Hacking group attacks networks at airports; so far there are 4 Russian airports hacked
Public WiFi networks continue to create serious problems for their users. Network security specialists report that Alexander Safonov, a Russian programmer who is being investigated as part of the hacker group known as Lurk, has written an open letter revealing the presence of security vulnerabilities in the networks of four international airports in Russia: Platov, Kurumoch, Strigino and Koltsovo.
In his letter, Safonov mentions that these four
airports, like three others, are operated by the company AR, controlled by
Viktor Vekselberg, and also mentions that all systems of these airports are
connected in a single corporate network. “There is a special team of
system administrators with full access to all networks at these airports,”
the programmer adds.
After Safonov’s letter was revealed, network
security experts mentioned that a hacker could gain full access to an airport’s
networks by simply compromising the access credentials of one of the members of
these special teams, which seems happened at Koltsovo international airport.
The aforementioned hacker group would have employed malware of the same name to infiltrate the airport’s computer networks to copy the information from the servers, giving them access to the confidential information of airport users. Safonov also mentions in his letter that neither Russian intelligence agencies nor security firm Kaspersky Lab did much to find the access point used by hackers to compromise networks, even though airport employees detected two computers allegedly exploited by the attackers.
Network security specialists are concerned that
the priorities of Russian agencies are not focused on the safety of these
facilities, but have focused on stopping all potential members of the Lurk
group. For his part, Safonov came to two conclusions: “The networks of
these airports may be vulnerable to further attacks right now; even in an even
worse scenario, it is highly likely that these networks will be under the control
of some external attacker.”
“It is really intriguing that the
authorities have not thoroughly investigated the security of the airports, as
these facilities are considered by the Russian Federation as critical
infrastructure,” adds Safonov. “Who guarantees the safety of people
at an airport and during the flight?” concludes the programmer’s letter.
In this regard, a representative of Koltsovo
Airport stated: “The claims about the low security in our IT systems are
not supported by any objective evidence.” The representative added that
the attack with the Lurk malware occurred on workstations outside the airport
networks; because of this, they were not connected to the host systems and the
malware failed to spread.
Network security specialists at the International
Institute of Cyber Security (IICS) mention that more than 20 people are being
investigated as part of the hacking group Lurk, which has been accused of
stealing more than one billion rubles from banks and other companies. Russian
authorities also accuse this group of hackers of illegally accessing the
airport networks mentioned to copy the information from their servers.