Back to Squawk list
  • 42

Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly

제출됨
 
A 26-year old woman allegedly hacked into the systems of a flight training school in Florida to delete and tamper with information related to the school's airplanes. In some cases, planes that previously had maintenance issues had been "cleared" to fly, according to a police report. The hack, according to the school's CEO, could have put pilots in danger. (www.vice.com) 기타...

Sort type: [Top] [Newest]


sgbelverta
Security, security, security. Login's disabled as soon as someone leaves. Update passwords for all remaining staff. Store electronic back-up in the cloud AND on devices that can be removed. Monitor logins from remote sites. Inexpensive solutions to a potentially dangerous problem.
paulfharris
Too true and so easy to do
FrankHarvey
Superficially these solutions might be appear practical in small companies in a non time critical environment. But in a large organisation with locations across the globe it is much more difficult. One example: For events such as people leaving almost each week, having protocols mandating frequent password changes is very difficult and leads to password resets when the user forgets their latest and locks their account by exceeding the permitted retries.

Removable backup devices are dependent on data volumes. Again an administrative difficulty for a large organisation. But also keeping track of the backup devices and restoration procedures demands a competent, disciplined, approach. Its one thing to "run the backups" but its another thing to know what generation to restore and how to do it. As for "the cloud", you need to be sure that you can reach your data out there when you need it.

With remote users "working from home" and other locations such as a truck stop or medical facility's waiting room etc, or someone using a vpn, how do your systems monitor logins from remote sites ? In large organisations, or using contractors, especially overseas, this issue is exacerbated.

Security is a very tricky issue and even for a small organisation with only one or two key systems personnel what happens when one of your key people is suddenly unavailable through accident or illness ?


Solutions to security are not inexpensive.
marcusangelus
Smaller organizations are the ones less likely to have "good" security. Larger organizations have economy of scale going for them, along with more at risk. Standard security practice is to use a distributed directory system (such as Microsoft's Active Directory) for identification/authentication, disallow (through policy and audits) the use of "group logins" (accounts with passwords shared amongst a group of users), and to have an automated process that disables a person's login credentials when they are terminated. If electronic key cards are used to control physical access, then the same automated process can block the key card as well.

Smaller organizations tend to have people wearing multiple hats, a higher level of implicit trust amongst employees, and a lack of will when it comes to having and enforcing the information security policies that mitigate the risk of a terminated employee sneaking back in and causing problems (through electronic or physical access). They also have a smaller number of people between which to distribute key responsibilities.

In this case I would not be surprised if the one user's password was either easily guessable or in fact was shared or easily discoverable and unchanged from when the ex-employee worked there. Writing down passwords on post-its stuck to the bottom of keyboards is a trope because it happens all too often, especially with people who are focused on the business and not overly concerned with being fussy about security details.

I would not use the verb "hacked" to describe what happened, any more than I would use the term "breaking and entering" to describe someone who used a key hidden under a mat to get into my house. Unauthorized entry is a better term.

Determining whether the individual in question's actions posed a significant risk to health and safety depends on other variables including how readily detectable and correctable the changes made were by the existing employees.
ghstark
Greg S 20
"I'm going to get back my previous evil employer by killing innocent pilots and their passengers! Then they'll blame the flight school, hahaHAHAHA!!"

This is much more serious than just unauthorized computer access.
ewrcap
I imagine the Feds will get involved. Hope little missy wasn’t looking at a career in aviation!
WilliamCampbell
This does violate the federal computer crimes act, so she should expect a federal prosecution.
mohenley
I imagine that's precisely the result (for the flight school) that the woman wanted.
EMK69
EMK69 14
Serious jail time is needed and I don't mean a few months.
sparkie624
Maybe a 20 year sentence for each occurrence!
ADXbear
ADXbear 12
Is there no extent people will go to cause damage to others... its called quitting, filing suit for harassment etc.. don't endanger pilots and people on the ground.. jail baby, jail
Balmoral
Someone this “sick” jeopardising people’s life’s by her action should receive the highest possible penalty provided by
the law.
Huffer
Huffer 7
So many things we see in the news these days revolves around someone wanting revenge for something.
I learned from my dad to walk away from bad encounters but keep an eye out to your rear.

