According to Hot For Security, 31-year-old Le Duc Hoang Hai, a Vietnamese citizen, hacked into the airport’s systems and stole building plans and security information. His method wasn’t particularly technical, rather a byproduct of agencies using third-party contractors. Hai used a contractor’s login credentials to access the information rather than leveraging some complicated network vulnerability, and it’s not clear how he gained access to those credentials.
The good news is that Hai did not access any personal information, such as credit card data, and there is no evidence that he was able to sell the data prior to being arrested. In addition, there was no immediate risk to travelers from the hack according to The West Australian. Kevin Brown, the Perth airport’s chief executive, responded to queries, saying, “We completed a full and thorough risk assessment of the data that had been accessed to ensure there had been no threat to the safety of the traveling public. At no time was the safety or security of the airport, its staff, passengers or partners compromised.”
As Hot For Security points out, the use of contractors can be problematic simply because they may not be held to the same strict security standards as employees. Therefore, additional security measures such as two-factor authentication should be implemented to help keep networks protected no matter who is logging in.
This isn’t the first time that Hai has been guilty of illicit hacking. He is suspected of breaking into other organizations in his home country, such as banks, telecommunications companies, and even a military newspaper website. He was sentenced to four years in prison for this particular crime, however.
