Slashdot Mirror

← Back to Stories (view on slashdot.org)

FAA Network Hacked

Posted by CmdrTaco on from the in-good-company dept.

coondoggie writes "The Federal Aviation Administration has joined the growing list of government agencies that have had their supposedly safe systems hacked. The agency this week notified about 45,000 employees that one of its servers was hacked into and employee personal identity information was stolen. The FAA was quick to say the server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system. It did say two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA's rolls as of the first week of February 2006."

26 of 110 comments (clear)

  1. Uhh Ohh! by Anonymous Coward · · Score: 5, Funny

    Hope they find that CIP device soon!

    1. Re:Uhh Ohh! by Bobfrankly1 · · Score: 4, Funny

      Slashdot is always behind the times...the CIP device was destroyed over a week ago....or if we still believe that events occur in real time, it was over an hour ago.

    2. Re:Uhh Ohh! by rob1980 · · Score: 3, Funny

      Ike Dubaku must have a backup somewhere. Maybe one of the leaks in the White House secured another one for him!

    3. Re:Uhh Ohh! by Praedon · · Score: 3, Funny

      Considering how outrageously corrupt the government is in the world of 24, there's no doubt in my mind a CIP replacement will be found.

      --
      Just me
    4. Re:Uhh Ohh! by edsousa · · Score: 2, Insightful

      Only in the world of 24? The representation of the governments made in 24 could be the most authentic ever made...

  2. Oh noes! by Anonymous Coward · · Score: 3, Funny

    Has the CIP device been recovered yet? Should we call in Jack Bauer?

  3. Re:24? by Anonymous Coward · · Score: 2, Funny

    Just make sure he gets a dd for the trip.

  4. Re:24? by yyr · · Score: 3, Informative

    Our top priority is recovering the CIP device!!

  5. They may have told the current employees... by Oswald · · Score: 5, Informative

    ...but they have said nothing to me or my wife or any of the other dozen people I know who are blissfully retired from that shit hole. Typical.

    1. Re:They may have told the current employees... by Oswald · · Score: 3, Interesting

      I think it's supposed to mean that the FAA is being run like a profit-seeking enterprise when its job is to make sure that actual profit-seeking enterprises (i.e. the airlines) have a safe environment to work in (and that they don't pinch so many pennies trying to eke out a profit that safety suffers). The union, in their usual drama-queen fashion, is trying to say that the FAA is being run on a shoestring by people who think it's their job to blow happy smoke up Congress's collective ass rather than tell them the truth.

      As for your first question, the place went from high-intensity, challenging, and interesting to flat-out miserable over the course of my career due to gross mismanagement by the government and the greed of controllers. I have never been so excited to start something as I was my ATC career, and never so happy to see something end (well, maybe my first marriage). I stayed for the retirement package.

  6. operation of the air traffic control system by captainpanic · · Score: 2, Interesting

    I'm assuming that the operation of the air traffic control system is not connected to the internet in ANY way at all?

    Some questions:
    1. Is being offline a guarantee for not being hacked? (How else than through the cable / wifi can you hack into a network)?
    2. Is the FAA indeed offline?

    1. Re:operation of the air traffic control system by cyberprophet · · Score: 2, Informative

      The FAA Air Traffic equipment is never connected to any of the administrative LANs, in fact by policy any computer that is going to be connected to operational equipment is not supposed to be used on a public network.

    2. Re:operation of the air traffic control system by Greyfox · · Score: 3, Funny

      The FAA network security is enforced through obscurity. To successfully hack it you have to be a retired COBOL programmer.

      --

      I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  7. Whatever by SatanicPuppy · · Score: 2, Interesting

    We know the air traffic control computers weren't hacked...There hardly are any, which is in itself a problem.

    But being sloppy with data is a bad sign in any organization. If you can't keep your secure data secure, then what other important things are you also letting slide?

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  8. Having worked at the USDOT.. by bleh-of-the-huns · · Score: 3, Interesting

    Of which the FAA is apart of, I can say, with absolute certainty, that like every other major entity, there are literally dozens and dozens of systems that are in no way connected to the ATC, or any other network for that matter. Yes they are networked, but so is every desktop and every camera, that does not mean they are not well isolated and secure from each other.

    FAA has well over 10k hosts (desktops, servers, etc etc), its unfortunate, but expected that many of those hosts are probably vulnerable to something. But at the same time, critical systems (ATC for example), are generally isolated from the basic FAA backbone, and on a closed network.

    --
    I came, I conquered, I coredumped
  9. Not found by UnixUnix · · Score: 4, Funny

    Windows cannot find Control Tower. Hit any key to continue.

    1. Re:Not found by causality · · Score: 2, Interesting

      Windows cannot find Control Tower. Hit any key to continue.

      "Where's the 'any' key?"

      Am I the only one who remembers the "ANY" stickers that were usually placed on the ENTER key and were specifically designed for (l)users who kept asking that question? When I first saw them, someone had to explain to me that yes it's a serious product, it's not a joke item or a gag gift. I think I looked at the world a bit differently after that.

