寄件者: Susan Wilhite (MKT-US)
傳送日期: Tuesday, August 24, 2010 2:08:17 AM
副本: Jamz Yaneza (RD-US); Roger Knott (MKT-US)
主旨: RE: Newsbank - Did malware contribute to 2008 fatal Spanair Crash?
USB drives in the IT environment was a prominent finding in my recent Core Tech study. Blogged about it here.
Copying my response to a separate inquiry:
That interview was held with the understanding that details of this
Event are locked down under court investigation. As a result the
questions were how critical and private infrastructure could get
To this our response was the ff: examples (google for more info):
- NASA space station infection (happens often) via laptop USB
- US Army field infections via USB on laptops
- Automobiles via their USB port (discussed for years and at DefCon)
- Mobile infections from over the air and Bluetooth plus installations
- SCADA attacks from last month
Then we launched into what devices are available on planes:
- Video entertainment systems are running Linux or Microsoft
- Wifi networks are available on business flight decks
- Traffic control towers have a "private network" used to communicate
and guide remote guidance of plane flights.
- User devices can be taken on board (as long as you can explain them)
Using the above realities we mentioned that almost anything can
get infected, particularly if they have applications created for them
and if they are specifically targeted. Even Ti calculators have a
PoC piece of malware created for it.
And to link the above claim as well to another research for targeting,
Trend did one about a year ago in terms of “who” is the most usual
suspect and our findings show that a large percentage stems from
disgruntled or ex-employees (an inside job). A prior survey about
two years prior by ICSA Labs (and some others) showed that in their
responses the threat from the same set of unhappy people were what
kept security managers up at night.
On 8/22/10 1:00 AM, "Roger Knott (MKT-US)" <firstname.lastname@example.org> wrote:
Quote from Jamz included.
Is this a first?
Malware implicated in fatal Spanair plane crash
Computer monitoring system was infected with Trojan horse, authorities say
By Leslie Meredith
updated 8/20/2010 4:48:01 PM ET
Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.
An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais.
Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.
The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted — and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system.
The malware <http://www.technewsdaily.com/malware-computer-viruses-challenge-firewall-antivirus-protection-0918/> on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline's system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro.
Some of the most likely ways are through third party devices such as USB sticks, Yaneeza said, which were responsible for the International Space Station virus infection <http://www.space.com/news/080827-iss-computervirus.html> in 2008, or through a remote VPN connection that may not have the same protection as a computer within the enterprise network. Opening just one malicious file on a single computer is all it takes to infect an entire system <http://anti-virus-software-review.toptenreviews.com/lite/> .
"Any computer that is connected to a network is vulnerable to a malware infection <http://www.technewsdaily.com/10-things-you-must-know-about-malware-infections-0132/8> ," O. Sami Saydjari, president of Cyber Defense Agency, told TechNewsDaily. "Standards have not been set to protect critical infrastructure."
An incident like this could happen again, and most likely will, according to Saydjari.
A judge has ordered Spanair to provide all of the computer's logs from the days before and after the crash.The final report from crash investigators is not due to be presented until December.
Roger Knott | Senior Manager, Analyst Relations
10101 N. De Anza Blvd., Cupertino, CA 95014
Office: 408.863.6339 | Mobile: 415.999.4015