Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberattack Grounds Planes In Poland

Posted by Soulskill on from the upgrade-your-ICE dept.

itwbennett writes: While the alleged hacking of in-flight systems has been much discussed recently, "there are many more areas of vulnerability to address in the aviation industry," says Tim Erlin of security firm Tripwire. "Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems." Case in point: LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw's Chopin airport on Sunday after hackers attacked its ground computer systems.

40 comments

  1. That's enough! by Anonymous Coward · · Score: 4, Funny

    No more general purpose computers for the public! Appliances are enough for the ordinary citizens. We also need a programmers' register so that anyone developing software may be audited at any moment. Possession of programming tools without authorization must be punished with a 10 years sentence at a minimum. No debate.

    1. Re:That's enough! by Anonymous Coward · · Score: 0

      how about we just make it a crime punishable by 20 years for any IT professional to hook sensitive computers to the internet.

    2. Re:That's enough! by Anonymous Coward · · Score: 0

      You forgot to preface your statement with "We will not let this attack affect our way of life." I'm always amazed when "they" say that and then go on to talk about new rules/laws doing exactly this effect.

    3. Re:That's enough! by Anonymous Coward · · Score: 1

      When I suggest real engineer certification for programmers writing public facing code and that all PHP "programmers" face life in prison, I get modded a troll.

    4. Re:That's enough! by bobbied · · Score: 4, Insightful

      how about we just make it a crime punishable by 20 years for any IT professional to hook sensitive computers to the internet.

      Even if the PHB makes you do it?

      In my experience, it's not the IT guy that is responsible, it's the PHB who doesn't understand the risks, doesn't take the IT guy's advice or provide the necessary resources to do the job safely, they just want it done NOW!

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    5. Re: That's enough! by Anonymous Coward · · Score: 0

      Not the OP but I'd say "they" are right: the laws they make do not affect THEIR way of life.

    6. Re:That's enough! by Rich0 · · Score: 3, Interesting

      I'm not saying it is the right solution, but in many areas the individual is responsible.

      If an airline tells a pilot to fly more than the legal number of hours in a week or they're fired, the pilot still loses his license if he complies. Of course, if they instead call the local regulator I suspect the airline will get a nasty visit from an inspector.

      Engineers are legally liable if they sign off on an unsound building, regardless of the instructions of their employer.

      The EU requires an EU citizen to sign off on the quality of imports of stuff like medical devices and if there is a problem they can go to jail. It is their responsibility to ensure that whoever they're working with is getting audited to ensure they are in compliance.

      So, there are many areas of the economy where safety is critical and the solution is to make a particular individual personally criminally liable. It forces the buck to stop somewhere. That person is supposed to get a lot of clout with the regulators as well when they feel they're pressured to cut corners.

    7. Re:That's enough! by Jack+Griffin · · Score: 1

      how about we just make it a crime punishable by 20 years for any IT professional to hook sensitive computers to the internet.

      Even if the PHB makes you do it?

      In my experience, it's not the IT guy that is responsible, it's the PHB who doesn't understand the risks, doesn't take the IT guy's advice or provide the necessary resources to do the job safely, they just want it done NOW!

      So resign. Nuremberg gave us pretty clear rules around this type of thing.
      When laws were introduced to make Directors down to IT Managers personally liable for corporate piracy (corporate product like Office, not user's downloading MP3s), not surprisingly, the PHBs started listening to their Sysadmins.
      And we already have similar laws in the payments world with PCI-DSS, so I can't see why a similar incentive wouldn't have a similar impact.

    8. Re:That's enough! by bobbied · · Score: 1

      Easy to say, hard to do. What about the wife and kids? Who's going to make the mortgage payment?

      Look, many times these things are a question of "acceptable" and "unacceptable" risk. If the PHB says he's willing to accept the risk, even after I've explained it to him, then he gets what he wants within the bounds of the law and ethics. He signs my paycheck and he calls the shots. I suggest you come up with options for the PHB that are solutions to his problem though.

