There are many hair-raising technological moments in television, especially when the words “hacking” and “cyber” are introduced into the plot. But of all the broadcast and cable networks, CBS is the biggest purveyor of techno idiocy, proving time and time again that none of the producers behind its stable of pseudo-procedural dramas have a clue as to how anything on that crazy thing called the Internet works. . NCIS set the benchmark with its two-people-on-one-keyboard-to-hack-a-hacker scene, but then the network doubled down and launched CSI:Cyberwho returned last night.
The future of cyber currently in doubt. CBS has pulled its timeslot to make room for a mid-season replacement, so there may only be a few more chances for the latter CSI franchise to cyber-scare network viewers with plots loosely based on something producers read about on Yahoo Answers. Okay, to be fair, cyberThe writers of s are at least occasionally inspired by factual vulnerabilities taken from the headlines. It’s just often that these headlines are several years old.
So far, the show has given hat tips to actual security researchers. An episode late last year featured a “jackpotting” hack of ATMs at “Barnaby Bank,” named after a security researcher who exposed that vulnerability: Barnaby Jack. Jack would then serve as director of embedded device security research at IOActive until his death in 2013. But the road to entertainment hell is paved with good intentions.
With the realization we may only have a few more months around Orbital HQ water coolers CSI: Cyber, we decided it would be a good idea if I formally checked in to the show. We considered doing this live, but from the moment last night’s episode started it was clear that there would be no way to keep up with the technology errors in real time – almost everything was wrong (and that’s not even counting the hoverboard product placement and the tossed Emmitt Smith cameo). Honestly, things just got worse and worse as the show rolled to its roar of a conclusion.
Sunday’s episode, titled “404:Flight Not Found,” begins with a plane over North Carolina losing contact with the FAA’s control center in Washington during inclement weather. Suddenly the control center now looks like there are at least 50 different flights going in different directions before disappearing completely. Of course someone violated the flight plan system and filed an “unsigned” flight plan on the plane. This action pushed the original flight in question over the sea as it flew from Tampa to Providence.
All of this is the work of a cyber-hired killer, who we learn is:
- Hacked the aircraft’s controls through the aircraft’s in-flight entertainment system.
- Onboard an electronic jamming device that blocks all aircraft communications except the in-flight entertainment system.
- Have someone deploy a weather balloon with a software-defined radio that falsifies the aircraft’s transponder signals over and over and sends false GPS data back to the FAA’s network.
Every plane in the sky is vulnerable
Moments after the plane is cloned 50 times and then disappears, FBI Cyber Division Chief Avery Ryan (Patricia Arquette) and her completely old-school non-cyber FBI Agent sidekick Elijah Mundo (James van der Beek) are in the center of the FAA in Washington. . There’s been a break-in! “Someone assigned Flight 272 an unauthenticated flight plan right before takeoff,” random FAA supervisor #1 tells Ryan. “The pilot couldn’t have known.”
Ryan replies that the hacker “might have a back door to the NAS (National Airspace System)” and “any plane in the sky could be vulnerable.” The reference is to the FAA’s NextGen air traffic control system, which sends diversion information to aircraft in the sky to help them avoid inclement weather.
The thing is, a flight plan uploaded just before takeoff wouldn’t come from the FAA’s system. This system sends course adjustments to aircraft already in the air. Pre-flight plans are loaded by the airlines. In recent history, there have been at least two instances of bad flight plans being pushed onto planes by airline network hacks. These real-life hacks resulted in massive flight cancellations – pilots flying 300 miles off course and in a holding pattern over open ocean for the length of a CSI episode.
(We’re also ignoring the obvious aviation issues of the story. It’s a two hour and forty minute flight from Tampa to Providence, and the plane is 737 size, but hey, it sure carries enough fuel to suspend disbelief and it plane in the air for what seems like an eternity, right?)
Meanwhile, former black hat hacker turned FBI asset Brody Nelson (played by “Lil Bow Wow” Shad Moss) challenges former Cowboys running back Emmitt Smith for a race while on a “self-balancing scooter”. Nelson and fellow hacker/resident prodigy Daniel Krumitz (Charlie Koontz) end their strange interlude with the NFL legend when they are summoned by Mundo to the FAA’s flight center to help find out where the plane went.
