You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Former employee tries to take down airplanes

Even after someone leaves the organization, they can pose a threat.

Man gets fired from his job. Man's daughter also works at the same spot. Daughter gets angry. Daughter rage quits. Then, daughter tries to get even (allegedly).

We're taking a short stroll from INFIMA's Global HQ over to the east coast of Florida to look at how insiders can wreak havoc, even putting lives in danger.

Melbourne, Florida is a lovely town. You'd enjoy it.

Unfortunately, the Melbourne Flight Training School ran across one of the town's less pleasant residents. The alleged cybercriminal is a 26-year old woman named Lauren who was the Flight Operations Manager for the school.

In her role, Ms. Lauren would help maintain flight and maintenance records for the fleet of aircraft. As you might guess, this is a critically important role.

Aircraft which may have been unsafe to fly were purposely made ‘airworthy'

It's super frustrating when maintenance issues disrupt your travel plans, but aren't you glad that they keep records to review for safety ahead of every flight?!

Well, after Ms. Lauren's resignation, she (allegedly) deleted these flight and maintenance records for the school's aircraft. These are the same planes that student pilots are using to learn how to fly safely. If all goes well, that friendly student pilot eventually becomes your next commercial pilot. They obviously expect that the plane is in working order!

How does this happen?

With aircraft used a flight school, there are lots of maintenance regulations to follow to ensure airworthiness of each aircraft. This is a really good thing out of the FAA. Due to the hefty amount of record-keeping, most schools use software to help manage this process.

And that software is where our alleged hacker focused her attention. It appears that Ms. Lauren (allegedly) logged into the school's aircraft maintenance tracking software and went buck wild deleting aircraft records, those items specifically related to ensuring aircraft safety.

In this process, a related affidavit stated that "aircraft which may have been unsafe to fly were purposely made ‘airworthy,'"

I don't think I'll have to make this conclusion for you, but let's still state it: this means that unsafe planes were cleared to fly.

In her former role, Ms. Lauren certainly knew how to input, edit and delete aircraft records. Unfortunately, her anger led her to (allegedly) do something extremely dangerous.

Any chance you could have a Lauren at your organization? 🤔

So how do we avoid these kinds of attacks?

Hacking like this from a current or former employee is called an insider attack. These attacks can be really hard to defend against. That's because we have to trust our team, otherwise we'd never get anything done! We hope those employees in whom we place trust are, in fact, trustworthy.

There are two primary steps to protect you and your organization from these kinds of attacks:

  1. Privileged access management - only give access to those who need it, and remove access immediately after they don't need it (i.e. change passwords when someone quits!)
  2. Security awareness training - you can include training on the indicators of insider threats in your organization's security awareness training program.

It's our understanding that the Melbourne Flight School has remediated this attack very well, all while ensuring the safety of its pilots and instructors. But this story is why INFIMA includes training on insider threats for every one of our clients.

If you're an MSP and want to learn more, go check out how we work with Partners here. If you like what you see, book a time to chat!

Photo by Avel Chuklanov on Unsplash

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.