Industrial espionage and increasing sophistication of next-generation malware makes airlines and airports a valuable target

Sydney, 31 March 2011 – Pure Hacking, the Australian experts in helping organisations protect their information assets, this week highlighted the globalisation of the Australian Aviation sector posed significant threats for system security. Developments in Information Warfare have dramatically increased the threat of the next generation of malware and industrial espionage performed by rogue employees within airlines and airports.

According to Ty Miller, Chief Technology Officer, the penetration of computer networks from both external and internal rogue employees is in line with global trends. “There is no doubt that targeted hacking attacks are on the rise, however sophisticated conspiracies to steal data and takeover networks from either nation state, terrorist or individual are occurring more rapidly across the board in every industry. The issue with the Aviation sector is that it implicitly relies on systems that require a highly secure, safe environment.”

Miller continued to explain the depth of compromise found when recently performing a scheduled penetration test against an airline network in the aviation industry. “With literally thousands of machines or devices accessible, I only needed to hack one to begin escalating my privileges that resulted in complete compromise the airline’s environment. This included capturing credit cards, documents, plans, communications and databases.”

The Pure Hacking presentation at this year’s Asia-Pacific AVSEC 2011 conference discussed the role that information warfare played with aviation security.

Miller continued, “The next generation of cyber threats may directly affect aviation equipment, not simply stealing credit cards and denying travellers access to online booking sites. For the future, cyber-threats will be more diversified and take the form of multi-stage and multi-dimensional attacks that utilise and target a variety of attack tools and technologies. For example, the latest generation of web worms uses a variety of different 0-day exploits, propagation methods, and payloads to inflict physical damage.”

Miller also outlined the sources behind cyber threats were no longer restricted to sensationalist movie plots, instead every day business scenarios were experiencing attacks from foreign country individuals or government, terrorists and corporate competitors.

“The world has already experienced major aviation manufacturers losing data to foreign countries in a corporate espionage attack. And last year a nuclear program in the Middle East was compromised without any direct internet connection required. The stereotypical Die Hard 2 airport attack where aircraft controls can be taken over is no longer just a movie script. It’s an actual reality,” he concluded.