40 comments

[ 4.8 ms ] story [ 87.6 ms ] thread
(comment deleted)
Hacked?
White House says no evidence of cyberattack https://www.washingtonpost.com/nation/2023/01/11/faa-notam-o...
Would they admit it publicly if it was true?
Would they risk a cover up? There must be quiet a few people working on this. And each one of them could blow the whistle. Also, what does the white house have to lose if it were a hack?
Ya I have a hard time believing something like this could be covered up in the case it was a hack. Way to many people are directly interacting with the issue across tons of agencies.

However our critical infrastructure needs to be secured in our country. This should be a major bipartisan issue too. Yet it seems like no one on either side of aisle is pushing for this. Just look at the recent attacks on power stations. If two people that want to rob some stores can take our power for thousands what can a foreign advisory hell bent on destroying the country do?

I'm not saying it was a hack, but I have a hard time when people, especially on HN, still believe the government / large groups of people can't do successful, massive cover-ups after Snowden's revelations.
I'm not saying it wasn't a hack, but I have a hard time when people, especially on HN, still believe the government / large groups of people can do successful, massive cover-ups after Snowden's revelations.
Yes. People have a hard time dealing with how little "revelations" change anything, even if they're true and not highly selective.
> I'm not saying it wasn't a hack, but I have a hard time when people, especially on HN, still believe the government / large groups of people can do successful, massive cover-ups after Snowden's revelations.

That's a fairly naive take. There are hundreds of thousands people (more?) working on classified programs to spy on citizens. The fact that leaks are so extremely rare that a Snowden is a once-in-a-generation type of event is plenty of evidence that very large groups of people do very successfully maintain massive cover-ups nearly 100% of the time.

> Just look at the recent attacks on power stations

Quite a lot of those have been linked to domestic extremism, and there's some distinctly partisan problems in even looking at that possibility.

Do you happen to have a source on that? The last one I found that was actually linked to domestic terrorism was Feb 2022. As far as I can find, the more recent ones have not been. In fact the police had to make a release saying the media made up the link and they had no evidence of it in the recent Georgia ones. In fact they have no idea the motive at all in those ones. The ones in Washington state were so a couple people could rob stores (they have made arrests already).

I assume you are implying the right is doing the attacks here? A quick googling for attacks on infrastructure seems to mainly return cyber stuff. However most of the results on non cyber attacks are for multiple fires and train tracks that were sabotaged in past couple years in Washington state. The people that have been arrested for these attacks are not right wing, in fact for the most part they are from the left.

Why would they not? What benefit would there be to keeping this quiet?
People could conclude that it is unsafe to fly if an FAA system has been hacked. Would disrupt the US economy, an end goal of many US adversaries.
As opposed to latent software bugs that ground the entire country?
Yes. One shows an ongoing vulnerability to foreign actors. The other is a blip that can be fixed with some overtime.
I think people will just see it as a "not my problem" problem. If the planes are grounded, nobody is flying. If they're not grounded, people will just assume it's "fixed" and go on with their lives.
Why would an attack have to be 'on going' but bugs in 50 year old software be a 'blip' ?
I guess in that case the question doesn't have value as it can't be answered?
My bet would be that if it was a hack, they’d jump on the chance to blame Russia and find more munitions to Ukraine.
Would they pass up an opportunity to blame something on a hack? Our country is a tad obsessed with foreign interference. If it was a hack, they would have said it so both sides could immediately start politicizing.
Looks like they are not ruling it out too.

“There’s been no direct evidence or indication of that, but we are also not going rule that out until we have a clear and better understanding of what’s taken place,” Buttigieg said in an interview with CNN.

This sort of thing is almost always a mundane failure of software or change control process.
NOTAM system looks like a regular messaging/broadcast system (except the scale is much smaller). When such a system goes down for hours it feels suspicious.
343 out of 587 scheduled flights from JFK currently delayed: https://www.jfkairport.com/flight-tracker?view=VIEW_DEPARTUR...
The halt has been lifted. Right now there is a stream of aircraft heading south over the Delmarva peninsula. The lead aircraft departed La Guardia at about 9:00 EST.

No doubt the delays will persist for some time, but at least the weather is mostly good today (except Northern California.)

Anyone know what language this system (NOTAM - https://www.faa.gov/about/initiatives/notam/what_is_a_notam) is written in and/or where the source code is?
Various searches yield a bunch of Java related terms.

One example is their reference implementation client:

https://github.com/faa-swim/fns-client

Not definitive since a reference implementation of a client doesn't mean the backend is similar, but...

Looks like you are right. Java and also a simple SFTP method

> NOTAM information is currently published via the NOTAM Distribution Service, using two different methods: FIL (FNS Initial Load) and Java Messaging Service - JMS. > FIL provides a snapshot of all NOTAMs at a point in time - data is provided via SFTP. > JMS provides updates to existing NOTAMs and new NOTAMs.

Source: https://www.topcoder.com/challenges/cf1f9fda-95d5-4469-83cb-...

(comment deleted)
[flagged]
Haha I heard about this at Narita Airport earlier today. The announcement was something like “Flights to the US are delayed because of a system error”.

I was thinking it was a problem at Narita!