Hackers Sell Access to Airport Security System for Just $10

Jul 11, 2018

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

Researchers at McAfee’s Advanced Threat Research team uncovered a marketplace where hackers were selling access to a large international airport’s computer and security system for as little as $10.

The team found that stolen log-in credentials, being sold on a Russian dark website, were for the airport’s remote desktop protocol (RDP), which allows employees to log in to the airport’s computers from a remote location.

After more investigation, McAfee tracked the log in credentials being sold to an IP address of what was believed to be a major international airport. They confirmed with the airport, that yes, those were its RDP credentials and could access “systems linked to security and building automation systems.”

Although McAfee’s blog post doesn’t reveal which airport was hacked for security reasons, it says it was located within the US. The airport resolved the issue after McAfee notified it of the intrusion.

McAfee isn’t positive on how the credentials were found, but it thinks the hackers used the “brute-force” method where they continually guessed random passwords until they found the correct one. According to McAfee, brute-force is a common way for hackers to gain access to RDP systems.

McAfee said hackers could have access to “accounts associated with two companies specializing in airport security; one in security and building automation, the other in camera surveillance and video analytics.” Adding that once they were in the system “a compromise could offer a great foothold and lateral movement through the network using tools such as Mimikatz.”

It added a third compromised account is “most likely associated with the airport’s automated transit system, the passenger transport system that connects terminals.” This suggests that the hackers could have possibly affected a system like JFK or SFO’s Airtrain and have even gained access to more areas of the airport’s computer network, including its security systems.

H/T: The Verge

Featured image by Getty Images. 
Chase Sapphire Preferred® Card

WELCOME OFFER: 80,000 Points

TPG'S BONUS VALUATION*: $1,650

CARD HIGHLIGHTS: 2X points on all travel and dining, points transferrable to over a dozen travel partners

*Bonus value is an estimated value calculated by TPG and not the card issuer. View our latest valuations here.

Apply Now
More Things to Know
  • Earn 80,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $1,000 when you redeem through Chase Ultimate Rewards®. Plus earn up to $50 in statement credits towards grocery store purchases within your first year of account opening.
  • Earn 2X points on dining including eligible delivery services, takeout and dining out and travel. Plus, earn 1 point per dollar spent on all other purchases.
  • Get 25% more value when you redeem for airfare, hotels, car rentals and cruises through Chase Ultimate Rewards®. For example, 80,000 points are worth $1,000 toward travel.
  • With Pay Yourself Back℠, your points are worth 25% more during the current offer when you redeem them for statement credits against existing purchases in select, rotating categories.
  • Get unlimited deliveries with a $0 delivery fee and reduced service fees on eligible orders over $12 for a minimum of one year with DashPass, DoorDash's subscription service. Activate by 12/31/21.
  • Count on Trip Cancellation/Interruption Insurance, Auto Rental Collision Damage Waiver, Lost Luggage Insurance and more.
  • Get up to $60 back on an eligible Peloton Digital or All-Access Membership through 12/31/2021, and get full access to their workout library through the Peloton app, including cardio, running, strength, yoga, and more. Take classes using a phone, tablet, or TV. No fitness equipment is required.
Regular APR
15.99%-22.99% Variable
Annual Fee
$95
Balance Transfer Fee
Either $5 or 5% of the amount of each transfer, whichever is greater.
Recommended Credit
Excellent/Good

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.