Hacker admits hijacking plane mid-air: FBI

[MEL_Traveller]

"If it actually happened"...then this idiot affected the controlling systems of an aircraft in flight. Whether his intentions were good or bad, he remains an idiot who should be jailed for such actions.

The ways in which we've seen the software play up when written by the people who are meant to be doing it, and with access to the real thing to test their programs on, are extensive. Nobody in their right mind would ever 'test' anything on an aircraft in flight.

If it happened of course.

If it happened... gross stupidity? Probably. Reckless? yes again. Against laws in every country, most certainly.

But malicious? I'm not sure.

But if this supposed incident wasn't reported in the way it was, how would this issue have come to light? Would authorities have taken it seriously?

Should this not be treated as a learning event, rather than one of simply throwing the book? Some advocate the application of 'just culture' to crew (arguably in some cases which might be similarly stupid or reckless), but disallow it now?

I still think I would rather have this come to light in this manner, and have the issue thoroughly investigated, than only find out about it after a malicious event (deliberate crashing of an airliner).

 

[jb747]

If it happened... gross stupidity? Probably. Reckless? yes again. Against laws in every country, most certainly.

But malicious? I'm not sure.

But if this supposed incident wasn't reported in the way it was, how would this issue have come to light? Would authorities have taken it seriously?

Should this not be treated as a learning event, rather than one of simply throwing the book? Some advocate the application of 'just culture' to crew (arguably in some cases which might be similarly stupid or reckless), but disallow it now?

I still think I would rather have this come to light in this manner, and have the issue thoroughly investigated, than only find out about it after a malicious event (deliberate crashing of an airliner).

"Just culture" doesn't really apply to something that is stupid, reckless and PREMEDITATED.

Aviation is a dynamic environment, in which nothing ever works according to the script. Mistakes will happen, and in the vast majority of cases, the mechanisms that have been built up over the years will correct those errors.

Plan to do something that is reckless, and you'll be out the door before it has time to open.

 

[MEL_Traveller]

Plan to do something that is reckless, and you'll be out the door before it has time to open.

And I think that's the key... did he 'plan' to do it... or was he on a fishing expedition and happened to come across it?

If it's the latter - how else do you raise the issue? And no one will ever disclose any loop-holes because they'll end up in gaol.

 

[jb747]

And I think that's the key... did he 'plan' to do it... or was he on a fishing expedition and happened to come across it?

I guess he just happened to carry a suitably modified Cat 6 cable and accidentally fitted it to the system, after unintentionally removing the cover.

I'm sorry, IF he really did any of this, he's a dangerous fool, and is in no way doing anyone a favour.

 

[MEL_Traveller]

I guess he just happened to carry a suitably modified Cat 6 cable and accidentally fitted it to the system, after unintentionally removing the cover.

I'm sorry, IF he really did any of this, he's a dangerous fool, and is in no way doing anyone a favour.

Not doubting he intended to try and gain access to the system, but that in itself isn't evidence of intention to compromise the safety of the aircraft. He might have stumbled across the ability to actually be able to 'do' something... and that might have been totally unexpected.

If everyone is saying it can't be done... why would he expect it to be possible?

Journalists try and smuggle weapons/prohibited items through airport security to expose flaws... it doesn't mean they intended to hijack an aircraft.

 

[jb747]

If everyone is saying it can't be done... why would he expect it to be possible?

I thought that was the basis of his whole claim...he was saying it was possible for (supposedly) a number of years.

Journalists try and smuggle weapons/prohibited items through airport security to expose flaws... it doesn't mean they intended to hijack an aircraft.

There are people whose job it is to do this sort of breach check. Journalists who do so aren't white hatters. But, presumably they don't take it to the point of actually pointing a weapon at someone to see what they will do...which would seem like our software writing friend is claiming.

I didn't intend to force the pack valves to open, or the fire switches to illuminate isn't a defence if that activity has had the expected follow up result from the crew. Same as a journalist being shot if he happened to have a 'weapon' would seem to one of the expected possible outcomes.

 

[MEL_Traveller]

I thought that was the basis of his whole claim...he was saying it was possible for (supposedly) a number of years.



There are people whose job it is to do this sort of breach check. Journalists who do so aren't white hatters. But, presumably they don't take it to the point of actually pointing a weapon at someone to see what they will do...which would seem like our software writing friend is claiming.

I didn't intend to force the pack valves to open, or the fire switches to illuminate isn't a defence if that activity has had the expected follow up result from the crew. Same as a journalist being shot if he happened to have a 'weapon' would seem to one of the expected possible outcomes.

We might need to wait and see how this pans out.

If this turns out to be a whole lot of nonsense... he's guilty of what? removing an IFE cover and sticking a cable into an electrical box? (laws on tampering with aircraft equipment aside for a moment.)

If it turns out he has exposed a major security flaw... do we shoot the messenger?

