I received an email on August 8th, 2001, likely through a distributed email list, from "Alphonse Qaeda" (AlQaeda@hq.org) asking about general theories of information security, to which I responded that any content that you may see or access on a console or device must be assumed equally accessable to anyone else, that any activity you may perform with any system can likewise be performed by any other initiator with the same or similar systems.
Some examples presented, in response to their theme of questions, included the technical visibility of signals such as computer monitors or keyboards and the fundamental insecurity of human interface devices which are made to be accessable for low resolution human perception.
Other specific examples of technical systems which are fundamentally vulnerable were presented -- as with human interfaces or consumer devices -- demonstrating that anyone can perform the same processes or tasks the same way as you can; any control system and any process or communication each rely on the same fundamental basis of accessability, anyone can send information or commands to these things be them authorized to or not authorized to do so -- just like you can.
My response to their inquiry was sent by e-mail and although intended for broadcast to the distributed email list, it went only to the originating party. They corresponded again on the 10th of August, 2001, asking for specifics on public examples that demonstrate how technical insecurities could be exploited by others in the same way as legitimate use, or a similar demonstration for education of how someone could gain false control or access to a system be them authorized to do so or not. To this legitimate inquiry, which was well prepared in response to the prior email transaction, I responded with a chronology of the Y2K (year 2000 calendar) audits which were a popular topic for the prior few years. Specifically, I concentrated on the very glaring and well known issue of flight control systems on commercial aircraft which were common news topics at the time, the correlations of DieBold and the D.M.C.A., and the well documented concerns with the NATO and NORAD fly-by-wire override systems which had a highly publicised backdoor problem related to commercial aircraft since the mid 1970s and which was currently an issue of severe contention in public discourse.
The highlights of my response, namely related to the invalidity of the fundamental concepts of security in technical systems, pointed to the following primary topics of concern in the Y2K audits and the American military's refusal to acknowledge or correct their deficiencies and these problems. Additionally the highlights of the Digital Millenium Copywrite Act which disguises and protects against the mere awareness of technical instability or exploit in consumer systems like the well known voting machines, and the historical likeness of this to the effect of compliance with "FCC Part 15 Rules" on the functioning of all non-military devices.
Though the primary purpose of the remote fly-by-wire system required on all commercial jets had a valid rationalle, the implementation was severely outdated and though suitable for early 1970s technologies, it did not provide adequate capabilities in a late 1990s technological context. In the event of a conventional analogue heat seaking missile targeting a commercial jet, there is no way nor reason for a commercial passenger jet to carry all of the equipment and systems necessary to contradict and counter this threat. The NATO and NORAD systems are designed to provide flight override control to either adjust the flight path of the commercial jet to avoid the threat or to cause the aircraft to engage evasive activities if other methods do not disable the missile. This system also allows the military to change the flight path of a commercial jet around active military environments without notification to the pilots or autopilot system, simply adjusting course and speed to go around an area but result in the same destination route and plan. The same approach is frequently used to maintain required distances between aircraft in dense airspace environments including airport holding patterns (especially when military traffic is unexpected). In the event of a cockpit lockout and conventional hijacking, this system was also designed to be used to black out or falsify data to the pilot while the plane is directed on another course or to fly in circles until intervention is possible. This system allows a military jet with specific equipment to take over the flight control systems of the commercial aircraft and both direct it to a suitable airfield and facilitate landing using the military's control systems in a manner similar to the assisted landings of the NASA space shuttle. In addition to these active control systems, both a maintenence and a flight test system also exist, allowing mechanics on the ground to check mechanical functioning in simulation and routine checks and a more advanced control system to test maximal flight performance during routine worthiness tests which create extreme conditions to esure the aircraft is stable and safe for civilian operation.
These fly-by-wire override control systems, namely the NATO and NORAD back-door capabilities, were designed in the 1960s and became mandatory for all aircraft in NATO or American regions by 1972. All commercial jets with passengers, all aircraft greater than a certain size or speed, and most freight aircraft that use large airports were required to employ these systems. The available public technologies of the late 1990s, namely the PDA and laptop computers, were more than capable of full simulation and control over these fly-by-wire radio interfaces provided by the military which used a simple mathematical cypher which could be performed on paper by hand -- a multiplication of tail number, flight control system identification number, and other simple values. Because of the widespread implementation, mandatory use, and simple nature of the system, the military refused to even acknowledge the fly-by-wire system's existence during mass public outcry during the Y2K audits and issued excessive gag orders to prevent further public awareness of these vulnerabilities and concerns.
The refusal by the military to acknowledge this and their inability to fix these built-in concerns with these hard-wired override systems in all commercial aircraft generated refute from the auditing community who had relevant concerns about the vulnerability of these systems.
There were a number of examples presented to public from a multitude of sources which thoroughly explained and examplified the vulnerabilities and concerns with the NATO fly-by-wire override systems employed in most civilian aircraft, even "add-on" modules for the software program "Microsoft Flight Simulator 2000" that generated all factors of the command and flight control sequence with the exception of the radio unit necessary to broadcast the control signals on the NATO bands to a real aircraft.
These examples were common knowledge at the time, and concerns had been presented on not only the viability of radio control override of these commercial airliners but presentations also described the various hardware devices that could interface to the maintenence and flight-test control systems of a majority of the aircraft. A selection of schematics included designs for override circuits which were entirely composed of parts from the consumer store Radio Shack in year 2000.