Hacking group attacks networks at airports; so far there are 4 Russian airports hacked

Public WiFi networks continue to create serious problems for their users. Network security specialists report that Alexander Safonov, a Russian programmer who is being investigated as part of the hacker group known as Lurk, has written an open letter revealing the presence of security vulnerabilities in the networks of four international airports in Russia: Platov, Kurumoch, Strigino and Koltsovo.

In his letter, Safonov mentions that these four airports, like three others, are operated by the company AR, controlled by Viktor Vekselberg, and also mentions that all systems of these airports are connected in a single corporate network. “There is a special team of system administrators with full access to all networks at these airports,” the programmer adds.

After Safonov’s letter was revealed, network security experts mentioned that a hacker could gain full access to an airport’s networks by simply compromising the access credentials of one of the members of these special teams, which seems happened at Koltsovo international airport.

The aforementioned hacker group would have employed malware of the same name to infiltrate the airport’s computer networks to copy the information from the servers, giving them access to the confidential information of airport users. Safonov also mentions in his letter that neither Russian intelligence agencies nor security firm Kaspersky Lab did much to find the access point used by hackers to compromise networks, even though airport employees detected two computers allegedly exploited by the attackers.

Network security specialists are concerned that the priorities of Russian agencies are not focused on the safety of these facilities, but have focused on stopping all potential members of the Lurk group. For his part, Safonov came to two conclusions: “The networks of these airports may be vulnerable to further attacks right now; even in an even worse scenario, it is highly likely that these networks will be under the control of some external attacker.”

“It is really intriguing that the authorities have not thoroughly investigated the security of the airports, as these facilities are considered by the Russian Federation as critical infrastructure,” adds Safonov. “Who guarantees the safety of people at an airport and during the flight?” concludes the programmer’s letter.

In this regard, a representative of Koltsovo Airport stated: “The claims about the low security in our IT systems are not supported by any objective evidence.” The representative added that the attack with the Lurk malware occurred on workstations outside the airport networks; because of this, they were not connected to the host systems and the malware failed to spread.

Network security specialists at the International Institute of Cyber Security (IICS) mention that more than 20 people are being investigated as part of the hacking group Lurk, which has been accused of stealing more than one billion rubles from banks and other companies. Russian authorities also accuse this group of hackers of illegally accessing the airport networks mentioned to copy the information from their servers.