Romans 12:19 Do not avenge yourselves, beloved, but leave room for God's wrath. For it is written: "Vengeance is Mine; I will repay, says the Lord."
bartmiller
Absolutely. Every organization needs an "offboarding" check list when an employee leaves. Too easy to miss things.
ewrcap
You are right. When I retired from a big company (on good terms) but at midnight my email account disappeared, access to flight ops was locked etc. I was a little surprised but it was all on autopilot.
silcalifano
Stupid people do stupid things!
silvanocerboneschi
Prison fo life
augerin
....wow...if you hate your job that much, QUIT for God's sake...why endanger people you don't even know...
Huffer
Huffer 3
She should be charged with attempted murder for each plane she altered the records on!
Mackhatter2003
Imagine having her for a girlfriend/wife… And yes, I’m sure some idiot does.
avionik99
This is why you do not ever get away from paper! The military is also moving away from paper and toward all electronic. A Huge mistake!!
WillyRoss
Back up, secure backup and strict management of passwords. They were, if the article is to be believed, sloppy with password management.
sparkie624
Yes, and also, Electronics are not perfect... They Fail. I remember at a previous employer I had, I walked in on my Monday... 1st thing out of one of my fellow workers, Servers crashed this week... Everyone in the company lost ALL their Email and Personal Files.... My answer was, Not everyone as I pulled out my Thumb Drive. Took a while to Restore, but got ALL of my notes and emails back and I was very popular with everyone wanting a copy of my notes.... LOL!
jbsimms
Whenever I do work like the newsletter I produce every month for a local historical group, I save it to the Desktop & two separate thumb drives, plus all of the source material.

Same goes for the PowerPoint classes I’ve taught.
PDLanum
At the last two places I worked, if you plugged in a USB drive that had not been verified by the company, you were fired. Condition of work, nothing goes into a corporate device without authorization.
ewrcap
Ha! Being older, that was my first thought! Then I remember all the mysterious erasures, “ground checks OK” “entered in error” etc. that happened in the old days. But, like everything else, computers let you commit crimes on a wholesale basis and more efficiently!
TorstenHoff
It's not like paper records aren't falsified all the time. At least with electronic records in a properly designed system, there will be a log of who (supposedly) changed something, and when.

The bottom line is that both types of record keeping are riddled with potential problems -- there are no quick fixes here.
sparkie624
WOW, I certainly hopes that she pays dearly for that one... What would one hope to accomplish!
btweston
btweston -1
Stunning insight
jfitzgerald2112
The father of the alleged hacker does not seem to think too much of the flight school's CEO. Perhaps the CEO is framing her?
CapeCodder
Lide was charged with a count of fraudulent use of a computer, and two counts of unauthorized access to a computer system or network.

Assuming she has no prior criminal history, if those are the charges, after a plea deal, don't be surprised if she only receives probation or a suspended sentence. At best, she'll only do a few months of jail time.
nigelites
Seems like a bit of an over reaction from her.
Also, perhaps a bit of an over reaction here too in some cases, maybe.

Picture the scene at the fbo:
"Hey, everything's blank on the booking screen, and we ain't got no planes 'cos they've all been deleted, but it seems they're all OK, oh and you FI's you aint got no bookings so take the rest of the day off... ah, we have a student just turned up, hey Jeff you take 'em, pick any plane in the hanger, you'll be fine..."

Or

"No Tail numbers, no bookings, no anything much, sombody's been messing about in here.. Oh bugger, ok let's dig out the paper tech logs and see which planes are good to go, and keep a few FI's on standby while we wait to see which students show up, what a PitA..."

The hack seems more like the Cyber equivalent of spray-painting graffiti on the bosses car rather than crawling underneath to cut the brake pipes.

And even if she'd been more subtle, just clearing a tag or extending a CoA inspection, does anybody still use and check paper logs, what about the daily A-Check, preflight walk-around, Power checks at the run-up etc..

