This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.

Researchers at McAfee’s Advanced Threat Research team uncovered a marketplace where hackers were selling access to a large international airport’s computer and security system for as little as $10.

The team found that stolen log-in credentials, being sold on a Russian dark website, were for the airport’s remote desktop protocol (RDP), which allows employees to log in to the airport’s computers from a remote location.

After more investigation, McAfee tracked the log in credentials being sold to an IP address of what was believed to be a major international airport. They confirmed with the airport, that yes, those were its RDP credentials and could access “systems linked to security and building automation systems.”

Although McAfee’s blog post doesn’t reveal which airport was hacked for security reasons, it says it was located within the US. The airport resolved the issue after McAfee notified it of the intrusion.

McAfee isn’t positive on how the credentials were found, but it thinks the hackers used the “brute-force” method where they continually guessed random passwords until they found the correct one. According to McAfee, brute-force is a common way for hackers to gain access to RDP systems.

McAfee said hackers could have access to “accounts associated with two companies specializing in airport security; one in security and building automation, the other in camera surveillance and video analytics.” Adding that once they were in the system “a compromise could offer a great foothold and lateral movement through the network using tools such as Mimikatz.”

It added a third compromised account is “most likely associated with the airport’s automated transit system, the passenger transport system that connects terminals.” This suggests that the hackers could have possibly affected a system like JFK or SFO’s Airtrain and have even gained access to more areas of the airport’s computer network, including its security systems.

H/T: The Verge

Featured image by Getty Images. 
American Express® Gold Card

With some great bonus categories, the American Express Gold Card has a lot going for it. The card offers 4x points at US restaurants, at US supermarkets (up to $25,000; then 1x), and 3x points on flights booked directly with airlines or through amextravel.com. It is currently offering a welcome bonus of 35,000 bonus points after you spend $2,000 in the first three months.

Apply Now
More Things to Know
  • Earn 35,000 Membership Rewards® Points after you spend $2,000 on eligible purchases with your new Card within the first 3 months.
  • Earn 4X Membership Rewards® points at U.S. restaurants. Earn 4X Membership Rewards® points at U.S. supermarkets (on up to $25,000 per year in purchases, then 1X).
  • Earn 3X Membership Rewards® points on flights booked directly with airlines or on amextravel.com.
  • Earn up to $10 in statement credits monthly when you pay with The Gold Card at Grubhub, Seamless, The Cheesecake Factory, Shake Shack, and Ruth's Chris Steak House. This is an annual savings of up to $120. Enrollment required.
  • $100 Airline Fee Credit: up to $100 in statement credits per calendar year for incidental fees at one selected qualifying airline.
  • Choose to carry a balance with interest on eligible charges of $100 or more.
  • No Foreign Transaction Fees.
  • Annual Fee is $250.
  • Terms apply.
  • See Rates & Fees
Intro APR on Purchases
N/A
Regular APR
See Rates & Fees
Annual Fee
$250
Balance Transfer Fee
See Terms
Recommended Credit
Excellent/Good
Terms and restrictions apply. See rates & fees.

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.