Hacking takes all kinds of forms, and sometimes it’s not personal data that’s at risk but rather sensitive commercial or government data that’s the target. That’s particularly true for companies and agencies that run important public services such as transportation, where information like security protocols could be valuable to certain nefarious parties. That’s what makes the theft of sensitive information from Australia’s Perth Airport so scary, and the arrest of the guilty hacker so encouraging.
According to Hot For Security, 31-year-old Le Duc Hoang Hai, a Vietnamese citizen, hacked into the airport’s systems and stole building plans and security information. His method wasn’t particularly technical, rather a byproduct of agencies using third-party contractors. Hai used a contractor’s login credentials to access the information rather than leveraging some complicated network vulnerability, and it’s not clear how he gained access to those credentials.
The good news is that Hai did not access any personal information, such as credit card data, and there is no evidence that he was able to sell the data prior to being arrested. In addition, there was no immediate risk to travelers from the hack according to The West Australian. Kevin Brown, the Perth airport’s chief executive, responded to queries, saying, “We completed a full and thorough risk assessment of the data that had been accessed to ensure there had been no threat to the safety of the traveling public. At no time was the safety or security of the airport, its staff, passengers or partners compromised.”
As Hot For Security points out, the use of contractors can be problematic simply because they may not be held to the same strict security standards as employees. Therefore, additional security measures such as two-factor authentication should be implemented to help keep networks protected no matter who is logging in.
This isn’t the first time that Hai has been guilty of illicit hacking. He is suspected of breaking into other organizations in his home country, such as banks, telecommunications companies, and even a military newspaper website. He was sentenced to four years in prison for this particular crime, however.
- How Dashlane Business can make your business more secure
- The best password managers for 2021
- The best browsers for privacy
- How to recycle your old computer
- The best COVID tech of CES 2021: Smart masks and sanitizers