Slashdot Mirror
FAA Network Hacked
coondoggie writes "The Federal Aviation Administration has joined the growing list of government agencies that have had their supposedly safe systems hacked. The agency this week notified about 45,000 employees that one of its servers was hacked into and employee personal identity information was stolen.
The FAA was quick to say the server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system. It did say two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA's rolls as of the first week of February 2006."
Hope they find that CIP device soon!
Arghhh... Call Jack Bauer!!!!
Has the CIP device been recovered yet? Should we call in Jack Bauer?
...but they have said nothing to me or my wife or any of the other dozen people I know who are blissfully retired from that shit hole. Typical.
I'm assuming that the operation of the air traffic control system is not connected to the internet in ANY way at all?
Some questions:
1. Is being offline a guarantee for not being hacked? (How else than through the cable / wifi can you hack into a network)?
2. Is the FAA indeed offline?
Someone should ask the FAA how they managed to get an entire network (see: article title) onto one server (see: article summary). Was it a server, or a single work station? A server can dispense data, but dispensing data does not make it a server. Servers tend to act as the dispenser for data bearing machines, no?
What's the matter, wouldn't an article that said "One FAA Computer Hacked - Employee Data Stolen" be sexy enough? Probably not. The title as is misleads people into wondering if the ATC network was implicated.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
We know the air traffic control computers weren't hacked...There hardly are any, which is in itself a problem.
But being sloppy with data is a bad sign in any organization. If you can't keep your secure data secure, then what other important things are you also letting slide?
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Of which the FAA is apart of, I can say, with absolute certainty, that like every other major entity, there are literally dozens and dozens of systems that are in no way connected to the ATC, or any other network for that matter. Yes they are networked, but so is every desktop and every camera, that does not mean they are not well isolated and secure from each other.
FAA has well over 10k hosts (desktops, servers, etc etc), its unfortunate, but expected that many of those hosts are probably vulnerable to something. But at the same time, critical systems (ATC for example), are generally isolated from the basic FAA backbone, and on a closed network.
I came, I conquered, I coredumped
Windows cannot find Control Tower. Hit any key to continue.
Thanks Bill - enjoy your retirement.
you had me at #!
I've always wondered how often I can get modded informative for repeating a statement in the summary...maybe it's time for a broad experiment...
1. Post a re-iteration of something in the summary
2. Piss people off by getting modded "Informative"
3. ???
4. Profit!!
Now that I think about it, I'm pretty sure everything I just said is completely wrong.
Opps. There goes the doorbell.
The Feds use the doorbell? I thought they used a needle and a gunnysack?
I work for the Department of Redundancy Department.
It's intereresting that people feel it necessary to point things out that are actually in the summary:
"The FAA was quick to say the server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system."
I mean, we'fre not supposed to read TFA, but c'mon, the summary!?
Still, you actually got modded 'informative' for it, so I guess the mods don't read the summary either...so, good call!
Indeed. But how careful have they been maintaining the office network and are there any known/unknown access points INTO the ATC network that they're not telling us about?
Security is about a way of thinking as well as deploying tech to seal up things. As often as not, someone did something "convenient" for themselves or others and did something that weakened or completely compromised the security somewhere.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Where do you think big airlines get pilots from? Thats right, the private sector. Other than the military, the private sector is the only place you can rack up a few thousand hours needed to fly an air bus for morons like yourself.
Yes, but if they delete the memo that says "DON'T CRASH THE PLANES!" then the planes could crash...
Dear Colleagues: I want to alert you that the Cyber Security Management Center identified some unusual activity from an FAA administrative server last week. An investigation revealed that the server was breached by a hacker. Most of the 48 breached files were test files used for application development. Two of these files contained names and social security numbers. One of them contained information on more than 45,000 employees and retirees who were on FAA rolls as of the first week of February 2006. Medical information from the hacked files was encrypted and not identifiable. We are moving swiftly to identify short-term and long-term measures â" procedural and technological â" to prevent such incidents from recurring. All current and former employees who are affected will receive a letter shortly alerting them to this event. In addition, we are posting information in the form of FAQs on the employee and public web sites, and we will update that information, via the web and other channels, should the investigation reveal more information. We also are setting up a toll-free hotline to answer employee calls related to this event. We will continue our efforts to further protect our computer security systems and will keep you informed as the investigation continues. Lynne Osmus Acting FAA Administrator
I'm sure that will be a great comfort to the people who are subject to identity theft because of this breach.
Blasphemy is a human right. Blasphemophobia kills.
Another illustration of how safe our government made the internet by making it a major crime to hack our networks. It used to be that we could find our way into networks and heckle the administrators. By the rules of the game, we let the admins know what we did and how. That was fun :) and kept our networks secure. Now, it can land you in prison. With all of this safety, how many of you know of middle school kids that got caught hacking into 'secure' systems within the past 10 years? What will happen if a hostile agency really wants to steal our data our bring us down?
I really should get off my butt and get those glasses/contacts like I keep saying I will. For a second there I thought some foreign entity discovered our method of raising young kids to be farmers and how to determine if your cow had been eating from onion patches by merely drinking the milk the cow produces.
Vote for Pedro!
"Quote me as saying I was mis-quoted." -Groucho Marx
The most noise pollution I have ever witnessed from private pilots is from helicopters. The skies are safest they have been since the advent of airplanes, with even more planes in the sky. If you're having noise pollution problems, it's probably from one big headed jockey, and you should take it up with him. Those numbers on the side of the plane are equivalent to a license plate. Get a set of binoculars, write down the numbers, take a video of him being an ass hat, and submit a complaint to the FAA. Trust me, the FAA is a real pain in the ass for pilots to deal with.
