LOT airlines, Poland’s flagship carrier, was attacked by hackers on Sunday, June 21, grounding 10 flights and causing 12 others to be delayed at Warsaw’s Chopin Airport. About 1,400 passengers were affected.
The company posted to its Facebook page that the hack targeted computer systems used to issue flight plans:
“Today afternoon we encountered IT attack, that affected our ground operation systems. As a result we’re not able to create flight plans and outbound flights from Warsaw are not able to depart. We’d like to underline, that it has no influence on plane systems. Aircrafts, that are already airborne will continue their flights. Planes with flight plans already filed will return to Warsaw normally.”
The attack happened in the afternoon and took about five hours to fix, according to Reuters. No statements have yet been issued regarding the source of the attack.
While an inability to issue flight plans is certainly inconvenient for passengers, and costly to the airline, it’s not necessarily a safety risk. But the incident does validate growing concerns that such attacks could become more common.
As airports and airlines grow increasingly dependent on online computer systems, the entire industry grows increasingly vulnerability to hackers.
In January, the U.S. Government Accountability Office (GAO) warned that American air traffic control systems were vulnerable to cyberattacks.
The report said that although the Federal Aviation Administration (FAA) has taken some steps to protect its systems, “significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system.”
The GAO said specifically that the vulnerabilities are in areas designed to “prevent, limit, and detect unauthorized access to computer resources.”
Just a month after the report, the FAA was indeed hacked. Few details were forthcoming from the agency, but Nextgov, which specializes in government and technology, reported on April 6 that the FAA discovered “a known virus,” which spread through email on “its administrative computer system.”
If hackers were able to breach the FAA’s administrative networks, it’s conceivable they could get into other systems the FAA controls, like air traffic control—which could result in a highly dangerous situation.
This wasn’t the first time the FAA had been breached, several other incidents were outlined in an inspector general report sent to the FAA in May 2009.
In April, a counter-threat intelligence expert and founder of One World Labs, Chris Roberts, told the FBI he successfully hacked into flight computer systems from inside a plane 15–20 times and even managed to control a plane’s engine.
The FBI removed Roberts from a United Airlines flight after he tweeted about hacking the plane he was on. During questioning, the FBI learned about his prior experiments.
After Sunday’s incident in Warsaw, Roberts tweeted: “I’d say ‘told you so…’ But I’m going to just hang back and see what the final vector is/was…”
I’d say “told you so…” But I’m going to just hang back and see what the final vector is/was… https://t.co/x9cyYUvVQp
— Chris Roberts (@Sidragon1) June 22, 2015