“It’s a cyber hijack!”
“It’s like Malaysia Air all over again!” exclaims Nelson as he looks at the FAA’s computers in what CBS thinks an FAA data center would look like. Wunderkind neckbeard Krumitz explains that the problem is not in the network – something has spoofed the plane’s GPS signals. As such, all phantom planes were reported by “a single GPS device,” he explains. He taps a few keys to triangulate the last location of the GPS device’s signal and gets a location on the ground in North Carolina. “That height is low—too low.”
Of course there is no plane there. Krumitz and FBI Agent Dude Mundo are now stumbling in the dark through a meadow somewhere near Wilmington, North Carolina, where they find a huge mylar balloon wrapped around a tree. They take it back to the Cyber Batcave to analyze it and discover that it is an inflatable antenna connected to [dramatic music] a software-defined radio.
“He’s a smart son of a bitch,” says Krumitz. “He takes advantage of air traffic control’s reliance on GPS to track planes.”
“ADS-B, it’s the latest and greatest in air traffic monitoring,” Mundo gasps. Krumitz states that the Automatic Dependent Surveillance-Broadcast (ADS-B) is designed “for convenience, not security” and that it has a “massive vulnerability” that makes it susceptible to “spoofing”.
This is at least partly based on actual reports. In 2012, Brad “RenderMan” Haines did a demonstration of ADS-B spoofing at DefCon, demonstrating that he could create a fake “airplane” that sent position data to the FAA’s network (under laboratory conditions) by copying data from a flight simulator. However, the FAA claims they have multiple ways to authenticate ADS-B signals.
Back in CSIcountry, Mundo puts the pieces together. “This isn’t just a missing plane, this is a cyber hijacking.”
Fortunately, Baltimore-based cybersecurity enthusiast Artie Sneed (played by Marcus Giamatti) turns out to be harassed by FBI headquarters security for changing his visitor credentials from his last recurring appearance (the one where the hospital was hacked from the beginning of this season). ). . He runs into Ryan and instantly falls in love with Ryan, who has once again bent the laws of physics to return to DC. Apparently, Sneed convinces her to let him be the episode’s deus ex machina generator. In the blink of an eye, he’s created a mock-up of an airplane in the FBI’s cyber operations center using police tape and a collection of circuit boards and antennas.
Artie explains how a simple signal jammer from the plane wouldn’t have the power to block all signals. The motors would be out of range and they would send data back to the manufacturer wirelessly, he says.
(Now if this was a drinking game, I’d have passed out. Aircraft engine diagnostics are generally sent over a satellite link – not from some radio built right into the engines. There’s no time to dwell on this fact as it gets worse.)
Artie wheels in a box with a mass of antennas and electronics inside. He says it’s a “white noise generator” and turns it on, instantly taking everything in the operations center offline. The FBI these days relies solely on Wi-Fi.
Meanwhile, the rest of the Cyber Crew seeks out each passenger through social media. They point to an attractive Chinese woman, identified as being in the US on a student visa, who has no social media footprint whatsoever. She is immediately a suspect. It is clear that this woman turns out to be a hacker assassin working for the Chinese “Triad” underworld. A federal marshal confirms that she and her volleyball team must have targeted a teenage girl on board the plane – the girl witnessed a murder and is now in the witness protection program.
The team then reviews the video from airport security. They realize the copilot has an insulin pump! And the white noise generator can block it, causing a potentially lethal dose! (Not really.) The hacker sneaks onto the white noise generator disguised as a ventilator!
Fortunately, with the help of a Baltimore security researcher and some key deus ex machina moments, the FBI Cyber Division saves the day. The flight lands safely and the assassin is quietly arrested. How do they come to such a happy ending? The Baltimore White Hat told the FBI that the flight crew had to disconnect the plane’s onboard computer because it was in a steep dive initiated by the cyber-killer. This information was relayed to the pilot through a fighter jet flashing light message. (Perhaps this would have been more “realistic” if they had sent the message with a laser pointer.)
With that kind of realism, it’s hard to believe CSI: Cyber will not be picked up for another season. Set up your DVRs while you still can.