I see the glass as full with a FoS of 2.
In my opinion, Idle and the new metamod system are evidence that they had a good thing going and just had to keep fucking with it, like they couldn't resist.
As if resistance was futile?
Pfft.. they should be pulling new pilots from the pool of Flight Sim junkies. Pick me!!! I have a 5-piece controller setup, including the flight stick, a throttle with 4 separate levers, rudder pedals (and NOT those shitty Mad Katz ones repurposed from some arcade driving game), plus a helmet, an FAA certified Aviation Pilot Headset that I use with Ventrilo. I've got a 17 monitor setup, and an actual working ejection seat! I'm SO READY!!! Just let me disconnect my five-point harrrrr........
https://www.eff.org/https-everywhere
How is it anymore absurd and excessive than a private boat? SUVs are more excessive than a private Cessna since you drive the SUV everywhere, whereas most private pilots fly for a couple hours a week or even less often. Are you seriously trying poke at the fuel consumption of private aviation? I don't have any numbers to go on here, but from the pilots I know, and the inefficient use of cars that I see (including my own), private aviation has nothing on the excessive fuel consumption of private vehicles. As it is, the cost of fuel has grounded a lot of private pilots (as well as historical aircraft associations who can no longer afford to fly their fuel hogging aircraft for your education). If you want to make an argument that they're all part of the air pollution problem, that's fine. But there are lots of people in your own back yard who are far bigger contributors to that problem than private aviation.
I see the glass as full with a FoS of 2.
You don't own the sky above your land. And you are just greedy and want a handout, don't pretend to be concerned about "environmental pollution".
Oh get off your 133tist high-horse.
You know, or should know at any rate, that language changes over time. The correct definition of a word is the one that people actually understand. Like it or not, when people say "hacked" in this context, people understand that it means "illicitly and illegally accessing a computer system". I understand that, everyone else understands that, and therefore -- like it or not -- it is now the definition of the word.
When are YOU ever going to get that the definition has evolved and changed? YOU are the one clinging to a deprecated and archaic definition of the word that only a very small percentage of the population knows, and an even smaller percentage actually cares about.
P.S. Same goes for "piracy".
The
This is why we need to move to the new secure NextGen satellite based ATC that AOPA and the other corporate jet jockeys are fighting against.
No one wants it because it is too expensive and provides little to no value. There are already better solutions available. Which is exactly what AOPA is pushing.
And using your own words to make you look like an even bigger idiot, this article isn't about securing ATC. The article is about the FAA. The FAA does a lot more than ATC.
Made worse, you're completely uninformed. The majority of GA pilots are not "rich corporate fatcats".
If you are truly interested in "SAFE skies", make the FAA do their job by allowing safer technologies into planes by allowing competition for certified technology, rather than getting in bed with airlines and working hard to get out from under Congress' oversight while still unable to account for millions and millions of dollars. The only thing holding back safer skies is the FAA.
Hmmm...looking at your post again, it is pretty clear you didn't have anything of value, or even correct information, to add to the subject.
And in case you missed it, you need to read this reply again so you completely understand why you're completely ignorant on everything you posted about. I guess it is easy to see why you posted anonymously.
The movie "Hackers" had the wrong title?
This is on the same day Microsoft announced you could take control of an Exchange server by sending an email to it?
You don't own the sky above your land.
Well, not all of it... but some of it, you do.
Don't you wish your girlfriend was a geek like me?
That the word "hacker" had a more specific meaning that it has now lost is not really Newspeak because it arose out of the general public's apathy towards these issues and not, to my knowledge, out of any sort of propaganda effort. The word "conversative" is a good example of real Newspeak. The only unfortunate side-effect is that there was a distinction between someone who has strong interests and talents relating to technology versus someone who has a strong interest in attacking other people's systems. The result is that to many people, there can be an assumption that anyone who is technologically highly skilled must be using (or must have used) that skill in a harmful way because that's all they hear about in the media. "Honest security researcher maintains systems that haven't been successfully attacked" doesn't exactly make headlines. That the knowledge required to fully understand security issues and effectively safeguard systems is quite similar to the knowledge that could be abused to do harm does not help matters.
This is the sort of thing that sounds like mere semantics and doesn't seem to matter until politicians start getting interested in regulating their country's use of the Internet. Public perception is very important to politicians; it is often more important to them than unbiased fact. Look at Germany, which has outlawed many security-related tools that can be used to legitimately secure systems. It's silly to think that this will have any real effect on the black hats because they have already demonstrated a willingness to break the law. What this will do is hamstring legitimate security professionals and will cause them to be less equipped than their opponents. It also carries the message that "you are not to be trusted" and is generally a step away from the free exchange of ideas. I submit that this could not have been possible without the public perception that "hackers" are all a bunch of criminals.
I think the word "hacker" has changed and that it's pointless and counterproductive to try to wind back the clock so I am definitely not disagreeing with you. I just think more emphasis needs to be placed on the positive uses of this sort of knowledge or else we risk following Germany's example. It's just the sort of thing that doesn't seem to matter until it bites you in the ass, so to speak.
I agree here, too. I don't think the semantics surrounding copyright infringement are worth debating except for when the claim is made that copyright infringement is the same thing as stealing, which it is not. Stealing is a criminal offense and it deprives the rightful owner of his or her property. Copyright infringement is generally a civil tort and does not deprive the rightful owner of the work that was infringed, but only of the exclusive right to distribute copies of that work. Equating the two is intellectually dishonest and so the distinction is worth making.
It is a miracle that curiosity survives formal education. - Einstein
Why would anyone want to hack FAAngband ?