      Of course, if you object on moral grounds, you are working at the wrong place and should start looking for another job now. You do what you are told, but leave ASAP. If you object on legal grounds, do it in writing, and if you are overruled in writing, run, don't walk, run. But I'll guarantee you, 99.999% of the time it won't come to that.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    9. Re:That's enough! by Jack+Griffin · · Score: 1

      Easy to say, hard to do. What about the wife and kids? Who's going to make the mortgage payment?

      The end result is the same. If you work somewhere that has such questionable ethics that it is likely to cause massive financial or personal harm to someone, then your mortgage isn't safe anyway. I know not everyone has the luxury of leaving, but it's something I've done, and always try to keep myself in a position to have that choice.

    10. Re:That's enough! by bobbied · · Score: 1

      In my experience (for what it's worth) it is usually plainly obvious that you are working at a place that doesn't share your morals and ethics long before you get into a situation where it's quit or agree to do something unethical. It's hard sometimes though to just up and jump ship, depending on the job market and your personal situation. My advice is to start looking around once it's obvious, because if they do unethical things to others, they will do them to you. You may not be able to leave right now, but do PLAN to leave as soon as you can.

      I've had to quit but one job for this kind of thing. I did it with no place to go, a wife 9 months pregnant a local job market that looked as bleak as I can imagine. It wasn't easy at the time, but it clearly was the right thing to do in hindsight. I just wish I had planned ahead and had another option on the table before I got forced into jumping. So I understand why it's sometimes necessary to hold your nose and do what you are told, and I don't begrudge the IT worker for choosing to stay.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  2. Be careful by Anonymous Coward · · Score: 0

    You're 35000 feet in the air going 500 mph, dodging lighting bolts and surrounded by red hot fuel burning. Of course there's a risk.

    1. Re:Be careful by orlanz · · Score: 2

      The only thing safer is an elevator :)

    2. Re:Be careful by MobileTatsu-NJG · · Score: 1

      You're 35000 feet in the air going 500 mph, dodging lighting bolts and surrounded by red hot fuel burning. Of course there's a risk.

      So when you cross the street you don't bother looking at the stoplight.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  3. Soviet-era edit by xxxJonBoyxxx · · Score: 4, Funny

    >> Cyberattack Grounds Planes In Poland

    I'm old enough to have skimmed that as: "Cyberattack Grounds Poland's Plane"

  4. Misleading headlines by Anonymous Coward · · Score: 1

    Stop with the overhype, it grounded *some* planes when you were clearing trying to insinuate the whole of Poland was unable to fly. This site loses so much credibility when the editors can't be professional and prefer a few extra clicks..

  5. Poland by zlives · · Score: 5, Insightful

    probably should declare war on terrorism or just fire the guy who tripped over the switch's power cord, causing network loss... yes this statement has the same veracity without details.

    1. Re:Poland by candl · · Score: 2

      I'm with you. I'm not saying they weren't hacked. I'm just saying it's a lot easier to say you were hacked from an unknown source than it is to admit you allowed someone to monkey with the live reservation system.

  6. Dodging lightning bolts? by xxxJonBoyxxx · · Score: 2

    >> dodging lighting bolts

    Hmmm...since every commercial airliner receives a lightning strike, on average, once a year, I'm not sure there's much "dodging" going on.
    http://flightsafety.org/aerosa...

    1. Re:Dodging lightning bolts? by KGIII · · Score: 1

      He did not say that they successfully dodged them every time. Sheesh...

      --
      "So long and thanks for all the fish."
  7. Winged cavalry at calvary. by Anonymous Coward · · Score: 1

    The attack probably came from Russia, because Poland is the only one who stands up for the Ukraine's freedom and points out how the Budapest Memorandum was ravaged by the Man-Bear-Putin, aided and abetted by Free World cowardice.

    The polish are arming themselves to teeth, because they know Russia and Germany would be happy to partition Poland's lands. The russians are not even trying to hide this intent, while the germans are more discreet about their desire to mend the Odera-Neisse border. Those two barbaric nations will share Siberian hydrocarbon wealth over Poland's carcass.

