U.S. Air Traffic Faces 'Serious Harm' From Cyber Attackers
Dan Goodin writes on The Register:
The United States' air traffic control system is vulnerable to serious cyber attack, according to a watchdog report that detailed several recent security breaches that could have been used to sabotage mission-critical networks.More here.
One of the most serious attacks came last August, when hackers took control of Federal Aviation Administration computers in Alaska. By exploiting the administration's interconnected networks, the miscreants then stole an administrator's password and finally took control of a domain controller in the Western Pacific region. That gave them access to more than 40,000 login credentials used to control part of the FAA's mission-support network.
Two separate attacks in 2006 hit the FAA's remote maintenance monitoring system and its air traffic control systems. The latter forced the FAA to shut down a portion of ATC systems in Alaska.
"These web vulnerabilities occurred because (1) web applications were not adequately configured to prevent unauthorized access and (2) web application software with known vulnerabilities was not corrected in a timely manner by installing readily available security software patches released to the public by software vendors," the report, which was prepared by Assistant Inspector General Rebecca Leng, concluded.