I can't condone in any way what she did, for whatever reason, but the crude and blatant manner of the hack appears intended to cause administrative disruption, not flaming death.

Rearrange "Teacup" and "Storm" into a well known phrase or saying.
dp777usa
She needs to be criminally charged, tried and sentenced.
jrlazar4
JR Lazar 1
it is possible that the CEO's claim that lives were put in danger is not actually true. If it were, there would likely be other chargers filed against her. not the most mature way to get back at a bad employer. posting poor reviews online would result in her being sued, though.
cibrut
Woman resigns her job at flightschool.
Then hacks aircraft maintenance database with outcome of possibly killing people in aircraft and on ground too whn clearing to fly aircraft with maintenance issues.
Just to get her job back.

Very, very interesting approach. IQ <80? Hope she will rot in asylum for rest of her life.
Dl8698
David Loh -3
At least she didn't go back with a bagful of AK47, Ar15 or 16 or whatever, colt 47 magnum, millions of rounds, and shot to pieces everybody she could find. This might sound like a joke, but in reality, in the US, it could very easily be tomorrow's headline news
FrankHarvey
I feel that the issue in this particular case should not be firearms but the fragility of our computer based (and internet dependent) systems.

Firearms are not the only danger to society. For example, before 11 September 2001, how many of us imagined that 15 Saudis with razor blades could murder 3,000 people in a few hours one morning ?
wiregold
wiregold -3
How many think a bunch of Saudis actually flew those jets in a tight turn directly into the towers ...
21voyageur
She just chose a different deadly weapon. Weapons of all types and the use of such, reflect a society's state. Take it from there , , , , ,
gcottay
Yes. Thank you.
jbsimms
Recent incident in Scandinavia, for example. Let’s ban bows & arrows, plus whil were @ it, knives & forks.
augerin
...WTF is a 'colt 47 magnum', some kinda' beer...?

srobak
srobak 2
wtf is a colt 47 magnum?
the only people who have millions of rounds is the government - which in case you have had your head in the sand - is a MUCH greater threat to us all today than any one (or even group of) individual.

educate thyself before you flappulate gibberish which gets absorbed, "uh-huh, uh-huh"'ed and repeated by other, equally uneducated sponges. this is precisely why you probably think "full semi-automatic" is an actual thing.

responsible gun owners are just as free to own and shoot as responsible pilots are free to fly the skies. if either one cannot be responsible and put people's lives at risk - that is when their access gets plucked.
fireftr
Ok, everyone else got his point about the guns!
So he didn’t use exact nomenclature for weaponry, Mr. 2nd amendment. Does that change the nature of his comment?
He made a good point, let it go!
RJBrown409
No he Daviv loh made an illiterate uninformed comment with no basis in fact. Only other uninformed illiterate posters would like the ignorance contained in his post. His only point was exposing how ignorant he is on the subject. Your agreement just exposes your lack of knowledge and understanding.
RJBrown409
Anti gun nut. Doesn’t know a thing about guns but brings them up in an unrelated topic.
Gun haters are self hating lemmings that don’t understand reality.
fireftr
It’s not unrelated!
Pity you can’t see the parallel between what the possible outcome of her actions and a mass shooting.
Hint- both would cause multiple lives lost!
RJBrown409
The parallels?
Both statistically unlikely to harm anyone.
Paperwork doesn’t kill bad pilots kill.
Guns don’t kill, Democrats with guns and mental health issues kill.
srobak
srobak 0
roger that!

로그인

계정을 가지고 계십니까? 사용자 정의된 기능, 비행 경보 및 더 많은 정보를 위해 지금(무료) 등록하세요!
FlightAware 항공편 추적이 광고로 지원된다는 것을 알고 계셨습니까?
FlightAware.com의 광고를 허용하면 FlightAware를 무료로 유지할 수 있습니다. Flightaware에서는 훌륭한 경험을 제공할 수 있도록 관련성있고 방해되지 않는 광고를 유지하기 위해 열심히 노력하고 있습니다. FlightAware에서 간단히 광고를 허용 하거나 프리미엄 계정을 고려해 보십시오..
종료