[ISN] FAA hacked by patriots

From: InfoSec News (isnat_private)
Date: Fri Apr 26 2002 - 01:07:58 PDT

  • Next message: InfoSec News: "[ISN] FAA hacked"

    By Kevin Poulsen, SecurityFocus Online
    Posted: 26/04/2002 at 06:54 GMT
    Hackers were able to penetrate a Federal Aviation Administration
    system earlier this week and download unpublished information on
    airport passenger screening activities, federal officials confirmed
    Styling themselves "The Deceptive Duo," the hackers on Wednesday
    publicly defaced an FAA server used by what was the administration's
    Civil Aviation Security organization, which until recently was
    responsible for supervising passenger screening at U.S. airports.  
    There, the intruders posted a mission statement vowing to expose
    America's poor state of cyber security for the good of the nation.
    "Tighten the security before a foreign attack forces you to," the Duo
    extolled. "At a time like this, we cannot risk the possibility of
    compromise by a foreign enemy."
    At the bottom of the page, the defacers included a screen-shot showing
    a portion of a Microsoft Access database, with each row displaying the
    three-letter code for a different U.S. airport, the name of an FAA
    inspector, a screener I.D. number, the number of passengers the
    screener handled, and the number of guns, explosives or chemicals he
    or she intercepted.
    An FAA spokesman described the file as a "screener activity" report
    for the year 2000, but insisted it wasn't particularly sensitive. "It
    was data that was used for a report that went to Congress, so it's
    essentially public information anyway," said spokesman Paul Takemoto.
    In February, the FAA's airline security functions were taken over by
    the newly-created Transportation Security Administration.
    Computer security weaknesses have dogged the FAA since 1998. Most
    recently, the agency was criticized in a September, 2000 GAO report
    for not performing background checks on IT contractors, failing to
    install intrusion detection systems, and not performing adequate risk
    assessments and penetration tests on agency systems.
    Speaking at the RSA security conference in February, agency CIO Daniel
    Mehan said the FAA had made significant progress in boosting cyber
    security, but needed more funding from Congress to continue the
    The FAA said Thursday that they'd reported the Deceptive Duo's
    intrusion. "We've asked the FBI to prosecute if they catch the
    people," said Takemoto.
    String of Intrusions
    The agency is only one target of the Deceptive Duo's inaugural week of
    defacements. On Monday, the pair vandalized a U.S. Navy site and
    posted information lifted from a Midwest Express Airlines passenger
    reservation system, according to a report by InternetNews.com. The
    defacement mirror site alldas.org shows attacks on two NASA sites on
    Wednesday, and on Thursday the attackers struck a U.S. Department of
    Transportation site and several seemingly random corporate targets --
    one of them in Israel.
    Each defacement featured the hackers' patriotic "mission outline" --
    in which they claim to be U.S. citizens determined to save the country
    from a "foreign threat" by exposing security holes -- and the group's
    logo: two handguns in front of an American flag.
    Longtime defacement-tracker Brian Martin, a security engineer at CACI
    Network Security Group, suspects the Duo's message may owe as much to
    media-friendly theatrics as genuine fervor. "They're probably casually
    into it," says Martin. "But if they write it up well, they hype it up
    and sensationalize it, they get more attention."
    But in an e-mail interview, the Deceptive Duo said their intrusions
    were a matter of national security.
    "We are two individuals who risk our future and our lives to help the
    Nation in such a vulnerable time," the Duo wrote. "Somebody has to do
    it; if we don't, a terrorist might."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Apr 26 2002 - 05:02:32 PDT