Like Hugo Teso before him
Airliners are not safe !!
It's too big to jail syndrome again......
People & Power - On a wing and a prayer
<https://www.youtube.com/channel/UCNye-wNBqNL5ZzHSJj3l8Bg>Al<https://www.youtube.com/channel/UCNye-wNBqNL5ZzHSJj3l8Bg>
Jazeera English
https://www.youtube.com/watch?v=IaWdEtANi-0
Researcher hacks aircraft controls with Android smartphone
http://www.theregister.co.uk/2013/04/11/hacking_aircraft_with_android_handset/
A presentation at the Hack In The Box security
summit in Amsterdam has demonstrated that it's
possible to take control of aircraft flight
systems and communications using an Android
smartphone and some specialized attack code.
Hugo Teso, a security researcher at N.Runs and a
commercial airline pilot, spent three years
developing the code, buying second-hand
commercial flight system software and hardware
online and finding vulnerabilities within it. His
presentation will cause a few sleepless nights
among those with an interest in aircraft security....................
"ACARS has no security at all. The airplane has
no means to know if the messages it receives are
valid or not," he said. "So they accept them and
you can use them to upload data to the airplane
that triggers these vulnerabilities. And then it's game over."
Feds Say That Banned Researcher Commandeered a Plane
http://www.911forum.org.uk/board/viewtopic.php?p=172218#172218
http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/
A security researcher kicked off a United
Airlines flight last month after tweeting about
security vulnerabilities in its system had
previously taken control of an airplane and
caused it to briefly fly sideways, according to
an application for a search warrant filed by an FBI agent.
Chris Roberts, a security researcher with One
World Labs, told the FBI agent during an
interview in February that he had hacked the
in-flight entertainment system, or IFE, on an
airplane and overwrote code on the plane’s Thrust
Management Computer while aboard the flight. He
was able to issue a climb command and make the
plane briefly change course, the document states.
“He stated that he thereby caused one of the
airplane engines to climb resulting in a lateral
or sideways movement of the plane during one of
these flights,” FBI Special Agent Mark Hurley
wrote in his warrant application (.pdf). “He also
stated that he used Vortex software after
comprising/exploiting or ‘hacking’ the airplane’s
networks. He used the software to monitor traffic from the cockpit system.”
Hurley filed the search warrant application last
month after Roberts was removed from a United
Airlines flight from Chicago to Syracuse, New
York, because he published a facetious tweet
suggesting he might hack into the plane’s
network. Upon landing in Syracuse, two FBI agents
and two local police officers escorted him from
the plane and interrogated him for several hours.
They also seized two laptop computers and several
hard drives and USB sticks. Although the agents
did not have a warrant when they seized the
devices, they told Roberts a warrant was pending.
A media outlet in Canada obtained the application
for the warrant today and published it online.
The information outlined in the warrant
application reveals a far more serious situation
than Roberts has previously disclosed.
Roberts had previously told WIRED that he caused
a plane to climb during a simulated test on a
virtual environment he and a colleague created,
but he insisted then that he had not interfered
with the operation of a plane while in flight.
He told WIRED that he did access in-flight
networks about 15 times during various flights
but had not done anything beyond explore the
networks and observe data traffic crossing them.
According to the FBI affidavit, however, when he
mentioned this to agents last February he told
them that he also had briefly commandeered a plane during one of those flights.
He told the FBI that the period in which he
accessed the in-flight networks more than a dozen
times occurred between 2011 and 2014. The
affidavit, however, does not indicate exactly
which flight he allegedly caused to turn to fly to the side.
He obtained physical access to the networks
through the Seat Electronic Box, or SEB. These
are installed two to a row, on each side of the
aisle under passenger seats, on certain planes.
After removing the cover to the SEB by “wiggling
and Squeezing the box,” Roberts told agents he
attached a Cat6 ethernet cable, with a modified
connector, to the box and to his laptop and then
used default IDs and passwords to gain access to
the inflight entertainment system. Once on that
network, he was able to gain access to other systems on the planes.
Reaction in the security community to the new
revelations in the affidavit have been harsh.
