The Montreal-based International Civil Aviation Organization (ICAO) for months concealed a hack of its computers and allowed malware to spread throughout the airline industry, Canada’s public broadcaster reported on Wednesday.
The UN agency in November 2016 been was the victim of the “most serious cyberattack in its history,” Radio-Canada said.
Internal documents obtained by the broadcaster suggested a flawed response to the attack — believed to have been launched by a Chinese hacker group — mired in delays, obstruction and negligence, and attempts by staff to hide their incompetence.
Lockheed Martin was the first to raise concerns, alerting the ICAO that its servers had been hijacked to spread malware to government and airline computers.
In an e-mail to the ICAO, the Lockheed Martin cyberintelligence analyst described the attack as “a significant threat to the aviation industry.”
It had the characteristics of a “watering hole attack” that targets visitors to a Web site, the analyst said.
The agency is responsible for setting international civil aviation standards, including for safety and security.
The ICAO information technology team reached out to a New York-based information-technology agency affiliated with the UN to analyze the attack, but then rejected its expertise — not bothering to respond to e-mails for several days or transmitting unusable data.
It would take two weeks before an analysis revealed that the intrusion was actually an even bigger problem.
E-mail server, domain administrator and system administrator accounts were affected, giving hackers access to the passwords of more than 2,000 ICAO users to read, send or delete e-mails.
Within 30 minutes of the attack, at least one member state’s Web site, Turkey, had been infected, but the ICAO tech head continued to downplay its seriousness.
An independent investigation in 2017 would conclude that the malicious software used in the attack had been identified by ICAO anti-virus software a year earlier, but that the computers had still not been disinfected.
The ICAO said that the Radio-Canada report contained “many erroneous interpretations and conclusions,” and the gravity of the malware found on its servers “has been greatly exaggerated.”
“We’re not aware of any serious cybersecurity ramifications for external partners which resulted from this incident,” it said.
“And as a standards-setting body, with no operational role or mandate in aviation, the inference that our data security could pose risks to the combined aviation and aerospace sectors, or the general public, is grossly inaccurate,” it said.
It has made “robust improvements to its cybersecurity posture and approaches to mitigate further incidents,” the agency said.
In Ottawa, Canadian Minister of Transport Marc Garneau called the revelations “worrying” and vowed to discuss them with ICAO Secretary-General Fang Liu (柳芳).
POLITICAL PRISONERS VS DEPORTEES: Venezuela’s prosecutor’s office slammed the call by El Salvador’s leader, accusing him of crimes against humanity Salvadoran President Nayib Bukele on Sunday proposed carrying out a prisoner swap with Venezuela, suggesting he would exchange Venezuelan deportees from the US his government has kept imprisoned for what he called “political prisoners” in Venezuela. In a post on X, directed at Venezuelan President Nicolas Maduro, Bukele listed off a number of family members of high-level opposition figures in Venezuela, journalists and activists detained during the South American government’s electoral crackdown last year. “The only reason they are imprisoned is for having opposed you and your electoral fraud,” he wrote to Maduro. “However, I want to propose a humanitarian agreement that
ECONOMIC WORRIES: The ruling PAP faces voters amid concerns that the city-state faces the possibility of a recession and job losses amid Washington’s tariffs Singapore yesterday finalized contestants for its general election on Saturday next week, with the ruling People’s Action Party (PAP) fielding 32 new candidates in the biggest refresh of the party that has ruled the city-state since independence in 1965. The move follows a pledge by Singaporean Prime Minister Lawrence Wong (黃循財), who took office last year and assumed the PAP leadership, to “bring in new blood, new ideas and new energy” to steer the country of 6 million people. His latest shake-up beats that of predecessors Lee Hsien Loong (李顯龍) and Goh Chok Tong (吳作棟), who replaced 24 and 11 politicians respectively
Young women standing idly around a park in Tokyo’s west suggest that a giant statue of Godzilla is not the only attraction for a record number of foreign tourists. Their faces lit by the cold glow of their phones, the women lining Okubo Park are evidence that sex tourism has developed as a dark flipside to the bustling Kabukicho nightlife district. Increasing numbers of foreign men are flocking to the area after seeing videos on social media. One of the women said that the area near Kabukicho, where Godzilla rumbles and belches smoke atop a cinema, has become a “real
‘WATER WARFARE’: A Pakistani official called India’s suspension of a 65-year-old treaty on the sharing of waters from the Indus River ‘a cowardly, illegal move’ Pakistan yesterday canceled visas for Indian nationals, closed its airspace for all Indian-owned or operated airlines, and suspended all trade with India, including to and from any third country. The retaliatory measures follow India’s decision to suspend visas for Pakistani nationals in the aftermath of a deadly attack by shooters in Kashmir that killed 26 people, mostly tourists. The rare attack on civilians shocked and outraged India and prompted calls for action against their country’s archenemy, Pakistan. New Delhi did not publicly produce evidence connecting the attack to its neighbor, but said it had “cross-border” links to Pakistan. Pakistan denied any connection to
RSS