This is what happens when you hack an airline website to book a business class flight for free

Although hackers often achieve to commit their crimes without leaving a trace, there are cases when authorities manage to identify them with relative ease. After taking a hacking course, an individual tried to improperly enter an airline’s IT systems to book three business class flights to New York; however, the hacker failed to get away with it, as he was arrested and now awaits to know the sentence for his actions.

The 25-year-old defendant became interested in hacking a few years ago, entering a hacking course and performing some activities to test his skills some time later. In 2016 he decided to attack the systems of the Belgium-based Brussels Airlines using a special tool reserved for employees and thus obtaining free airline tickets.

According to documents filed in court, the individual acquired the tickets legitimately, subsequently cancelling them and requesting the return of his money. However, the defendant manipulated the cancellation URL so that the tickets would not cease to be valid. The airline security teams detected the fraud attempt and reported it to the authorities, beginning the search for the hacker, which was detected shortly after.

Brussels Airlines filed a lawsuit against the person responsible, demanding a payment of €20,000 to cover the cost of the business class tickets and expenses arising from the incident. The defense argues that the threat actor should not be forced to pay the extra charges, as he previously collaborated with the airline by teaching a hacking course, as mentioned by the international news platform The Independent.

The accused is now in custody and awaiting trial, to be held on March 30.

Although these kinds of incidents seem somewhat unusual, the International Institute of Cyber Security (IICS) states that, in fact, this variant of electronic fraud has become commonplace for airlines, which even have some protocols to address these incidents. Data theft and phishing email sending are also some of the major security threats these companies have faced for at least five years.