Although Roberts hasn’t been charged yet with any
crime, and there are questions about whether his
actions really did cause the plane to list to the
side or he simply thought they did, a number of
security researchers have expressed shock that he
attempted to tamper with a plane during a flight.
“I find it really hard to believe but if that is
the case he deserves going to jail,” wrote Jaime
Blasco, director of AlienVault Labs in a tweet.
Alex Stamos, chief information security officer
of Yahoo, wrote in a tweet, “You cannot promote
the (true) idea that security research benefits
humanity while defending research that endangered hundreds of innocents.”
You cannot promote the (true) idea that security
research benefits humanity while defending
research that endangered hundreds of innocents
— Alex Stamos (@alexstamos) May 16, 2015
Roberts, reached by phone after the FBI document
was made public, told WIRED that he had already
seen it last month but wasn’t expecting it to go public today.
“My biggest concern is obviously with the
multiple conversations that I had with the
authorities,” he said. “I’m obviously concerned
those were held behind closed doors and
apparently they’re no longer behind closed doors.”
Although he wouldn’t respond directly to
questions about whether he had hacked that
previous flight mentioned in the affidavit, he
said the paragraph in the FBI document discussing this is out of context.
“That paragraph that’s in there is one paragraph
out of a lot of discussions, so there is context
that is obviously missing which obviously I can’t
say anything about,” he said. “It would appear
from what I’ve seen that the federal guys took
one paragraph out of a lot of discussions and a
lot of meetings and notes and just chose that one
as opposed to plenty of others.”
History of Researching Planes
Roberts began investigating aviation security
about six years ago after he and a research
colleague got hold of publicly available flight
manuals and wiring diagrams for various planes.
The documents showed how inflight entertainment
systems on some planes were connected to the
passenger satellite phone network, which included
functions for operating some cabin control
systems. These systems were in turn connected to
the plane avionics systems. They built a test lab
using demo software obtained from infotainment
vendors and others in order to explore what they could to the networks.
In 2010, Roberts gave a presentation about
hacking planes and cars at the BSides security
conference in Las Vegas. Another presentation
followed two years later. He also spoke directly
to airplane manufacturers about the problems with
their systems. “We had conversations with two
main airplane builders as well as with two of the
top providers of infotainment systems and it
never went anywhere,” he told WIRED last month.
Last February, the FBI in Denver, where Roberts
is based, requested a meeting. They discussed his
research for an hour, and returned a couple weeks
later for a discussion that lasted several more
hours. They wanted to know what was possible and
what exactly he and his colleague had done.
Roberts disclosed that he and his colleague had
sniffed the data traffic on more than a dozen
flights after connecting their laptops to the infotainment networks.
“We researched further than that,” he told WIRED
last month. “We were within the fuel balancing
system and the thrust control system. We watched
the packets and data going across the network to see where it was going.”
Eventually, Roberts and his research partner
determined that it would take a convoluted set of
hacks to seriously subvert an avionics system,
but they believed it could be done. He insisted
to WIRED last month, however, that they did not
“mess around with that except on simulation
systems.” In simulations, for example, Roberts
said they were able to turn the engine controls
from cruise to climb, “which definitely had the
desired effect on the system—the plane sped up
and the nose of the airplane went up.”
Today he would not respond to questions about the
new allegations from the FBI that he also messed
with the systems during a real flight.
The Tweet Heard Round the World
Roberts never heard from the FBI again after that
February visit. His recent troubles began after
he sent out a Tweet on April 15 while aboard a
United Airlines flight from Denver to Chicago.
After news broke about a report from the
Government Accountability Office revealing that
passenger Wi-Fi networks on some Boeing and
Airbus planes could allow an attacker to gain
access to avionics systems and commandeer a
flight, Roberts published a Tweet that said,
“Find myself on a 737/800, lets see
Box-IFE-ICE-SATCOM,? Shall we start playing with
EICAS messages? ‘PASS OXYGEN ON’ Anyone?” He
punctuated the tweet with a smiley face.
Find myself on a 737/800, lets see
Box-IFE-ICE-SATCOM, ? Shall we start playing with
EICAS messages? "PASS OXYGEN ON" Anyone ?
