From: Eugen Leitl (eugen@leitl.org)
Date: Sun Aug 25 2002 - 02:23:34 MDT
On Sat, 24 Aug 2002, Mike Lorrey wrote:
> You cut out a lot of previous stuff, like the part where I specifically
> stated that the team had individuals with FAA A&P certifications, with
> at least one computer science major. Your assertion below that I
> claimed that unskilled and untrained individuals could pull this off is
> therefore unsupported and I want you to retract that.
Okay. If you've originally said you need a brilliant suicide team with
special-purpose hardware and lots of training (combat included) behind the
belt to splice into a plane on ground and fly it essentially purely by
instrument readings (have you got GPS reading on the buses, too? you
better should, orelse you need an antenna outside the hull) I obviously
misunderstood you.
Why are we having this discussion, then? Scenarios as above do not figure
into the threat model. The next time it's going to be something different,
anyway.
> No, not at all. Not just theoretically possible, either. Did it, done
> it, wore the t-shirt....
So you entered a passenger plane with a small team, dismantled the panels
(whether in flight or on ground), spliced into the copper and fiber
(versatile Mike) avionic buses with a very portable machine people let you
bring on board, cut off the cockpit and took off, using native guidance or
a GPS antenna you stuck through a hole bored in the hull and flew it
through a virtual target few 10 m wide, while the pilots, some of the
passengers (most of the passengers, in today's world), and anybody outside
actively tried to prevent it from happening?
Quite a T-shirt you've got there. I doubt there are many people on earth
which could wear it.
> Furthermore, not only do all flight control and instrument data needed
> to control an aircraft get wired from the cockpit to the flight data
> recorder in the tail, but there are pre-wired panels on most such
> aircraft that are generally used for troubleshooting interfaces,
> everything from multimeter probe panels to interface connectors to
> connect to hand held troubleshooting computers.
>
> No, it doesn't. I had thought that you had more practical knowledge of
> circuit splicing technology, but such can be done on the fly, and is
Yes, I know that you can't splice into a nonredundant optical bus (with
standard equipment) without taking it offline for a few minutes.
> done all the time. Phone circuitry, for example, is spliced into on the
> fly, without interrupting the signal, by law enforcement doing
> wiretaps, by hackers setting up hardwired circuit sniffers, etc. I've
> spliced into aircraft circuits on-the-fly myself while I was a smurf.
You know, given the current security atmosphere it should be easy for a
person with your background to demo something like that, and cause a
rather large splash. You should really team up with a security consultant,
there could be money in it.
> Why do you keep assuming that highly trained technicians would have
> some aversion to death? In the 9/11 attack, the most highly trained
Highly trained technicians need to be intelligent to be effective, and
intelligent people have a rather good model of their mortality, and are
typically more immune to memefection. As such you typically won't find
highly trained technicians on suicide missions, especially a whole team of
them.
But you already knew that.
> individuals, the pilots, were the ones who knew the most about the
> mission. Said pilots were highly educated, financially well off, from
You're comparing the skills of a civilian airline pilot (just to guide the
plane in flight, no take off and no landing) with the rather arcane skill
set of a team we described above? Mike, this is ridiculous, and you know
it.
> wealthy Saudi families, and pursued flight training for extended
> periods of time to attain proficiency they felt they needed.
>
> Furthermore, what makes you assume that you'll be shot down before
> reaching your target? First off, it is pathetically easy to avoid
They've spent several hours on the ground in a hijacked plane splicing
into the circuitry, then took off with pilots incommunicado, in a
post-9/11 world. I very much doubt they will even be allowed to take off.
A couple of vehicles blocking the runway is all it takes.
> civilian radar systems by dropping below 5,000 feet altitude and
> changing your transponder codes. They've ended round the clock
> interceptor flights over all major cities except DC itself. The closest
> fighters to New York, for example, are still at Otis AFB out on Cape
> Cod.
If you're in the air minutes away from your target with people barely
starting to wake up, yawning and stretching, they could make it.
> Additionally, what makes you think that any attack will be made of more
> than one aircraft? It seems as though you are making lots of
> unwarranted assumptions, as well as ignoring things I've already said
> and claiming I am saying something I'm not.
Because I'm planning a mission trying to succeed, and you're arguing one
or two irrelevant technical points, while ignoring the big picture. You
need to plan holistically in order to suceed, as anything else just
results in a botched mission.
> In the 747-400, perhaps, but not any of the older models.
Your vehicle is a big plane, with lots of of fuel, nearby a target, an
older make. This definitely narrows down the attack space.
> > This definitely asks for symmetrical encryption on avionics data
> > traffic.
>
> Sure, but who has the keys? This is a major problem of security. We
Just the end devices. You generate them in the factory, preferably, or
during maintenance. You can keep a database of them somewhere off-plane,
but this is not really necessary.
> have to assume that there are already sleeper moles on the inside of
> the industry who can get the terrorists security access. They had
> already established legitimate credentials for the 9/11 pilots. The
> perimeter is penetrated and the system itself cannot be trusted to
> provide trustable data.
Mike, if I were a terrorist right now I wouldn't touch anything
airplane-shaped with a ten-foot pole. Too many people are looking your
way. God knows there are far easier, plus unwatched targets in attack
space.
> > Will people who can do this sacrifice their lives?
>
> They did it on 9/11
About anybody can learn to fly a modern plane well enough to hit a
building-shaped target. I suspect ~90% of all list members here would have
hit the building, after sufficient training, and leaving out little
factors like willingness to embark on a suicide mission.
Now *all* your people will know it's a suicide mission, and you've got at
least two, if not three extremely skilled hacker types on the team.
> Well, yes, but that isn't a design that the FAA is going to approve,
> cause it then makes it very easy for a terrorist pilot to dump jet fuel
> like napalm on unsuspecting cities as they are flown over.
This would be difficult to ignite. But, I'm arguing for the
encryption/authentication solution. If they're already going for the
Ethernet as redundant mission critical avionics backbone in
next-generation vehicles there are drop-in hardware solutions available
off the shelf.
I'm not holding my breath to see it fielded, though.
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:24 MST