Hackers Ground Polish LOT Airline Flights

The Polish national airline, LOT, announced on Sunday that they cancelled 10 flights as a result of the airline's ground computer systems at Warsaw's Okecie airport being subject to attack by hackers. The airline's ground computer systems are used to manage the flight plans for the airline. LOT stated that no ongoing flights or other airport computer systems were affected and that flights already in the air or scheduled to land at Warsaw were not at risk.

As a result of the attack LOT's ground computer systems were unavailable for 5 hours during which time 10 flights were cancelled impacting over 1,400 passengers who had planned to travel to Dusseldorf, Hamburg, Copenhagen, and some internal flights within Poland.

LOT spokesman Adrian Kubicki said "At no point was the safety of ongoing flights compromised, and flights destined for Warsaw were able to land safely. No other airports were affected" Mr Kubicki added "We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry".

News of this attack won't help to assuage an industry already concerned about computer security. In May of this year the FBI said a security researcher, Chris Roberts, hacked into the Inflight Entertainment Systems 15 to 20 times over a period of three years. In one case the FBI states that Mr Roberts claimed to have accessed the software controlling an engine on one of the flights causing the plane to move laterally. While the technicalities of the claims by Mr Roberts have been hotly debated by many security experts, the incident has increased the debate on the whole area of airline security.

Earlier this year American Airlines grounded dozens of its flights due to a software problem on the iPads issued by the airline to the pilots and co-pilots for viewing flight plans.  The introduction of the iPads was an initiative introduced by American Airlines to save over $1.2 million a year in fuel costs due to the reduction in weight by crew not having to carry paper based flight plans.

Like so many other business sectors around the world airlines are taking advantage of the benefits computer systems can bring in improving their processes, enhancing the customer experience, and reducing costs. Given the nature of their business the security of these computer systems, both in the air and on the ground, is of tantamount importance to airlines and their passengers.  The events of today in Poland and the other previous events have raised more questions than answers regarding airline security.

In a recent and welcome announcement United Airlines launched a bug bounty program to reward security researchers for finding security vulnerabilities in its website. While only focusing on the airline's websites and not on any of its critical systems, this is hopefully the start of an engagement by airlines with the security community in helping to make air travel more secure. After all to quote Voltaire "with great power, comes great responsibility".

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attacksespionagesecurityfbi

More about American AirlinesFBINewsRobertsUnited Airlines

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Honan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts