Two men have been charged with two counts of conspiracy to commit computer hacking, carrying a maximum sentence of 10 years, after hacking into a taxi service system at New York’s JFK airport.
Working with Russian hackers, US citizens Daniel Abayev and Peter Leyman came up with a plan whereby taxi drivers would pay them to take control of the dispatching system to be the first ones to the terminal booths instead of waiting in line.
Two men were arrested in Queens, New York after years of directing the plan. U.S. Attorney Damian Williams stated that “now … these defendants face serious criminal charges for alleged cyber crimes.”
“For years, the hacking of the defendants prevented honest taxi drivers from picking up JFK tickets in the order they arrived,” Williams explained.
Port Authority Inspector General John Gay added: “This sophisticated, internationally coordinated plot allegedly targeted hard-working taxi drivers trying to make an honest living.”
It is alleged that the two, with the help of Russian hackers, carried out their conspiracy from at least September 2019 to September 2021.
Typically, taxi drivers must wait in a designated car park before the dispatch system assigns them to a specific terminal. They often wait for hours and are dispatched more or less in the order in which they arrive.
Abayev and Leyman tried various ways to gain access to the dispatching system, such as bribing operators to insert a USB flash drive containing malware into the system, hacking its Wi-Fi connection, and stealing tablets used as end devices.
It seems they have been successful since November 2019. A rumor spread among the drivers that paying the hackers $10 would get them to the front of the line. The hackers even offered a friend referral program where their fee would be waived if they recruited other drivers.
Messages between those involved were also revealed, such as “I know the Pentagon is being hacked[.]. So, can’t we hack the taxi industry?[?]”, which was sent by Abayev to one of the hackers in Russia.
Group chat was also used for communication between hackers and drivers. Hackers sent a “store open” message when they had access to the mailing system, and also gave advice on how to avoid detection by avoiding certain areas.
Up to 1,000 taxi fares per day are believed to have been fraudulently obtained throughout the programme. The case is being prosecuted by the Complex Fraud and Cybercrime Unit of the Southern District of U.S. Attorneys in New York.