Slashdot Mirror

← Back to Stories (view on slashdot.org)

Boeing Hit By WannaCry Virus, Fears It Could Cripple Some Jet Production (seattletimes.com)

Posted by BeauHD on from the raise-the-alarm dept.

An anonymous reader quotes a report from The Seattle Times: Boeing was hit Wednesday by the WannaCry computer virus, raising fears within the company that it could cripple some vital airplane production equipment. Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out an alarming memo calling for "All hands on deck." "It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down," VanderWel wrote, adding that he's concerned the virus will hit equipment used in functional tests of airplanes ready to roll out and potentially "spread to airplane software." Indicating widespread alarm within the company at the potential impact, VanderWel said the attack required "a battery-like response," a reference to the 787 in-flight battery fires in 2013 that grounded the world's fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix.

33 of 122 comments (clear)

  1. Computer virus? by Anonymous Coward · · Score: 5, Insightful

    No sir. It is not a computer virus.
    It is -once again, a Microsoft Windows virus.

    Call things by their names.

  2. NSA by Anonymous Coward · · Score: 3, Insightful

    Thanks again, NSA! Glad you had our backs...

    1. Re:NSA by guruevi · · Score: 4, Interesting

      NSA isn't the only one to blame, Microsoft knew about the exploits that were going to be released when the NSA lost their data and chose to only patch some of the malware that the NSA had held onto, only after ShadowBrokers released WannaCry in the wild did they release the emergency fixes. They released a patch for XP about 2 months after WannaCry went public.

      Microsoft deliberately held back patches and fixes for Windows for god knows how long because it benefited the NSA.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:NSA by OneAhead · · Score: 2

      Microsoft deliberately held back patches and fixes for Windows for god knows how long because it benefited the NSA.

      Possibly, but Boeing held them back even longer, and I'm guessing for reasons at least equally lame (specifically, my best guess is "fear that a patch will break proprietary hack jo^H^H^H^H^H^H^H software packages running on some of those systems").

  3. Not Enough Time by Bigbutt · · Score: 4, Insightful

    Hey you business types who moan about not enough time to test updates and that it takes away from software projects that will generate income?

    Pay attention.

    [John]

    --
    Shit better not happen!
    1. Re:Not Enough Time by Anonymous Coward · · Score: 3, Informative

      Until it becomes less profitable to outsource risk, don't expect much to change.

      Still waiting for those equifax execs to be thrown in jail.

    2. Re:Not Enough Time by tero · · Score: 2

      To continue in the same style - also maybe us IT-types could actually disable SMBv1 one day in our networks so this crap wouldn't happen. It's been deprecated for couple of decades now.

  4. Should have used by AHuxley · · Score: 4, Insightful

    Microsoft to sell computer games about flying.
    Use a real OS that has real security for real work.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Should have used by AmiMoJo · · Score: 3, Insightful

      What makes you think any other desktop OS would be less vulnerably to ransomware? Security through obscurity perhaps.

      Let's say they were running Linux. The infection vector is usually a browser exploit or email attachment. Linux does nothing extra to prevent the user from executing code that Windows doesn't also do. Then the malware is running, and has access to the user's file, and any other files that the user has access to on the network. Again, Linux does nothing extra to prevent this.

      The virus spreads via exploits stolen from the NSA. Even assuming they are not zero-day and a patch is available, it's up to the organization to install that patch. If they were not installing Windows patches, why would they be installing Linux patches?

      No, the problem is not the OS. The problem is the IT staff not locking the system down properly. Just switching OS would not help them.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Should have used by kyrsjo · · Score: 3, Insightful

      I doubt they are reading emails on a machine controlling a piece of machinery - these things are generally on a special "technical network" that cannot reach the internet directly. AFAIK these are true remote exploits, not user intervention needed. So yes, it is the OS's fault, and you are off target by blaming the user.

  5. Back-ups... Back-ups... Back-ups... by Anonymous Coward · · Score: 4, Insightful

    This is why my back-up drives aren't connected to my computer 24-7. When I finish backing up stuff, I disconnect the drive(s).

    Come on people, you gotta be smarter than this by now.

