[BreachExchange] Retired Airline Manager Who Hacked Former Employer Caught Thanks to VPN Logs

[Inga Goddijn]

https://www.bleepingcomputer.com/news/security/retired-airline-manager-who-hacked-former-employer-caught-thanks-to-vpn-logs/

An Alaska judge sentenced a 59-year-old woman, a former director at
Peninsula Airlines (PenAir), for hacking her former employer and wreaking
havoc for two days inside the company's flight reservations system.

The hacks took place between April and May last year, two months after
Suzette Kugler, 59, of Desert Hot Springs, California, departed PenAir.

Kugler, who worked for the company 29 years, became unhappy with the way
she was forced to depart the company from her role as Director of System
Support. Kugler later retired.

Kugler trashed PenAir's ticketing & reservations system

According to investigators, one week before she left PenAir, she used her
administrative account to create another high-privileged account in the
name of a fake employee in PenAir's Sabre system, a database for storing
ticketing and reservation information.

Court documents obtained by Bleeping Computer reveal that on April 5,
Kugler used this secret account to log into PenAir's Sabre system and
modified an employee's account to block her access.

She returned on May 2, when she accessed PenAir's Sabre system again, but
this time deleted information associated with eight PenAir airport stations.

"Station information is the airport specific portal for PenAir employees to
access Sabre," documents reveal. "This deletion prevented employees in any
of those eight airports from being able to book, ticket, modify, or board
any flight until the stations were rebuilt in the system."

PenAir staff avoided problems each time

This, fortunately, didn't cause delays for PenAir's customers, as staffers
discovered that someone messed with their system and worked all night to
restore the deleted information.

Kugler then logged in into Sabre again the next day, but this time she
deleted two of the three airplane seat maps used by PenAir.

"Seat maps are used to tie ticketed passengers to specific seats on the
planes," court documents say. "Without seat maps PenAir cannot board or
ticket any passengers for any flight."

But the two seat maps Kugler deleted were for airplanes and flights that
weren't supposed to be used by PenAir for three more days, giving staffers
the time to rebuild the seat plans in time for upcoming flights.

Former manager failed to hide her tracks

At this point, PenAir called in the FBI to help. It didn't take long for
investigators to discover the fake employee account, and find out that it
was Kruger who created the account.

Authorities confirmed that the former PenAir manager was behind the hacks
two months later, in July, when they executed a search warrant at Kugler's
Desert Hot Springs home.

Investigators found VPN logs on two laptops that showed her connecting to
PenAir's Sabre system at the time of the hacks.

Authorities arrested and arraigned Kugler last year, and she pleaded guilty
in January, this year. She was sentenced last week to 250 hours of
community service and five years probation. Kugler also agreed to pay
PenAir $5,616, expenses the company had with remediating the hacks. The
judge was lenient because this was Kugler's first crime, the damage to
PenAir's system wasn't costly, and after receiving multiple character
reference letters prior to sentencing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180416/8598775c/attachment.html>