2 min read

Australian airport hack was "a near miss" says government's cybersecurity expert

Graham CLULEY

December 13, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Australian airport hack was "a near miss" says government's cybersecurity expert

A 31-year-old Vietnamese man has been jailed for a hacking attack that compromised the computer network of Perth International Airport, and reportedly resulted in the theft of building plans and sensitive security protocols.

Alistair MacGibbon, cybersecurity advisor to Australian Prime Minister Malcolm Turnbull, told local media that “a significant amount of data” was taken by the hacker, although radars and other systems linked to aircraft operations were not accessed.

According to The Western Australian, police in Vietnam arrested a man named Le Duc Hoang Hai in connection with the attack, after they were passed information by the Australian Federal Police.

Although he was keen to stress that the public was not put at risk by the activities of the hacker, Mr MacGibbon described the attack as “a near miss”, that could have been a lot worse.

What is perhaps most interesting to us is just how the hacker managed to breach sensitive computer systems at the international airport.

The answer is sadly predictable. The hacker simply used the login credentials of a third-party contractor to gain unauthorised access to what should have been a well-secured network.

Time and time again, organisations and companies are finding that the weak link in their defences are the workers, and in particular problems can present themselves when you are working with external contractors who may not have taken security as seriously as the company they are logging into remotely.

For this reason, it’s always a good idea to not only insist that all workers (internal of external) have security awareness training and follow best practice when it comes to choosing hard-to-crack, unique passwords, but also that additional methods of authentication are used to verify the identity of users as they connect to the network.

For instance, it should never be acceptable for someone to log into a corporate network remotely with just a username and password. At the very least, additional measures such as two-factor authentication and IP whitelisting can be used to reduce the chances of an unauthorised hacker crowbarring their way onto the network.

In the case of this particular attack, with the hacker apparently being based in Vietnam, a simple geo-IP lookup could have ascertained that an attempt was being made to log into the airport’s network from a country where external contractors may not be expected to be located.

Of course, it’s easy to be wise in retrospect. But hacks like this happen over and over again, due to sloppy network security. You simply need to see what has happened to other companies before you in order to predict fairly reliably what threats your organisation might well face in the future.

As well as attacking Perth International Airport, Le Duc Hoang Hai is also said to have hacked a series of organisations inside Vietnam, including banks, telecoms firms and the website of a military newspaper. He has now been sentenced to four years in prison.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read