Euro Security Watch with Mathew J. Schwartz

Cybercrime , Fraud Management & Cybercrime

Paging Hollywood: Hackers Allegedly Hit JFK Airport … Taxis

Russians Accused of Aiding Drive to Use Malware to 'Hack the Taxi Industry'
Paging Hollywood: Hackers Allegedly Hit JFK Airport … Taxis
Photo: Vincent Desjardins, via Flickr/CC BY 2.0

Hack attacks so often get used as a lazy plot device in Hollywood films and network TV. Think bombastic villains who "hack the Gibson," bring the entire U.S. critical infrastructure to a crashing halt or breathlessly exhale, "We're in!"

See Also: When Every Identity is at Risk, Where Do You Begin?

The hyperbole obscures a dour truth: Much of real-world hacking is banal. Take the case of two suspects accused of hacking not to take over the world but to do something much more mundane - namely, to control the taxi dispatch system at New York's John F. Kennedy International Airport.

A grand jury indictment filed Dec. 5 and unsealed Tuesday accuses multiple individuals - including Daniel Abayev and Peter Leyman, both 48-year-old residents of Queens, New York - of intermittently over a 12-month period manipulating the queuing system for cabbies waiting to pick up fares at the arrival gate. The pair "explored and attempted various mechanisms to access the Dispatch System, including bribing someone to insert a flash drive containing malware into computers connected to the Dispatch System, obtaining unauthorized access to the Dispatch System via a Wi-Fi connection, and stealing computer tablets connected to the Dispatch System," according to court documents.

Abayev and Leyman each face two counts of conspiracy to commit computer intrusion, covering the period from November 2019 to November 2020. If convicted of the charges against them, they face a maximum sentence of 10 years in prison.

Attorneys for the two suspects could not immediately be reached for comment.

Made for Hollywood?

The men allegedly earned $10 for every taxi that they helped jump to the head of the line, bypassing a system designed to be first come, first served. Prosecutors accuse the suspects of having "enabled as many as 1,000 fraudulently expedited taxi trips a day."

It's unclear if this story might be gripping enough to make it blockbuster material. To punch up a script, one Hollywood cliche is to add Russian criminals, often with exaggerated accents. In this case, Russian hackers really did play a part, but more as hired hands than trenchcoat-clad baddies. Prosecutors accuse the two defendants of transferring at least $100,000 to these Russian hackers, sometimes recording the bank transactions as "payment for software development" or "payment for services rendered."

Any would-be script could draw from an array of ready-made, sharp dialogue found in the indictment. Abayev allegedly sent this message to the Russian hackers in Russian: "I know that the Pentagon is being hacked. So, can't we hack the taxi industry." Any day the suspects had access to the dispatch system, this message would allegedly go out to multiple group chat threads for taxi drivers: "Shop open." Not bad, but it's no "You thought your secrets were safe. You were wrong."

Crucially for cybersecurity fans, the indictment doesn't specify the exact mechanism allegedly used to hack the taxi dispatch system.

How this alleged tale of hacking might end isn't clear.

Both of the Queens men were arrested Tuesday and later that day appeared in court before Magistrate Judge Gabriel Gorenstein of the Southern District of New York. They were released on bail after posting $100,000 personal bonds and agreeing that they will not contact each other "except in presence of counsel." They have also agreed to avoid all access to internet-accessible devices unless they're monitored by the court's office of pretrial services and to use any location-monitoring technology the court might require.

So good luck to anyone attempting to dramatize this, while sticking to the facts of the alleged hacking. Then again, getting such details right has never stopped scriptwriters before. Or as this infamous line from "Hackers" goes: "There is no right or wrong, only fun and boring" - at least in Hollywood.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.