Transportation Threats

We all have to get around somehow. Be it planes, trains, cars, or boats. The more systems that function online, the more that are susceptible to hacking. This week in class we discussed security operations and administration. Which covers how companies handle their employees and data. While looking around for cyber security news I saw some articles about planes and trains. So I decided to look more into what is happening to our transportation in our cloud-based world.

The first article I read talked about a 20 year old vulnerability was just reported that if taken advantage of can lead to derailing trains in Ohio. About two years ago there was the derailment of an Ohio train that spilled hazardous materials all over the city of East Palestine. That error was due to a failed wheel bearing, not hacking. But only with that derailment, we can get an idea of what a train derailment could mean. In the USA, we get a good amount of our products from delivery by train. If hackers knew what train they wanted to tip and where, they could cause another disaster. Unfortunately, the railroad's security team says it will take them until 2027 to fix the vulnerability. CISA’s acting executive assistant director for cybersecurity says the vulnerability would be too difficult to exploit which is why nothing was down with the knowledge of it for 20 years. Whether or not it was going to be exploited can be debated, but it concerns me as a passenger to know companies know their weaknesses but don't do anything about them.

Another article I read was about airlines. Less so how airplanes have been seeming to fall out of the sky lately, but more focused on the data airlines have. Airlines deal with millions of people every day, which means they have millions of people's data circulating on their servers. That is binary gold to hackers who need that data to then commit identity fraud. Some of the latest attacks were on Hawaiian Airlines and Quantas in just one week of each other. There's not much a passenger can do once their data is collected after flying with an airline. To protect yourself, make sure passwords are strong and not easy to guess. Also try to set up multiple factor authentication. However, once a company is breached, there's little you can do.

The last article I have added is a bit more of a technical read about Ransomware-as-a-Service (RaaS). It shows how hackers are evolving with the times and using AI to hack better.

While these two articles serve more as a cautionary tale than a call to action, it's still worth noting that the more companies using cloud services and depending on the Internet as their structure for communication, the more vulnerable everyone is. Companies need to be held accountable for ignoring vulnerabilities until it's too late. 

Articles Read

• Major railroad-signaling vulnerability could lead to train disruptions  
• Cybersecurity experts warn of increasingly 'treacherous' landscape as major brands fall victim to attacks
• Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

- Nicole Golden 

Morris Worm

The Internet is a scary place sometimes. Just as on the streets in real life, there are bad actors in play putting out ransomware and Trojan horses to infect the every-man. Viruses are sent out to get after data. It's a pretty profitable job when it's done right. In the beginnings of the Internet, it was pretty easy to mess up systems. This was the case of the Morris Worm in 1988. 

A computer worm is a self-duplicating program that infects computers one by one. Back in 1988, computers trusted each other since there were fewer than 100,000 connected computer. This meant lack of passwords or weak passwords and a general trust in files received. 

Robert Morris created the worm at the Massachusetts Institute of Technology (MIT) network. There is discourse about whether Morris intended to teach the community about security or he did it just because he wanted to. Morris was a student at Cornell University. The worm unfortunately caused damage due to its protocol requiring it infect even if the computer says it's already infected seven times. This led to computers having more than one copy of the worm in the system. According to Wikipedia, the exact vulnerabilities it exploited were "A hole in the debug mode of the Unix sendmail program, a buffer overflow or overrun hole in the finger network service, and the transitive trust enabled by people setting up network logins with no password requirements via remote execution (rexec) with Remote Shell (rsh), termed rexec/rsh."

About 60,000 computers were infected with the Morris worm. While it didn't ruin anything in the computer system, it slowed computers to a near halt. Some of the computers were federal use, which meant military emails went by slower. This had some very serious ramifications for the creator. He was charged with violating Computer Fraud and Abuse Act, the first person ever charged with that act. Morris is still active in the coding community after serving his sentence of three years' probation, 400 hours of community service, and a fine of $10,050 plus the costs of his supervision.

We've learned a lot about computer security and networks since the Morris Worm days. If it was deployed today, it wouldn't even work since rsh is no longer used. Not to mention, passwords are different now and more advanced. But the impact the Morris Worm had on hackers today is clear. Computer viruses were inspired by the idea the worm exploits. It's important to learn and grow from mistakes made in the past. It shows that often the worst hackers are the ones we already know.

Articles Read:

• What Is the Morris Worm? History and Modern Impact
• Morris worm
• The Morris Worm

 - Nicole Golden