    1. Re:Winged cavalry at calvary. by xxxJonBoyxxx · · Score: 2, Funny

      >> The polish are arming themselves to teeth

      Q: How do you stop a Polish army on horseback?
      A: Turn off the carousel.

    2. Re:Winged cavalry at calvary. by Anonymous Coward · · Score: 0

      Lets put the adversaries on that carousel as well so that both parties can gloat about how their enemies always flee from them.

    3. Re:Winged cavalry at calvary. by PopeRatzo · · Score: 1

      I understand that one of the problems with landing the planes manually was that the Polish pilots kept coming to the end of the runway before they could land. One exclaimed, "Why do they make these damned runways 50 times wider than they are long?"

      --
      You are welcome on my lawn.
    4. Re:Winged cavalry at calvary. by Anonymous Coward · · Score: 0

      The polish are arming themselves to teeth, ...

      Note to the Polish- tooth-mounted rockets are a very bad idea.

      In fact, almost all tooth-mounted weapons systems are a very bad idea.

      Although they do leave you with a deadly smile...

    5. Re:Winged cavalry at calvary. by Anonymous Coward · · Score: 0

      Actually Polish pilots are pretty good at landing manually:

      https://en.wikipedia.org/wiki/...

    6. Re:Winged cavalry at calvary. by KGIII · · Score: 1

      Hey, it is not racism if it is said in jest or if the parties are white...

      Actually, see the history of the Polish fighting on behalf of the UK with the RAF during WWII. But, I digress...

      Sorry, I know of no (in)appropriate Polish jokes to tell. Something something submarines. Something something seagulls over Poland something... Pretty funny, eh?

      --
      "So long and thanks for all the fish."
    7. Re:Winged cavalry at calvary. by PopeRatzo · · Score: 1

      Hey, it is not racism if it is said in jest or if the parties are white...

      I agree.

      The sociological definition of racism requires "culturally sanctioned beliefs, which, regardless of intentions involved, defend the advantages whites have because of the subordinated position of racial minorities".

      Sorry, I know of no (in)appropriate Polish jokes to tell. Something something submarines. Something something seagulls over Poland something... Pretty funny, eh?

      Could be better, but don't stop trying.

      --
      You are welcome on my lawn.
    8. Re:Winged cavalry at calvary. by KGIII · · Score: 1

      Now you have me wondering what the real sociological definition is. I still do not have any good jokes to share.

      --
      "So long and thanks for all the fish."
  8. Further proof that security comes 3rd by Ravaldy · · Score: 2

    In my experience the following is the order of priority:
    - Cost
    - Delivery Date
    - Security.

    Security isn't a concern until it is.

  9. And the ones already in the air? by fustakrakich · · Score: 1

    They were stuck up there all day!

    --
    “He’s not deformed, he’s just drunk!”
  10. Microsoft Windows malware grounds planes in Poland by Anonymous Coward · · Score: 0

    Lemme guess, it was some Microsoft Windows 'cyber' malware

  11. DDoS prevented submitting flight plans. by Moskit · · Score: 3, Informative

    Based on rumours so far it seems that:
    - the attack was not infiltration but DDoS,
    - it prevented transmitting flight plans to European authorities,
    - without submitting flight plan it is not allowed to take off on formal basis. Nothing technical.

    Still unclear on which part of the system got knocked out, as we would suppose some good dedicated link for submitting of flight plan information from airline.

  12. First attack of its kind? by nickweller · · Score: 1

    first attack of its kind” “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry” ref

    "United Airlines Flights Grounded Over Flight Plan Hacking"

    1. Re:First attack of its kind? by Anonymous Coward · · Score: 0

      yes windows 3.1.1 is the best

  13. pr00f derez haxx0rz in de plaenz by Anonymous Coward · · Score: 0

    or maybe we could figure out what is really going on?

    No way Jose, blaming bogeymen is much more fun. And useful.

  14. Ban this open source Malware now :) by nickweller · · Score: 1

    Ban this Open Source/Apple Malware now and only use the industry standard :)

  15. Here I thought you were going with the standard... by Anonymous Coward · · Score: 0

    ... Cost, Delivery Date, Security --- pick two ;)