A few days ago the website of the Norwich Airport was shut down by a hacker managed, the attack was conducted in a few minutes revealing serious problems of cyber security.
The hacker posted the following Video PoC on YouTtube to demonstrate that could be very easy to hack a vulnerable website just using the online material to identify a target, discover a security flaw and exploit it. In a few minutes the website of the Norwich Airport was shut down by the expert.
“In a world where computers rule nearly every aspect of our lives, privacy and security are now more important than ever before and failure to take basic steps is inexcusable even for the most basic websites,” he said. “With online guides and wiki pages detailing step by step, free and secure patch fixes to most hacks and an entire worldwide compendium of knowledge on every single aspect of the computer sciences this is not acceptable.”
Why did he hack the website?
The hacker explained that he decided to hack the website because a friend belonging the “Muslim Electronic Army” confided that he was “planning on having fun” with the security flaw in the website around Christmas time. During that period, an attack would have major repercussions causing many hardships, “alarm or disruption.”
The hacker raises the question about the security posture of a critical infrastructure such as an airport.
“Do you want to fly from an airport that may not have control of their own computers?” he added.
Sure, you can question me that no critical system has been impacted, but we cannot underestimate that a similar attack could have also serious consequences. Let think to a data breach, stolen data could be used by an attacker to extend the damage to other systems with lateral movement within a targeted network. Another possible attack scenario sees threat actors that use the compromised website to deliver malware to a huge number of visitors that could be a victim of more or less sophisticated fraud scheme.
“Imagine if the ‘official’ airport website is hacked and easily defaced with something designed specifically to cause public concern, or worse—panic. Or what if the site started delivering malware to visitors? Just because the site doesn’t store confidential information, it doesn’t mean its security can be ignored.” observed the WhiteHat Security founder, Jeremiah Grossman.
(Security Affairs – Norwich airport, hacking)