    1. Re:Back-ups... Back-ups... Back-ups... by rtb61 · · Score: 2

      Also if it doesn't need to be connected, do not connect it. If scanned sneaker net from one secured location to another secured location is good enough because it only happens once a week, not every second, that use scanned sneaker net, a lot more expensive per transaction maybe like an extra $10,000 over a year but the alternative hundreds of millions of dollars lost, makes that $10,000 look like nothing. Wireless quick easy, stupidly insecure. Wired not so quick not so easy but a lot more secure. Sneaker net, now that can be as tough as you want to get past, on secured verified staff get to carry data from one location to another location via a secured device and not network cards or chips, for those computers it is impossible to connect to the internet, factually impossible. Sure an internalised computer data transfer system, but not a typical computer network. Also don't hire foreigners because they are cheaper, the cheapest most skilled ones will be foreign agents, your greed serves insecurity best.

      This digital security break down should put all Boeing defence systems on a black list for digital security, who knows what little hidy holes it will bury itself in, only to pop up at some time in the future, when a device that was infected and got turned off in normal operations, only to be turned on at a required time years in the future. Boeing has a real problem now, it's competitors will be, hmm, insider trading raking in the hundreds of millions of dollars and getting a just to steal billions in business. The corporate wars, the US kicked them off, now the hassle of shutting them down.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:Back-ups... Back-ups... Back-ups... by thegarbz · · Score: 2

      This is why my back-up drives aren't connected to my computer 24-7. When I finish backing up stuff, I disconnect the drive(s).

      Come on people, you gotta be smarter than this by now.

      No where do they say they lost data. Just that they were worried about being crippled. You're crippled too while you're slowly recovering your backups rather than getting actual work done.

  6. Re:They use windows on planes! by InfiniteBlaze · · Score: 2

    Probably still running Windows XP or Windows 7...at least those gave diagnostic codes when they failed.

  7. Re:They use windows on planes! by PPH · · Score: 4, Interesting

    No. But they do use it on manufacturing equipment now. I was there when they got hit with the Code Red virus. Fortunately, in 2001 they were running Solaris, HP-UX and Linux on the shop floor. When management came running out in a panic about possible effects on production, we told them, "No problem. We don't run Windows."

    Management's response was, "Why aren't we running Windows?" I guess now they'll find out.

    --
    Have gnu, will travel.
  8. Re:Wanna die? by Applehu+Akbar · · Score: 4, Insightful

    In what universe is an entire national medical system not the "wrong person?" If there was any way of getting at ransomware scammers, we would have deployed it by now.

    https://www.telegraph.co.uk/ne...

  9. Re:They use windows on planes! by ArchieBunker · · Score: 5, Interesting

    I can't believe they removed the F8 safe mode function from Windows 10. Now you need to be in Windows to tell it to reboot in safe mode. Good job there. What if your install is fucked and won't boot?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  10. Re:They use windows on planes! by AHuxley · · Score: 2

    Use the productive time to look up what to replace Windows with.

    --
    Domestic spying is now "Benign Information Gathering"
  11. What a difference 2 days makes by Flexagon · · Score: 4, Interesting

    I'm very interested to hear what Boeing vice president Phil Musser has to say about this event given his reported comment just 2 days ago in response to the closure of the Russian consulate in Seattle 'that the company has “rigorous IT and security protocols.”'.

    1. Re:What a difference 2 days makes by thegarbz · · Score: 3, Interesting

      Probably very little given TFA said it took them half a day to contain and caused zero production loss as a result. Frankly that is quite a phenomenal IT response given how many companies were cut off at the knees for a whole week at a time.

  12. Re:Wanna die? by davecb · · Score: 2

    I think if they hit organized crime, even by accident, that might be the "wrong person"

    --
    davecb@spamcop.net
  13. Re:They use windows on planes! by Eravnrekaree · · Score: 2

    Its a sad fact that many niche apps like CAD and so on are written for Windows. Yes you can get a CAD program for Linux but it has to meet the requirements and *nix OSs have lagged far behind in applications which have efficient workflow the features needed for many situations. Linux is fine if you need a word processor but when you get into large, specialized technical apps falls behind.