      If I ever marvel at how even otherwise intelligent people sometimes shut down all common sense and ability to reason when they are in front of a computer, this is an example of what I'm talking about. That they wouldn't even consider whether "any" might be an adjective, or that the sentence should be written differently if it were intended to mean a key bearing the label of "ANY" just blows my mind.

      --
      It is a miracle that curiosity survives formal education. - Einstein
  10. Re:NOTE: This is NOT the ATC network by Arthur+Grumbine · · Score: 2, Interesting

    I've always wondered how often I can get modded informative for repeating a statement in the summary...maybe it's time for a broad experiment...

    1. Post a re-iteration of something in the summary
    2. Piss people off by getting modded "Informative"
    3. ???
    4. Profit!!

    --
    Now that I think about it, I'm pretty sure everything I just said is completely wrong.
  11. Re:NOTE: This is NOT the ATC network by rezalas · · Score: 2, Informative

    Where do you think big airlines get pilots from? Thats right, the private sector. Other than the military, the private sector is the only place you can rack up a few thousand hours needed to fly an air bus for morons like yourself.

  12. Here's the e-mail the FAA sent out to Employees by Anonymous Coward · · Score: 5, Informative

    Dear Colleagues: I want to alert you that the Cyber Security Management Center identified some unusual activity from an FAA administrative server last week. An investigation revealed that the server was breached by a hacker. Most of the 48 breached files were test files used for application development. Two of these files contained names and social security numbers. One of them contained information on more than 45,000 employees and retirees who were on FAA rolls as of the first week of February 2006. Medical information from the hacked files was encrypted and not identifiable. We are moving swiftly to identify short-term and long-term measures â" procedural and technological â" to prevent such incidents from recurring. All current and former employees who are affected will receive a letter shortly alerting them to this event. In addition, we are posting information in the form of FAQs on the employee and public web sites, and we will update that information, via the web and other channels, should the investigation reveal more information. We also are setting up a toll-free hotline to answer employee calls related to this event. We will continue our efforts to further protect our computer security systems and will keep you informed as the investigation continues. Lynne Osmus Acting FAA Administrator

  13. Re:NOTE: This is NOT the ATC network by radtea · · Score: 2, Insightful

    I'm sure that will be a great comfort to the people who are subject to identity theft because of this breach.

    --
    Blasphemy is a human right. Blasphemophobia kills.
  14. Congres made us safe :) by yl_mra · · Score: 2, Interesting

    Another illustration of how safe our government made the internet by making it a major crime to hack our networks. It used to be that we could find our way into networks and heckle the administrators. By the rules of the game, we let the admins know what we did and how. That was fun :) and kept our networks secure. Now, it can land you in prison. With all of this safety, how many of you know of middle school kids that got caught hacking into 'secure' systems within the past 10 years? What will happen if a hostile agency really wants to steal our data our bring us down?

  15. Re:24? by AndrewNeo · · Score: 2, Funny

    dd if=/dev/null of=/dev/bauer?

  16. Re:NOTE: This is NOT the ATC network by StikyPad · · Score: 2, Funny

    Pfft.. they should be pulling new pilots from the pool of Flight Sim junkies. Pick me!!! I have a 5-piece controller setup, including the flight stick, a throttle with 4 separate levers, rudder pedals (and NOT those shitty Mad Katz ones repurposed from some arcade driving game), plus a helmet, an FAA certified Aviation Pilot Headset that I use with Ventrilo. I've got a 17 monitor setup, and an actual working ejection seat! I'm SO READY!!! Just let me disconnect my five-point harrrrr........

    --
    https://www.eff.org/https-everywhere
  17. Re:NOTE: This is NOT the ATC network by DrLang21 · · Score: 2, Insightful

    How is it anymore absurd and excessive than a private boat? SUVs are more excessive than a private Cessna since you drive the SUV everywhere, whereas most private pilots fly for a couple hours a week or even less often. Are you seriously trying poke at the fuel consumption of private aviation? I don't have any numbers to go on here, but from the pilots I know, and the inefficient use of cars that I see (including my own), private aviation has nothing on the excessive fuel consumption of private vehicles. As it is, the cost of fuel has grounded a lot of private pilots (as well as historical aircraft associations who can no longer afford to fly their fuel hogging aircraft for your education). If you want to make an argument that they're all part of the air pollution problem, that's fine. But there are lots of people in your own back yard who are far bigger contributors to that problem than private aviation.

    --
    I see the glass as full with a FoS of 2.
  18. Re:Hacked? Or Cracked? by ShinmaWa · · Score: 3, Insightful

    Oh get off your 133tist high-horse.

    You know, or should know at any rate, that language changes over time. The correct definition of a word is the one that people actually understand. Like it or not, when people say "hacked" in this context, people understand that it means "illicitly and illegally accessing a computer system". I understand that, everyone else understands that, and therefore -- like it or not -- it is now the definition of the word.

    When are YOU ever going to get that the definition has evolved and changed? YOU are the one clinging to a deprecated and archaic definition of the word that only a very small percentage of the population knows, and an even smaller percentage actually cares about.

    P.S. Same goes for "piracy".

    --
    The /. Effect: Thousands of users simultaneously accessing a site to not read its content.