Air Cyber Power and ADS-B Vulnerabilities

Dynamic Radar Map from Flightradar24.com

Exploring Potential ADS-B Vulnerabilities in The FAA NEXTGEN Air Transportation System
The Fog of a “Cyber” War

“It is late fall 2025; Al Qaeda sleeper cells target the disruption of airline traffic into multiple East coast airports during the busy travel season from Thanksgiving through Christmas.
ADS-B IN/OUT has been fully implemented by the FAA; all commercial airlines have invested heavily to comply with the mandate. Oil prices are at an all time high and flights are carrying minimal fuel loads to save money and offset the cost of avionics.

The goal: force multiple airplanes to divert; pilots, FAA controllers and passengers to lose faith in the system; and possibly cause enough chaos to the NAS system that a few lives are lost.

The plan: exploit the U.S. dependency on ADS-B IN/OUT and GPS for arrivals into busy airports, especially during low visibility conditions.

The teams: five two man teams have been put into play for the mission. They are provided with all the commercially available technology they will need, along with a few modified laptop computers, antennas and transmitters.

The targets: Regan National, Dulles, La Guardia, JFK and Philadelphia International airports. The terrorists have been tasked to park minivans with computers containing modified software that are coupled to ADS-B OUT transmitters. The software is designed to be remotely activated and controlled over an Internet connection. Each computer is programmed specifically for the targeted airport, and transmits 978MHz and 1090MHz signals out a boosted transmitter.

As a result, airlines on final approach will receive false targets on their displays. The terrorists ghost target injects also propagate to the FAA controller’s screens. The terrorists intended these spoofed targets, programmed at conflicting arrival and departure corridors as well as in runway incursion situations, to cause multiple airports to become temporarily unusable. The resulting domino effect causes aircraft diversions and delays that will lead to chaos.”

DONALD L. McCALLIE
Major, USAF
Degree of Master of Cyber Warfare
Air Force Institute of Technology
Wright-Patterson Air Force Base, Ohio, USA

Download Exploring Potential ADS-B Vulnerabilities in The FAA's Nextgen Air Transportation System

Cyber Analogies: Historical Parallels to Cyber Warfare, Cyber and Computer Security, Cyber Pearl Harbor Surprise Attack, Nuclear Scenarios, Internet and Web Attacks, Vulnerabilities

Amazon Price: N/A (as of October 19, 2017 06:30 – Details). Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on the Amazon site at the time of purchase will apply to the purchase of this product.

This anthology of cyber analogies will resonate with readers whose duties call for them to set strategies to protect the virtual domain and determine the policies that govern it. Our belief it that learning is most effective when concepts under consideration can be aligned with already-existing understanding or knowledge. Cyber issues are inherently tough to explain in layman's terms. The future is always open and undetermined, and the numbers of actors and the complexity of their relations are too great to give definitive guidance about future developments. In this report, historical analogies, carefully developed and properly applied, help indicate a direction for action by reducing complexity and making the future at least cognately manageable.

The Cyber Analogies Project was launched in 2012 to assist U.S. Cyber Command in identifying and developing relevant historical, economic, and other useful metaphors that could be used to enrich the discourse about cyber strategy, doctrine, and policy. The intent of the project is to provide useful insights, both for those with little technical background in or direct connection to cyberwar and cyber security and for those whose job it is to think about the spectrum of cyber-related issues every day. The project was conceived and carried out to help very senior, busy, responsible people understand topics and issues that are fast-moving and dynamic, and have potentially great consequences for society, security, and world affairs.
Continue reading “Cyber Analogies: Historical Parallels to Cyber Warfare, Cyber and Computer Security, Cyber Pearl Harbor Surprise Attack, Nuclear Scenarios, Internet and Web Attacks, Vulnerabilities”

Cyber War: The Next Threat to National Security and What to Do about It

Cyber War: The Next Threat to National Security and What to Do about It“The Forgotten Homeland” gathers some of the leading homeland security experts to analyze the United States' most significant vulnerabilities and to propose strategies to reduce them. The report addresses terrorist as well as non-terrorist threats, and offers ideas for strengthening all aspects of emergency response – including the ability to respond to natural disasters such as Hurricane Katrina.

 

 

 

 

 

Price:

Click here to buy from Amazon

Penetration Tester’s Open Source Toolkit, Vol. 2

Penetration Tester's Open Source Toolkit, Vol. 2Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

. Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
. Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
. Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
. Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
. Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
. Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
. Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
. Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
. Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab.

Price: $59.95

Click here to buy from Amazon

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It [Paperback]If you’re an app developer with a solid foundation in Objective-C, this book is an absolute must—chances are very high that your company’s iOS applications are vulnerable to attack. That’s because malicious attackers now use an arsenal of tools to reverse-engineer, trace, and manipulate applications in ways that most programmers aren’t aware of.

This guide illustrates several types of iOS attacks, as well as the tools and techniques that hackers use. You’ll learn best practices to help protect your applications, and discover how important it is to understand and strategize like your adversary.

  • Examine subtle vulnerabilities in real-world applications—and avoid the same problems in your apps
  • Learn how attackers infect apps with malware through code injection
  • Discover how attackers defeat iOS keychain and data-protection encryption
  • Use a debugger and custom code injection to manipulate the runtime Objective-C environment
  • Prevent attackers from hijacking SSL sessions and stealing traffic
  • Securely delete files and design your apps to prevent forensic data leakage
  • Avoid debugging abuse, validate the integrity of run-time classes, and make your code harder to trace

Price:

Click here to buy from Amazon