Given that there would appear to be a pattern emerging, with recent Airline hacks, I'd be more worried about all the airlines that never realise, or never reveal the fact.
Fresh from belatedly admitting that 9.4 million passengers’ personal data was stolen by hackers, Hong Kong airline Cathay Pacific has now admitted that it was under attack for three solid months before it took half a year to tell anyone. Cathay Pacific jet airplane at Hong Kong International airport Cathay Pacific hack: …
I would hazard a guess that most of the world major companies which hold large quantities of user information are in approxiamtely the same position.. Insurance, Banking, Travel, Governments etc :
The lucky ones have excellent IT teams and hardware and appropriate budgets and can defend themselves to a certain point.. The unlucky ones suffer a lot and then suffer even more when the media/users learn about the facts..
What we never know is who the hackers are or who is behind them .. At this scale it's probably not really script kiddy stuff, serious budgets are being spent by some nasty people in order to create disruption or worse...
I would be less surprised that attackers are not tip tier. The airlines, just like the banks, insurance companies, utilities and what not all are running 40+ year old hardware underneath the tangle of glittery modern add-ons.
The likelihood that these rats nests of 4 decades' of IT upgrades is secure is zero.
Nope, the hardware is new.
The software, that's different, it's old in some cases. Very old.
Perhaps that you can't use the correct term identifies your experience and capabilities in this matter.
But, the old software is also not designed to be accessed in bulk, so the changes of old software being used to access is close to zero. The newer software? That stores bulk copies of DBs in SQL-readable format? So once you're in, you have access to everything?
Yeah, keep kidding yourself it's legacy software that's the issue and nothing to do with modern systems, modern architectures, open system, open protocol, open access.
Not entirely true for airlines.
Whilst all older companies have legacy stuff, the airlines sector have invested heavily to create a common community cloud platform where a lot is being handled these days.
This platform is called Amadeus and is Spanish based.
I know this holds true for CX as well.
I agree, this isn't specifically an airlines issue as such.
Although there is one contributing factor that does hit the airlines sector more than other sectors named:
with the ever dropping prices of tickets, due to LCC's (low cost carriers), the overhead and therefore the budget available to do proper IT, information security and privacy protection goes down with that as well.
This is seen worldwide and not only in the EU and US markets.
Budget as such isn't the only issue, management buy-in as well as a proper security culture are even more important.
Credit card details seem to not actually be the end game for criminals any more - they're after user data. IDs, identifiers, passwords & other details.
We have spent the last three decades handing out this information willy-nilly to anyone who asked, and now we are reaping the results of personal information databases created without preparation or a thought for security. Oh sure, they were carefully thought through for business purposes, but not from a security standpoint.
It is obvious that companies are now going to have to implement the needed security as a bolt-on, after-the-fact measure and I doubt that we'll stop hearing of these hacks any time soon - unless the required budget grows a certain factor of times bigger.
Even then, doing it fast doesn't mean doing it right.
Unfortunately, the "We" represents the majority of the unwashed masses that use the Internet.
Its a sad state of affairs but due to the power of Google, FB et al, that mess is not going away anytime soon unless governments start to completely shut down companies that don't comply with privacy rules (that don't actually exist).....
>Those systems that are being attacked ... and those whose sysadmins haven't noticed yet.
Absolutely this. We added intrusion detection to our systems around 20 years ago. During the first month of operation we identified an average of 3 new attacks starting every single minute. It's only gotten worse. Fortunately we've been on top of everything during all this time so we haven't ( knock on wood ) lost any customer data. However it was a real wake up call.
If you don't think you are under attack then you aren't paying attention.
Yep, completely in agreement with that.
One might consider the Internet's inability to reliably identify the origin of traffic as being a big problem. There is literally nothing to stop someone getting plugged in a pinging away with nastygrams with no ability for anyone else to find out who they really are (saving long, complex and often ultimately fruitless legal investigations forcing ISPs to open up who was paying for the connection at the source end, and then finding that the machine is a botnet victim anyway). There are literally zero consequences for sending a nastyogram, except in the most exceptional circumstances.
I don't see a real solution either. Perhaps one might engineer up some kind of secure network where all traffic is traceable back to someone's personal certificate, and it won't let you connect without that being input somehow in a reliably secure un-copyable way, and there's a global registry of certificates so that nastyograms can be attributed to a specific person. I don't know what that network is, (it's certainly not the Internet s we know it), and nor can I imagine anyone anywhere being content with the idea of a single CA for all people on the planet.
Nations owning their own Internet is probably the only way to suppress problem. That's effectively what China is doing, presumably controlling and witnessing every single network connection within their country. Ok, they're doing it primarily for bad reasons, but one has to admit that if anyone can track, block and prosecute originators of nastyograms within their border, they probably can. China also happens to be big enough to build all the services and IT it wants entirely within its own border, not needing anyone else to provide anything, which helps a lot. They just take the Android open source code, imbue it with a suitable Chinese services layer, stand up their service providers, job done. Barely a need for a foreign network connection at all.
The question really is will every other country on earth be driven into taking similar measures at a national, or trading block, level? Maybe. And selling the idea to populations used to voting for their governments is going to be quite hard work... I don't like the idea either, but all the rubbish on the Internet is driving us towards needing that, not away.
The alternative, that all software everywhere becomes free of flaws and is perfectly configured, and all phishing attacks get rejected by miraculously sceptical users, and that all USB ports get blocked up, seems less likely.
@AC- "but one has to admit that if anyone can track, block and prosecute originators of nastyograms within their border, they probably can"
They aren't suceeding in eliminating 'nastyograms', so either they aren't trying, or complete traceabilty is not the solution.
I doubt whether complete traceability is a solution... as you said, you just find a botnet victim. Tracing the next layer requires exponential resources, against an attacker who will always be erasing the evidence. You spend ever more resources chasing an elusive goal. Time to look for a different approach.
Biting the hand that feeds IT © 1998–2019