  14. Re:They use windows on planes! by aaarrrgggh · · Score: 2

    Believe it or not, you can get a command and file compatible alternative to AutoCAD on Linux now called BricsCAD. Haven't tried it on Linux, but have on OSX and Windows.

  15. Re:They use windows on planes! by PPH · · Score: 4, Interesting

    applications which have efficient workflow the features needed for many situations

    Interesting. Because it was the 'efficient workflow features' that we had to build on UNIX systems at Boeing which were simply unavailable on Windows systems. CATIA started out running on UNIX (AIX and Solaris at Boeing) and was finally ported to Windows NT when the Microsoft fanbois cried hard enough. The backend 'workflow management' was never ported to a Windows platform during my time there. We just couldn't buy enough NT servers that would handle the load a Sun system could handle.

    Data integrity was (and still appears to be) a problem for Windows systems. We had a requirement to keep people from modifying datasets not a part of their scheduled workflow. The NT folks could never figure out how to implement that. And more than a decade later, this is fundamentally what the WannaCry virus does. Windows just isn't ready for enterprise use yet.

    --
    Have gnu, will travel.
  16. Boeing probably forgot ... by PPH · · Score: 2

    ... to update their Kaspersky AV software.

    --
    Have gnu, will travel.
  17. Not your grandpa's Boeing by Anonymous Coward · · Score: 5, Interesting

    Boeing used to be one of the world's most competent corporations.

    Then they merged with McDonnellDouglas. They absorbed the McD defense products, and then the morons in the board room replaced a bunch of Boeing's old management structures with the McD people. The McD teams used to outsource more stuff, whereas the old Boeing people used to do stuff more in-house. This came to a head with the 787 program which ended up over budget and behind schedule in large part because Boeing, which used to do everything inhouse, was under the new management oursourcing parts all over the planet and bringing the parts into the Boeing facilities for final assy - a tactic the McD guys were used to but the boeing people and systems were not. The results were entirely predictable to anybody without an MBA degree.

    The idea that the new & reckless Boeing management was running their internal systems on the super-crappy Windows operating system is both predictable and sad. These clowns should not be trusted with national security projects - they probably store all their stuff unencrypted in the cloud and run their Windows machines unpatched and without antivirus protections and hardware firewalls.

    This is the company that has been charging billions of dollars per year for nearly a decade to convert a shuttle external tank into a 1st stage booster - which they MIGHT be able to fly manned 20 years after the design started. Incidentally, the SLS design was specifically chosen to re-use shuttle heritage hardware, including engines and engine plumbing stripped directly from working orbiters, in order to accellerate development time and save money [sigh]. While Musk at SpaceX has been moving to re-usable rockets, Boeing is actually regressing to throwing away expensive reusable shuttle engines on each SLS launch!

    Same company that has been studying blended-wing-body airframes for 20+ years without builing a single manned example. The old Boeing could design a readically new aircraft and get a test article onto a flight line in MONTHS.

    This virus incident is just the most-recent evidence that the federal government was completely incompetent when they allowed Boeing to absorb North American aviation, Rockwell International's aerospace division, Bell helicopter, McDonnellDouglas (itself a merger of McDonnell Aircraft, Douglas Aircraft, Convair and Consolidated) and others. Huge bloated incompetent defense contractors lose all interest in being efficient and competent as they become hooked on cost-plus government contracts combined with lack of competition resulting from the absorption of most or all competitors.

    1. Re:Not your grandpa's Boeing by l0n3s0m3phr34k · · Score: 3, Interesting

      I work as a network security analyst at a small airline, who has some DoD contracts. 800-171 compliance is my job, and our infrastructure team bases most of our decisions around it. Wannacry was patched last year; you have only 30 days to apply patches or your non-compliant. IMHO, Boeing should be brought before Congress and threatened with loosing all their DoD contracts and forced to go through a third-party audit and fined for anything found non-compliant.

      The ONLY "Saving grace" for Boeing might be that they might be able to show that the systems hit with Wannacry are not covered under any DoD contract; ie not used for anything DoD related. However, it's also my opinion that ANYTHING relating to our "national aviation infrastructure" SHOULD be, at a minimum, 800-171 compliant; as should anything relating to electrical utilities, water and sewage, and medical.

