FAA hacked by patriots

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/25029.html

By Kevin Poulsen, SecurityFocus Online
Posted: 26/04/2002 at 06:54 GMT

Hackers were able to penetrate a Federal Aviation Administration
system earlier this week and download unpublished information on
airport passenger screening activities, federal officials confirmed
Thursday.

Styling themselves "The Deceptive Duo," the hackers on Wednesday
publicly defaced an FAA server used by what was the administration's
Civil Aviation Security organization, which until recently was
responsible for supervising passenger screening at U.S. airports.  
There, the intruders posted a mission statement vowing to expose
America's poor state of cyber security for the good of the nation.

"Tighten the security before a foreign attack forces you to," the Duo
extolled. "At a time like this, we cannot risk the possibility of
compromise by a foreign enemy."

At the bottom of the page, the defacers included a screen-shot showing
a portion of a Microsoft Access database, with each row displaying the
three-letter code for a different U.S. airport, the name of an FAA
inspector, a screener I.D. number, the number of passengers the
screener handled, and the number of guns, explosives or chemicals he
or she intercepted.

An FAA spokesman described the file as a "screener activity" report
for the year 2000, but insisted it wasn't particularly sensitive. "It
was data that was used for a report that went to Congress, so it's
essentially public information anyway," said spokesman Paul Takemoto.

In February, the FAA's airline security functions were taken over by
the newly-created Transportation Security Administration.

Computer security weaknesses have dogged the FAA since 1998. Most
recently, the agency was criticized in a September, 2000 GAO report
for not performing background checks on IT contractors, failing to
install intrusion detection systems, and not performing adequate risk
assessments and penetration tests on agency systems.

Speaking at the RSA security conference in February, agency CIO Daniel
Mehan said the FAA had made significant progress in boosting cyber
security, but needed more funding from Congress to continue the
effort.

The FAA said Thursday that they'd reported the Deceptive Duo's
intrusion. "We've asked the FBI to prosecute if they catch the
people," said Takemoto.

String of Intrusions

The agency is only one target of the Deceptive Duo's inaugural week of
defacements. On Monday, the pair vandalized a U.S. Navy site and
posted information lifted from a Midwest Express Airlines passenger
reservation system, according to a report by InternetNews.com. The
defacement mirror site alldas.org shows attacks on two NASA sites on
Wednesday, and on Thursday the attackers struck a U.S. Department of
Transportation site and several seemingly random corporate targets --
one of them in Israel.

Each defacement featured the hackers' patriotic "mission outline" --
in which they claim to be U.S. citizens determined to save the country
from a "foreign threat" by exposing security holes -- and the group's
logo: two handguns in front of an American flag.

Longtime defacement-tracker Brian Martin, a security engineer at CACI
Network Security Group, suspects the Duo's message may owe as much to
media-friendly theatrics as genuine fervor. "They're probably casually
into it," says Martin. "But if they write it up well, they hype it up
and sensationalize it, they get more attention."

But in an e-mail interview, the Deceptive Duo said their intrusions
were a matter of national security.

"We are two individuals who risk our future and our lives to help the
Nation in such a vulnerable time," the Duo wrote. "Somebody has to do
it; if we don't, a terrorist might."




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.