back to article Brit airport pulls flight info system offline after attack by 'online crims'

Bristol Airport deliberately yanked its flight screens offline for two days over the weekend in response to a cyberattack. Techies took down computer-based flight information systems at the airport in provincial England between Friday morning and the wee hours of Sunday morning. The electronic screens were replaced by …

  1. Anonymous Coward
    Anonymous Coward

    The weakest link....

    in any IT solution is not the software, security, etc, etc, but the user. Would I be wrong to suggest some f***wit clicked a link on an email and chaos subsequently ensued?

    1. Saruman the White

      Re: The weakest link....

      It is definitely possible, and in my experience there are too many people who click on links automatically and regret them immediately afterwards.

      Saying that however, the real question is why their flight info system could be accessed from the internet, whether directly or indirectly (e.g. via an internal router). Yes it is really convenient to get your updates as they occur, but what you really should do is download your updates to a DVB, check them via an antivirus footbath, and then load them on to your systems manually. Means more work for the techies, but ultimately secures your systems against 99.99% of attacks, and helps to neuter the ones you cannot secure against.

      This may sound paranoid, but it isn't really. Remember, they really are out to get you.

      1. }{amis}{ Silver badge
        FAIL

        Re: The weakest link....

        It is definitely possible, and in my experience there are too many people who click on links automatically and regret them immediately afterwards.

        We had one very memorable incident like that that once the dust had settled the idiot involved was asked why he clicked the link on what was a very obvious fishing email.

        he had been briefed to avoid stuff like this in an infosec for users course only a couple of weeks ago.

        His answer he thought it was a fishing link but wanted to make sure before he wasted IT's time....... DOH!

        1. Anonymous Coward
          Anonymous Coward

          Re: The weakest link....

          We had one like that a the company I worked for last year ... someone copied to all employees a phising email they'd recevied complete with the phising attachement and a comment that they'd "carefully" opened the attachement so that the security software could confirm that it contained malware and that anyone else receiving this email should delete it immediately. The resulted in a rather amusing email to everyone from IT dept explaining the idiocy of

          1) opening something assumed to be malware just to check that it was

          2) sending the same malware to everyone else with comment "if you get this don't open it"

          and finally

          3) not following company policy of contacting IT immediately if any such email was ever received

    2. Dr Who

      Re: The weakest link....

      I'd venture a guess that in this case the displays were attached to Windows XP machines, which have been the weakest link in a majority of the recent spate of ransomware attacks. That would also explain why they could only recover the displays incrementally instead of all at once. Rebuild the PCs driving your most important displays first.

      1. Lee D Silver badge

        Re: The weakest link....

        We really, desperately need to stop making systems where a browser-click compromises the system.

        For a start, if all this stuff does is show flight info, why the hell is there even a browser installed?

        Until we relearn least-privilege principles, where people don't get any button they don't need and programs don't get any access they don't absolutely require, we might as well just hand the hackers an open pass now.

  2. Korev Silver badge
    Thumb Up

    Rather than paying crooks to restore data, the airline rebuilt affected systems before service was restored.

    Well done Bristol Airport, starving the ransomers of cash might be the only way to make them go away*

    *I'm assuming there will always be OS / application bugs to exploit

  3. walatam

    Congrats

    Congrats to the IT and Business Recovery Team at Bristol Airport. They may not get a big pat on the back for pulling the plug but It's a lovely feeling when your recovery plans work :)

  4. Fred Dibnah

    Good for them

    So it is possible to have an IT outage in an airport without generating hordes of angry passengers who have been kept in the dark about what's happening to their flights.

    1. Cynic_999 Silver badge

      Re: Good for them

      "

      So it is possible to have an IT outage in an airport without generating hordes of angry passengers who have been kept in the dark about what's happening to their flights.

      "

      I can assure you that both passengers were in fact pretty angry.

  5. spold Bronze badge

    Oooo errr missus?

    Bristol's compromised?

    I got momentarily excited, vicar.

    1. Korev Silver badge
      Joke

      Re: Oooo errr missus?

      Did you get all hot under the dog collar?

  6. MT Field

    Bristol - possibly the world's most amateur international airport.

    1. Ian Emery Silver badge

      Just because economy class passengers are required to help shoo the cows off the runway before take-off does NOT make them amateurs.

      It IS scary to watch a plane coming in and VANISH, due to the curvature of the runway over the brow of the hill.

      1. Jonathan Richards 1
        Go

        Scary slopes on a runway

        > It IS scary to watch a plane coming in and VANISH, due to the curvature of the runway over the brow of the hill.

        Try St Marys Scilly (EGHE) in a light plane ('cos at 600m for the longest runway you aren't going to land a big jet). You have to reach take-off speed while hurtling downhill towards a rocky seashore. It's, umm, stimulating.

  7. neveramazed

    Whitescreens again ? All these major and medium size airports (16 and Counting) have portable emergency wheeled 37" screens in security they could have used. (Bristol has only One) I laughed when I saw the pictures from Gatwick last month and it's happened again. Needless to say, I still have the master image secure just in case they manage to mangle the software.

  8. Winkypop Silver badge
    Happy

    Landing at Bristol as a foreigner

    Passports?

    Nah mate, you're OK...

    1. phuzz Silver badge
      Thumb Up

      Re: Landing at Bristol as a foreigner

      As long as you remembered to say "cheers drive!" to the pilot as you got off the plane.

  9. Badbob

    I am amazed

    Turns out that my old local airport isn’t the incompetent greed fest I always thought it was. In fact they are a perfectly competent greed fest. Chapeau to the IT dept for just pulling the plug and rebuilding the system. One would imagine that any potential hit from resultant delays was calculated to be less than the ransom, and that it was a simple case of purifying the servers, pulling out an old clean backup, plugging the hole (probably the time consuming part) and rebooting.

    Given that Brizzle Airport is basically just one big departure lounge, it probably wasn’t too hard to make sure that the information was readily available to customers. In fact, one whiteboard by Starbucks would be visible to most of the passengers in said lounge. It’s not like it’s an old BAA rabbit warren like Gatwick or Glasgow.

  10. Anonymous Coward
    Anonymous Coward

    Click here!

    Where I work at the moment the staff are constantly bombarded with emails telling them to click on a link to go to request / incident / change / problem tickets on a SAAS based ITIL system. It’s a pishing attack waiting to happen.

  11. imanidiot Silver badge

    Time for the Reg "Business as usual" Awards?

    Since all we get is cockups in the news normally, I feel it's about time some recognition comes to an IT team that manages to get it right.

  12. Robert Carnegie Silver badge

    Although

    If flight times were disrupted during this incident, how would we know it? Not to doubt them, but no data means no data.

  13. Bill Buchan

    Oddly enough...

    I was travelling through there on Thursday and tweeted a dodgy looking screen to BrizzolAirport.

    https://mobile.twitter.com/marykirkcom/status/1040289902334812160

    The airport isn't that bad. Its the SINGLE TRACK road you have to use to get to it (avoiding the hellish car park that is Bristol).

    ---* Bill

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019