BelchSpeak

I can't believe that came from your mouth!

CrimeCyberJobsTravel

Security Bigmouth Gets Half His Company Fired

I posted this a few days ago about Chris Roberts, a cyber snake-oil salesman who peddles Fear, Uncertainty and Doubt to foolish customers.  He claimed that he could access an airplane’s flight systems by hacking the onboard entertainment systems.  It got him kicked off an airplane, but recent news suggests his stupid lies about his hacking prowess just cost the jobs of half of his company’s staff, 12 people.  As it turns out, investors think they might be throwing money away when a company’s founder threatens to down jetliners.

haxorsonplane

From Wired here, via Drudge:

Chris Roberts, a security researcher with One World Labs, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system, or IFE, on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. He was able to issue a climb command and make the plane briefly change course, the document states.

Okay, I think this is the biggest lie of all. Roberts can’t hack an airplane via the entertainment system. But he loves to tell his foolish customers of his that he can. And in fact, he has also said that he has hacked into bus systems and the power control systems of a major city in this youtube video here. Why would he claim to be this extraordinary brilliant hacker? Cuz dopes will pay him money to feel more secure because they are too blind and incapable to understand their own infrastructure. Roberts sells peace of mind, not security. He pushes snakeoil, not solutions.

More from Wired:

Roberts had previously told WIRED that he caused a plane to climb during a simulated test on a virtual environment he and a colleague created, but he insisted then that he had not interfered with the operation of a plane while in flight.

He told WIRED that he did access in-flight networks about 15 times during various flights but had not done anything beyond explore the networks and observe data traffic crossing them.

But this is not how interconnected networks work.  In order for him to sniff and observe traffic, all of it would have to be on a flat network going through a hub, or he would have to be tapping at the switch to see multiple networks at once.  This is how I know he is lying about this whole scenario.  He may indeed have network captures from key tap points within flight control, but he got that from his simulated test environment, not from an airplane connection.

Roberts told agents he attached a Cat6 ethernet cable, with a modified connector, to the box and to his laptop and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems on the planes.

He is lying again. And this is where such lies land him- One World Labs, a company he founded, now must fire 12 employees because firstly, selling snakeoil is tough and not very profitable, and second, their investors pulled their investment out because they think Robert’s business is too risky.

Regardless of whether the authorities have a case against him, however, there has already been some fallout from the incident. Roberts told WIRED that today investors on the board of directors of One World Labs, a company he helped found, decided to withdraw their investments in the company. As a result, One World Labs had to lay off about a dozen employees today, half of its staff.

Roberts said there were other factors contributing to the board’s decision but his legal situation “was probably the final straw.”

The board has deemed it a risk. So that was one factor in many that made their decision,” he said. “Their decision was not to fund the organization any further.”

Does One World Labs think its too risky to keep a bigmouth like Roberts as their CTO?

Update: Graham Cluley also says that Roberts was not able to hack the airplane, but fails to outright call him a liar.

Also, CarnalOwnage agrees with me that all Roberts does is market FUD.

Dr. Jones

Do not talk about fight club. Oops.

Leave a Reply

Your email address will not be published. Required fields are marked *