      If we actually "go to war", the USA is totally fucked on this front. I fully expect any transition to a "hot war" with, say North Korea, will immediately result in most of the electrical grid shorting out / shutting down, entire city networks being corrupted, and anything with a PC being pwned within 24 hours. We, as a country, are as about prepared for "modern warfare" as the Native Americans were to meeting the Europeans and their diseases.

  18. Should have patched by Chrisq · · Score: 4, Insightful

    Since the NHS were admonished for not installing patches which would have prevented Wanacry in May 2017, Boeing really should have patched their systems by now.

  19. Re:They use windows on planes! by thegarbz · · Score: 3, Informative

    What if your install is fucked and won't boot?

    After 3 failures to boot to the desktop windows will automatically trigger the startup repair program where among other options you can attempt to boot into various forms of safe mode.

    If you for some reason can't get there (i.e. your computer boots to desktop and then somehow cleanly reboots preventing Windows from triggering the startup repair) you can do it manually from the recovery partition, USB or Windows 10 install media, or just go all out brute force and hit the reset button 3 times while the windows logo comes up to trigger 3 boot failures.

    As to why they don't do it, that much is obvious. Windows no longer goes through a proper boot process anymore unless you either a) manually reboot using the start menu, or b) install a windows update. After all booting is a big waste of time in the eyes of MS, as is giving the user 3 seconds to hit F8. On my desktop those 3 seconds make up the vast majority of the boot time.

    And no shutting down windows and then turning the power on is not a proper reboot anymore. That puts windows into some kind of half state which is how they dramatically cut down the boot time.

  20. Re:They use windows on planes! by dunkelfalke · · Score: 2

    Antonov is Ukrainian FYI.
    And given the sorry state of their aircraft production (the overwhelming majority of An-148s was built in Russia, not in the Ukraine) the only Antonov computers that could get hit by WannaCry would be the laptop of the managing director and the workstation of his typist.

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  21. Re:Dead? by PPH · · Score: 2

    There are (at least) two parts to WannaCry: The transport mechanism, based on the NSA's EternalBlue exploit. And the payload, which does the privilege escalation and file encryption stuff. The 'kill switch' was a domain name that, when resolved by the transport mechanism, would stop it from spreading or deploying its payload on the current host.

    Several different domain names appeared in the WannaCry virus, probably as its creators tried to circumvent the kill switch fix. It's possible that someone got hold of the NSA exploit source and changed the kill switch domain name yet again. Or removed it altogether.

    Its also possible that Boeing didn't enter the kill domains into its internal DNS system. Or that they were deleted during some sort of cleanup*. An even funnier theory: The kill switches may have been put in by the NSA to keep their back door ware from spreading into secure government and subcontractor's systems. And Boeing just didn't rate a "friend of the government" designation in the NSA's buddy list.

    *Anecdote: We had a couple of systems crash back when I worked there because some IT bigwig had asked, "What are the /tmp directories for?" And upon getting an (oversimplified) answer of "For saving garbage files", he ordered them to be deleted since "We don't store garbage on our systems."

    --
    Have gnu, will travel.
  22. Re:Which Defense Systems Failed? by PPH · · Score: 2

    I expect that Boeing had good defenses

    You owe me a new keyboard. And a coffee refill.

    --
    Have gnu, will travel.
  23. Re:They use windows on planes! by thegarbz · · Score: 2

    Business rules have to be set up and workflows have to be defined

    Again you and the GP talked about two different things. The GP talked about pre-defined software based workflows to suit the business. You're talking about designing a business workflow then custom making software to suit.

    It may sound like splitting hairs, but it will be precisely that hair which fundamentally changes the procurement process. Also many industries in general are overwhelmingly moving to the process described by the GP as they learn that their own defined business workflows are often either not the most efficient, or require so much bespoke software that it costs them a lot of money to maintain that workflow.

    I have spent the best part of last year in exactly this kind of discussion. ... *wasted*. I have *wasted* the best part of last year in that kind of discussion. It's amazing that everyone thinks they are special.