— Chris Roberts (@Sidragon1) April 15, 2015
The tweet was meant as a sarcastic joke; a
reference to how he had tried for years to get
Boeing and Airbus to heed warnings about security
issues with their passenger communications
systems. His tweet about the Engine Indicator
Crew Alert System, or EICAS, was a reference to
research he’d done years ago on vulnerabilities
in inflight infotainment networks,
vulnerabilities that could allow an attacker to
access cabin controls and deploy a plane’s oxygen masks.
In response to his tweet, someone else tweeted to
him “…aaaaaand you’re in jail. :)”
Roberts responded with, “There IS a distinct
possibility that the course of action laid out
above would land me in an orange suite [sic] rather quickly :)”
When an employee with United Airlines’ Cyber
Security Intelligence Department became aware of
the tweet, he contacted the FBI and told agents
that Roberts would be on a second flight going
from Chicago to Syracuse. Although the particular
plane Roberts was on at the time the agents
seized him in New York was not equipped with an
inflight entertainment system like the kind he
had previously told the FBI he had hacked, the
plane he had flown earlier from Denver to Chicago did have the same system.
When an FBI agent later examined that
Denver-to-Chicago plane after it landed in
another city the same day, he found that the SEBs
under the seats where Roberts had been sitting
“showed signs of tampering,” according to the
affidavit. Roberts had been sitting in seat 3A
and the SEB under 2A, the seat in front of him, “was damaged.”
“The outer cover of the box was open
approximately 1/2 inch and one of the retaining
screws was not seated and was exposed,” FBI
Special Agent Hurley wrote in his affidavit.
During the interrogation in Syracuse, Roberts
told the agents that he had not compromised the
network on the United flight from Denver to
Chicago. He advised them, however, that he was
carrying thumb drives containing malware to
compromise networks—malware that he told them was
“nasty.” Also on his laptop were schematics for
the wiring systems of a number of airplane
models. All of this would be standard, however,
for a security researcher who conducts
penetration-testing and research for a living.
Nonetheless, based on all of the information that
agents had gleaned from their previous interview
with Roberts in February as well as the Tweets
he’d sent out that day and the apparent signs of
tampering on the United flight, the FBI believed
that Roberts “had the ability and the willingness
to use the equipment then with him to access or
attempt to access the IFE and possibly the flight
control systems on any aircraft equipped with an
IFE systems, and that it would endanger public
safety to allow him to leave the Syracuse airport
that evening with that equipment.”
When asked by WIRED if he ever connected his
laptop to the SEB on his flight from Denver to
Chicago, Roberts said, “Nope I did not. That I’m
happy to say and I’ll stand from the top of the
tallest tower and yell that one.”
He also questions the FBI’s assessment that the
boxes showed signs of tampering.
“Those boxes are underneath the seats. How many
people shove luggage and all sorts of things
under there?,” he said. “I’d be interested if
they looked at the boxes under all the other
seats and if they looked like they had been
tampered. How many of them are broken and cracked
or have scuff marks? How many of those do the
airlines replace because people shove things under there?”
Regardless of whether the authorities have a case
against him, however, there has already been some
fallout from the incident. Roberts told WIRED
that today investors on the board of directors of
One World Labs, a company he helped found,
decided to withdraw their investments in the
company. As a result, One World Labs had to lay
off about a dozen employees today, half of its staff.
Roberts said there were other factors
contributing to the board’s decision but his
legal situation “was probably the final straw.”
“The board has deemed it a risk. So that was one
factor in many that made their decision,” he
said. “Their decision was not to fund the organization any further.”
--
--
Please consider seriously the reason why these elite institutions are not discussed in the mainstream press despite the immense financial and political power they wield?
There are sick and evil occultists running the Western World. They are power mad lunatics like something from a kids cartoon with their fingers on the nuclear button! Armageddon is closer than you thought. Only God can save our souls from their clutches, at least that's my considered opinion - Tony
You received this message because you are subscribed to the Google Groups
"PEPIS" group. Please feel free to forward it to anyone who might be interested
particularly your political representatives, journalists and spiritual leaders/dudes.
To post to this group, send email to pepis@googlegroups.com
To unsubscribe from this group, send email to pepis-unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/pepis?hl=en
---
You received this message because you are subscribed to the Google Groups "PEPIS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to pepis+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.