Breach Notification , Breach Response , Cybersecurity

Hack Attack Grounds Airplanes

LOT Airlines Says Cyber-Attack Disrupted Flight Plans
Hack Attack Grounds Airplanes

Polish airline LOT claims that a hack attack disrupted the state-owned airline's ground-control computers, leaving it unable to issue flight plans and forcing it to cancel or delay flights, grounding 1,400 passengers.

See Also: Detecting Insider Threats Through Machine Learning

The airline said the June 21 cyber-attack against its IT systems at Warsaw Chopin airport lasted about five hours and affected the computers that it uses to issue flight plans. "As a result, we're not able to create flight plans and outbound flights from Warsaw are not able to depart," the company said in a statement.

But the airline emphasized that the attack had "no influence on plane systems" and that no in-progress flights were affected by the incident. It also said that all flights bound for Warsaw were still able to land safely. The IT disruption did, however, result in the airline having to cancel 10 flights - destined for locations inside Poland, to multiple locations in Germany, as well as to Brussels, Copenhagen and Stockholm - and then delay 12 more flights.

An airline spokeswoman didn't immediately respond to a request for more information about the disruption, how LOT judged it to be a hack attack or who might be responsible. No group or individual appears to have taken credit for the disruption.

Airline spokesman Adrian Kubicki says that Polish law enforcement agencies are investigating the hack and warned that other airlines might be at risk from similar types of attacks. "We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry."

Follows Plane Hacking Report

It's been a busy year for airline-related hacking reports (see Malaysia Airlines Website Hacked).

In May, information security expert Chris Roberts claimed to have exploited vulnerabilities in airplanes' onboard entertainment systems more than a dozen times in recent years, allowing him to access flight controls (see Questions Over Plane Hacking Report). Roberts claimed that his repeated warnings about the problems to manufacturers and aviation officials had resulted in no apparent fixes being put in place.

Question: Hack or IT Error?

Despite the presence of vulnerabilities in avionics systems, however, airline-related IT disruptions are often caused by internal problems, and some security experts are questioning whether that might be the case with the supposed cyber-attack against LOT. "The story doesn't make sense, and most of the actual info so far suggests a 'glitch' caused by an unauthorized user," says the Bangkok-based security expert who calls himself the Grugq, via Twitter.

On June 2, for example, a computer glitch grounded almost 150 United Airlines flights in the United States, representing about 8 percent of the company's planned morning flights. The airline blamed the problem on "dispatching information," and some fliers - such as software firm Cloudstitch CTO Ted Benson - reported via Twitter that pilots told passengers that the ground computers appeared to be spitting out fake flight plans.

As a result of the glitch, the Federal Aviation Administration reportedly grounded all United flights for 40 minutes, until related problems were corrected.

United Airlines Bug Bounty

That glitch followed United Airlines in May launching a bug bounty program - not for the software that runs its airplanes, in-flight entertainment systems, or ground-control computers, but rather its website. "If you think you have discovered a potential security bug that affects our websites, apps and/or online portals, please let us know. If the submission meets our requirements, we'll gladly reward you for your time and effort," United says on the bug bounty page.

Rather than offering cash rewards like many other bug-bounty programs, however, United is instead offering frequent-flier "award" miles - for example 50,000 miles for cross-site scripting attacks, 250,000 for authentication bypass attacks, and 1,000,000 for a remote-code execution attack.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network