TSA: Meh, security schmecurity!

Not only do we already know that while the TSA is busy sticking its hands down your pants, people are wandering up to the airport on jet skies, breaching airport security by climbing over fences, and hiding in airplane wheel wells, but now we find out that computer security may be compromised. 

For the technologically inclined out there, you might be interested to read this article titled, “Citadel Malware Used to Infiltrate Airport VPN.”

Okay, it didn’t sound good, but I still had to look up “VPN” (virtual private network for those of you who are barely technologically competent like me). Like so much in the digital age, unless you’re proficient at this stuff, it’s hard to know what’s truly safe and secure and anonymizing, and what isn’t.

Back to the article:

The Citadel Trojan is really starting to become kind of a pain in the neck. Not content to sit by and watch while its more well-known rivals Zeus and SpyEye get all the attention, the Citadel malware has begun showing up in some interesting places, with the latest example being the discovery of the Trojan being used to steal VPN credentials for internal users at a major airport.

The attack is a two-stage operation that is designed to defeat the strong authentication application that the airport had in place. Researchers at Trusteer discovered the attack and notified officials at the unnamed airport, who then disabled employee access through the VPN.

Airports are target-rich environments for attackers, thanks to their open wireless networks and the huge population of transient users who are all too eager to use them. Man-in-the-middle attacks on airports’ public networks are common, but this particular attack didn’t target the public network or users but instead went after the airport’s employees and their remote-access application. Getting access through any corporation’s VPN system is a huge win for an attacker, because once she comes in as an authenticated user, she enjoys all of the access ad privileges on the network that the victimized user does.

In this particular episode, the attackers used a couple of well-known techniques in order to circumvent the security measures the airport had in place and make off with the victims’ VPN credentials.

In other words, we’re talking employees here. The identities and passwords of employees.

But since the TSA is fixated on panty-explosives and booby-bombs — and treating us all as criminals — the agency will probably just ignore this pesky little security problem. After all, grabbing and groping and finding aha! a butter knife! happens in plain sight, so it “looks like” the TSA is “doing something.”

But real security and real intelligence don’t make a splash. And don’t warrant a Golly-Gee-Look-What-We-Found post by Blogger Bob. Real security and real intelligence happen behind the scenes, long before someone gets to an airport.

(Photo: Flickr Creative Commons/Kevin Marks)

  • Fisher1949

    This also means that they can hack the secure side of TSA’s network and get passenger information, internal documents and communications and any SSI that TSA maintains locally including scanner images being transmitted to the viewing booths.

    • Daisiemae

      But we all know that those images can not be saved by the scanners, right? After all, we have TSA’s word on that.

    • TSAisTerrorism

      And since TSA exempts itself from Privacy Act notifications, who’s to know how one’s information has been collected and used?

  • cjr001

    Cyberattacks are a legitimate concern, perhaps even more so right now than physical attacks. Worse, we’re seeing time and again that even your basic ‘script-kiddie’ can cause some real headaches (such as DDOS – distributed denial of service attacks). And these are kids who are doing it for fun, so it’s probably only a matter of time before somebody does something that’s truly harmful.

    Unfortunately, the government’s response has questionable here, too. Even when they present cybersecurity bills, they’re so loaded with stuff that’s designed to directly help out the likes of the MPAA and RIAA that you wonder what the real goal is.

    I’m not even sure TSA employs anybody that knows anything about computer security, as they barely employ anybody that knows anything about anything. This is really more of an area for the real intelligence outfits like the FBI and, I assume, the rest of DHS.

    (And the original Cybermen are so much better than the rebooted ones.)