FAA Employees Describe Security Flaws

ByABC News
October 6, 2000, 2:42 PM

Oct. 16 -- Federal officials have criticized security at the Federal Aviation Administration, but former and current FAA systems administrators tell ABCNEWS.com the problem is even worse than has been admitted, and almost anyone with a little technical savvy could break into the system and shut down radar at major air hubs around the nation.

The administrators say that with an ordinary home computer, a few freely available programs and the right password, anyone could dial into a secure FAA maintenance system. Once inside, they would have access to the computers that are used to control airport radar systems.

Whats more, thousands of unsecured laptops used by FAA employees, some pre-programmed with important passwords, could provide the wrong people with shortcuts into the system if they were lost or stolen, the administrators said.

If this thing fell into the wrong hands, a terrorist could really do some damage, retired FAA administrator Norm Haase said.

A report from the congressional General Accounting Office, released Sept. 27, condemned the FAA for having lousy security and hinted at the potential for computer break-ins. The administrators gave clear details and explained how easy it really is to wreak havoc on FAA systems.

Security experts, including notorious reformed computer criminal Kevin Mitnick, agreed with the administrators assessment and said they could probably break into an air traffic Maintenance Control System in anywhere from five minutes to a week, given the security structure the administrators described.

An FAA spokeswoman said the agency couldnt talk about specifics, but that it was aware of the security flaws and was working to fix them.

Potential areas of vulnerability in the MCS have been identified, with the appropriate security countermeasures implemented, Tammy Jones said.

But the GAO report said the FAA has a poor track record on following its own security policies, saying the agency has made little progress swatting known, exploitable bugs and that two out of three systems tested for hack-ability a year ago have yet to be fixed.

ABC News Live

ABC News Live

24/7 coverage of breaking news and live events