 

[medhead]

I'm sorry. The claim made is that he did this a number of times. That after a few times of doing this he changed engine settings. That sounds like a consistent, escalating pattern of behaviour, including premeditation to get in next time and try changing the engine settings.

If he was a white hat protecting us then the story would have come out after the first attempt.

However, the fact remains its all a load of cough

 

[harvyk]

If it turns out he has exposed a major security flaw... do we shoot the messenger?

Yes, yes we very much do.

If I was the classify what this person has (allegedly / perhaps not / insert any other disclaimer here you like) done, it would be black hat whom had a ethical crisis. Yes he potentially exposed a security flaw, but on first discovering that flaw he did not report his findings, but rather claimed he repeated this process over many flights. By the repeating over and over he loses any claim to a grey hat.

Furthermore we need to shoot the messenger in this case since the methods he used to test this theory are just so dangerous. Let's for a second say he was successful. What exactly could he achieve other than put the flight into a worse position? It doesn't take a rocket scientist to work out that had he been successful the scale he was working on goes from absolutely no affect at one end, to flaming hole in the ground at the other.

Does the aircraft manufacturers hire white hat's? Don't know, but if they did, one can be certain that they would not be testing out their hacks on a plane in mid flight, since that would be no different that testing your own network securities strength by releasing actual viruses on it (also considered a really bad idea).

 

[MEL_Traveller]

Yes, yes we very much do.

If I was the classify what this person has (allegedly / perhaps not / insert any other disclaimer here you like) done, it would be black hat whom had a ethical crisis. Yes he potentially exposed a security flaw, but on first discovering that flaw he did not report his findings, but rather claimed he repeated this process over many flights. By the repeating over and over he loses any claim to a grey hat.

Furthermore we need to shoot the messenger in this case since the methods he used to test this theory are just so dangerous. Let's for a second say he was successful. What exactly could he achieve other than put the flight into a worse position? It doesn't take a rocket scientist to work out that had he been successful the scale he was working on goes from absolutely no affect at one end, to flaming hole in the ground at the other.

Does the aircraft manufacturers hire white hat's? Don't know, but if they did, one can be certain that they would not be testing out their hacks on a plane in mid flight, since that would be no different that testing your own network securities strength by releasing actual viruses on it (also considered a really bad idea).

I can't argue with any of that... but... Roberts says he has been doing this for a number of years, and has openly discussed his thoughts/findings going back as far as 2012. If that's the case (2012)... how is it possible he could still do what he did in 2015?

If airlines all say what he claims is not possible, if the airline manufacturers say it's not possible, then one of two things... either it's not possible, or, airlines knew about this and didn't take steps to prevent it. If the latter... what would it take to get the issue considered seriously? This latest alleged incident seems to have done that.

 

[jb747]

If airlines all say what he claims is not possible, if the airline manufacturers say it's not possible, then one of two things... either it's not possible, or, airlines knew about this and didn't take steps to prevent it. If the latter... what would it take to get the issue considered seriously? This latest alleged incident seems to have done that.

I don't think the airlines are saying anything. The makers are, and I think they're in the best position to know.

As I've said previously, I think it BS, but he's been interfering with the aircraft, so he's a dill anyway (no matter what he did, or did not manage).

 

[MEL_Traveller]

I don't think the airlines are saying anything. The makers are, and I think they're in the best position to know.

It's a little hard to say exactly what Qantas means in their following quote:

On Sunday night, Qantas head of security Steve Jackson said the airline "complies with, and in many cases exceeds, all regulatory requirements and manufacturers' recommendations when it comes to the safety and security of our fleet".
"Like everything we do, safety and security are our top priorities. The Qantas Group has extremely stringent security measures in place which are continually reviewed as part of normal business practice – these are measures that are more than enough to mitigate any attempt at remote interference with aircraft systems," he said.

Do they mean... Qantas complies with all regulations... (which may be irrelevant if those regulations don't deal with this current 'issue'). Or are they saying technically it could be possible... but mitigation procedures are in place to prevent it happening to Qantas aircraft?

 

[jb747]

Or..."It's not even slightly possible, but people who have no idea what they are talking about, want a statement."

 

[harvyk]

I can't argue with any of that... but... Roberts says he has been doing this for a number of years, and has openly discussed his thoughts/findings going back as far as 2012. If that's the case (2012)... how is it possible he could still do what he did in 2015?

Welcome to the world of the Grey Hat. Discovering a flaw (even accidentally) and getting it taken seriously by those whom can fix it is often very difficult.

If airlines all say what he claims is not possible, if the airline manufacturers say it's not possible, then one of two things... either it's not possible, or, airlines knew about this and didn't take steps to prevent it. If the latter... what would it take to get the issue considered seriously? This latest alleged incident seems to have done that.

Of course publicly airlines / manufacturers are going to say that's not possible. It is not in their best interest to let the general public know about security threats (and rightly so).
I am however willing to bet that a white hat or two has been called in to test the theories, since anywhere that there is a link (even if programs are unable to obviously traverse that link) there is a risk no matter how small.