After gathering flyers’ information from a data breach, the industrious hacker told flyers that their flights were cancelled and pocketed made-up rebooking fees.
A 19-year-old Chinese national was arrested and accused of perpetrating a lucrative but surprisingly simple cyber-crime against customers of an unidentified airline in China. Police say the suspected hacker exploited a vulnerability in the airline’s reservation system to glean passengers’ booking and contact information. The alleged conman then contacted flyers by text message and told them that the “plane was out of order.” The teenager then offered to help rebook the travel, while pocketing nonexistent change fees for himself.
The computer breach reportedly compromised the information of more than a million flyers. Hundreds of those passengers later fell victim to the scam and were tricked into paying third party fees to unnecessarily rebook flights that had not been cancelled in the first place.
“The suspect coded the hacking software himself,” a police source told the South China Morning Post. Investigators say the cyber incursion exploited a rather obvious security flaw in the airline’s computer network.
The accused hacker was able to keep the illicit venture going for just under a month, managing to con passengers out of just under $150,000 from July 31 to August 20 of this year. The affected airline is also said to be out just over $12,000 after reimbursing passengers who were eligible for refunds. The airline kept the data breach secret until Chinese media began reporting on hundreds of passengers who were conned in the scam.
The suspected hacker from Heilongjiang was identified only by his surname, Zhang. He was tracked down and arrested last month in the city of Dalian in northwestern China.