BREAKING: TSA Loaned Air Traffic Control Towers to Russian Agents
Forget about Russian bounties on US troops, imagine a world where Russian moles could hijack plane cockpits with utter impunity. The Transportation Security Administration (TSA), the supposedly trustworthy guardians of American skies, has repeatedly failed to patch a colossal security vulnerability that would put even the most amateur-ish hackers into the cockpit, literally.
And the stunning part? They did all this under their own digital noses, carelessly coddling airline crew identities like prized playthings with no safeguards or checks at all. Once inside this digital fortress, a villainous entity – or three – could swiftly add (or steal?) crew ID cards and photoreal images for any airline tied to FlCASS. That could mean waving hello to Mr. Cockpit Security herself, courtesy of a rudimentary SQL injection exploit mastered by anyone above the meanest of beginner levels – think script-kiddied high school intern.
Yes, folks, this little gem, "discovered" by would-be black-hat superstars like Ian Carroll, and partnering Sam Curry (the masterminds!), allowed whomever dared to use this digital keys to: bypass even most basic controls, become virtually an accredited crew member with the flimsiest cover story
But what makes this jaw-dropping failure even madder is how the US government agency directly responsible went into denial when confronted? "Oh no, Mr. Carroll is just not telling you folks the facts!" No wonder; why spoil the excitement? If the KCM system won’t recognize authentic crew names, a TSA rep solemnly told me, these same agencies never did
And remember; it began with just an apostrophe in a user name the username of â€or’ & â€
What if another hacker duo, one working for Al-Qaeda or who knows exactly who else gets wind that this hole goes unremedied while we twiddle thumbs & the so-called TSA sleepwalk over it