FAA hacked by patriots

Hackers were able to penetrate a Federal Aviation Administration system earlier this week and download unpublished information on airport passenger screening activities, federal officials confirmed Thursday.

Styling themselves "The Deceptive Duo," the hackers on Wednesday publicly defaced an FAA server used by what was the administration's Civil Aviation Security organization, which until recently was responsible for supervising passenger screening at U.S. airports. There, the intruders posted a mission statement vowing to expose America's poor state of cyber security for the good of the nation.

"Tighten the security before a foreign attack forces you to," the Duo extolled. "At a time like this, we cannot risk the possibility of compromise by a foreign enemy."

At the bottom of the page, the defacers included a screen-shot showing a portion of a Microsoft Access database, with each row displaying the three-letter code for a different U.S. airport, the name of an FAA inspector, a screener I.D. number, the number of passengers the screener handled, and the number of guns, explosives or chemicals he or she intercepted.

An FAA spokesman described the file as a "screener activity" report for the year 2000, but insisted it wasn't particularly sensitive. "It was data that was used for a report that went to Congress, so it's essentially public information anyway," said spokesman Paul Takemoto.

In February, the FAA's airline security functions were taken over by the newly-created Transportation Security Administration.

Computer security weaknesses have dogged the FAA since 1998. Most recently, the agency was criticized in a September, 2000 GAO report for not performing background checks on IT contractors, failing to install intrusion detection systems, and not performing adequate risk assessments and penetration tests on agency systems.

Speaking at the RSA security conference in February, agency CIO Daniel Mehan said the FAA had made significant progress in boosting cyber security, but needed more funding from Congress to continue the effort.

The FAA said Thursday that they'd reported the Deceptive Duo's intrusion. "We've asked the FBI to prosecute if they catch the people," said Takemoto.

String of Intrusions

The agency is only one target of the Deceptive Duo's inaugural week of defacements. On Monday, the pair vandalized a U.S. Navy site and posted information lifted from a Midwest Express Airlines passenger reservation system, according to a report by InternetNews.com. The defacement mirror site alldas.org shows attacks on two NASA sites on Wednesday, and on Thursday the attackers struck a U.S. Department of Transportation site and several seemingly random corporate targets -- one of them in Israel.

Each defacement featured the hackers' patriotic "mission outline" -- in which they claim to be U.S. citizens determined to save the country from a "foreign threat" by exposing security holes -- and the group's logo: two handguns in front of an American flag.

Longtime defacement-tracker Brian Martin, a security engineer at CACI Network Security Group, suspects the Duo's message may owe as much to media-friendly theatrics as genuine fervor. "They're probably casually into it," says Martin. "But if they write it up well, they hype it up and sensationalize it, they get more attention."

But in an e-mail interview, the Deceptive Duo said their intrusions were a matter of national security.

"We are two individuals who risk our future and our lives to help the Nation in such a vulnerable time," the Duo wrote. "Somebody has to do it; if we don't, a terrorist might."

© 2002 SecurityFocus.com, all rights reserved.