A 31-year-old Vietnamese man has been jailed for a hacking attack that compromised the computer network of Perth International Airport, and reportedly resulted in the theft of building plans and sensitive security protocols.
Alistair MacGibbon, cybersecurity advisor to Australian Prime Minister Malcolm Turnbull, told local media that “a significant amount of data” was taken by the hacker, although radars and other systems linked to aircraft operations were not accessed.
According to The Western Australian, police in Vietnam arrested a man named Le Duc Hoang Hai in connection with the attack, after they were passed information by the Australian Federal Police.
Although he was keen to stress that the public was not put at risk by the activities of the hacker, Mr MacGibbon described the attack as “a near miss”, that could have been a lot worse.
What is perhaps most interesting to us is just how the hacker managed to breach sensitive computer systems at the international airport.
The answer is sadly predictable. The hacker simply used the login credentials of a third-party contractor to gain unauthorised access to what should have been a well-secured network.
Time and time again, organisations and companies are finding that the weak link in their defences are the workers, and in particular problems can present themselves when you are working with external contractors who may not have taken security as seriously as the company they are logging into remotely.
For this reason, it’s always a good idea to not only insist that all workers (internal of external) have security awareness training and follow best practice when it comes to choosing hard-to-crack, unique passwords, but also that additional methods of authentication are used to verify the identity of users as they connect to the network.
For instance, it should never be acceptable for someone to log into a corporate network remotely with just a username and password. At the very least, additional measures such as two-factor authentication and IP whitelisting can be used to reduce the chances of an unauthorised hacker crowbarring their way onto the network.
In the case of this particular attack, with the hacker apparently being based in Vietnam, a simple geo-IP lookup could have ascertained that an attempt was being made to log into the airport’s network from a country where external contractors may not be expected to be located.
Of course, it’s easy to be wise in retrospect. But hacks like this happen over and over again, due to sloppy network security. You simply need to see what has happened to other companies before you in order to predict fairly reliably what threats your organisation might well face in the future.
As well as attacking Perth International Airport, Le Duc Hoang Hai is also said to have hacked a series of organisations inside Vietnam, including banks, telecoms firms and the website of a military newspaper. He has now been sentenced to four years in prison.