WASHINGTON: Hackers broke into the air traffic control computers of the US Federal Aviation Administration (FAA) several times in recent years, according to a government audit.
Among the breaches was an attack on a FAA public-facing computer in February 2009 in which hackers gained access to personally identifiable information, such as social security numbers, on 48,000 current and former FAA employees.
The report said, last year, hackers took control of FAA critical network servers and were in a position to shut them down, a step that could have seriously disrupted the agency’s mission-support network.
The audit was conducted by an assistant inspector general in the US Transportation Department and released last week. A copy of the audit report was obtained by internet news agency CNET and posted online.
Last year again, the report said, hackers took over FAA computers in Alaska to effectively become agency “insiders”. Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed “malicious codes” with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.
The nature of one 2006 attack is a matter of dispute between the inspector general and the FAA. The report said the attack spread from administration networks to airtraffic control systems, forcing the FAA to shut down a portion of its traffic control systems in Alaska. The FAA, however, claims it affected only the local administrative system that provides flight and weather data to pilots, primarily of small aircraft.
The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.
“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations,” the report said.
The breaches were possible because Web applications that support the air traffic control system operations are not properly secured to prevent unauthorized access and network intrusion-detection software is not adequately being used to monitor and detect cyberattacks, the report said.
“Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the nation is facing increased threats from sophisticated nationstate-sponsored cyber attacks,” the report said.