Paging Hollywood: Hackers Allegedly Hit JFK Airport … TaxisRussians Accused of Aiding Drive to Use Malware to 'Hack the Taxi Industry'
Hack attacks so often get used as a lazy plot device in Hollywood films and network TV. Think bombastic villains who "hack the Gibson," bring the entire U.S. critical infrastructure to a crashing halt or breathlessly exhale, "We're in!"
See Also: Threat Horizons Report
The hyperbole obscures a dour truth: Much of real-world hacking is banal. Take the case of two suspects accused of hacking not to take over the world but to do something much more mundane - namely, to control the taxi dispatch system at New York's John F. Kennedy International Airport.
A grand jury indictment filed Dec. 5 and unsealed Tuesday accuses multiple individuals - including Daniel Abayev and Peter Leyman, both 48-year-old residents of Queens, New York - of intermittently over a 12-month period manipulating the queuing system for cabbies waiting to pick up fares at the arrival gate. The pair "explored and attempted various mechanisms to access the Dispatch System, including bribing someone to insert a flash drive containing malware into computers connected to the Dispatch System, obtaining unauthorized access to the Dispatch System via a Wi-Fi connection, and stealing computer tablets connected to the Dispatch System," according to court documents.
Abayev and Leyman each face two counts of conspiracy to commit computer intrusion, covering the period from November 2019 to November 2020. If convicted of the charges against them, they face a maximum sentence of 10 years in prison.
Attorneys for the two suspects could not immediately be reached for comment.
Made for Hollywood?
The men allegedly earned $10 for every taxi that they helped jump to the head of the line, bypassing a system designed to be first come, first served. Prosecutors accuse the suspects of having "enabled as many as 1,000 fraudulently expedited taxi trips a day."
It's unclear if this story might be gripping enough to make it blockbuster material. To punch up a script, one Hollywood cliche is to add Russian criminals, often with exaggerated accents. In this case, Russian hackers really did play a part, but more as hired hands than trenchcoat-clad baddies. Prosecutors accuse the two defendants of transferring at least $100,000 to these Russian hackers, sometimes recording the bank transactions as "payment for software development" or "payment for services rendered."
Any would-be script could draw from an array of ready-made, sharp dialogue found in the indictment. Abayev allegedly sent this message to the Russian hackers in Russian: "I know that the Pentagon is being hacked. So, can't we hack the taxi industry." Any day the suspects had access to the dispatch system, this message would allegedly go out to multiple group chat threads for taxi drivers: "Shop open." Not bad, but it's no "You thought your secrets were safe. You were wrong."
Crucially for cybersecurity fans, the indictment doesn't specify the exact mechanism allegedly used to hack the taxi dispatch system.
How this alleged tale of hacking might end isn't clear.
Both of the Queens men were arrested Tuesday and later that day appeared in court before Magistrate Judge Gabriel Gorenstein of the Southern District of New York. They were released on bail after posting $100,000 personal bonds and agreeing that they will not contact each other "except in presence of counsel." They have also agreed to avoid all access to internet-accessible devices unless they're monitored by the court's office of pretrial services and to use any location-monitoring technology the court might require.
So good luck to anyone attempting to dramatize this, while sticking to the facts of the alleged hacking. Then again, getting such details right has never stopped scriptwriters before. Or as this infamous line from "Hackers" goes: "There is no right or wrong, only fun and boring" - at least in Hollywood.