.

Meanwhile, according to an audit by the US Department of Transportation, the ATC systems continue to be in great danger of security breaches because of their connections to unprotected Web applications run by the aviation authorities across the country.

Besides, penetration examiners discovered 763 high-risk security flaws within 70 Web applications that are used to distribute radio wave communications to pilots as well as controllers of the public along with other applications employed for running the ATC systems.

Security experts state that a high-risk flaw is one that allows attackers to compromise a PC, alter its settings, and steal data.

In the meantime, examiners further discovered 504 medium-risk security flaws like weak passwords and 2,590 low-risk flaws like unprotected folders containing critical files.

Thus, security specialists have warned that FAA should take quick and effective action otherwise its ATC systems could meet with an even dangerous attacks.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 5/15/2009