[BreachExchange] Jet2 hacker, a former contractor with axe to grind, jailed for 10 months

Destry Winant destry at riskbasedsecurity.com
Fri Dec 20 10:04:20 EST 2019


A cyberattacker that took down Jet2 systems for over 12 hours has been
jailed after admitting his guilt.

Scott Burns of Morley, Leeds, used to work with the airline as a
contractor from IT provider Blue Chip. The 27-year-old worked on the
Jet2 account until December 2017, when he left and took up a position
at another IT company.

Burns, who the UK's National Crime Agency (NCA) describes as
"disgruntled," performed attacks on the Jet2 network, leading to the
shutdown of services for over 12 hours on 18 January 2019.

The contractor was able to remove a folder that stored user data,
preventing at least 2,000 members of staff from logging into their
network accounts, including those with administrative privileges.

It was only due to the rapid actions of one employee who was able to
create a hidden admin account at the same time the attack was taking
place that Jet2 avoided "complete disaster," according to prosecutors.

The BBC reports that the cyberattack and operational disruption cost
Jet2 £165,000 ($215,000).

The shutdown of the network came after a scoping and reconnaissance
exercise on 3 January 2019, in which it is believed Burns probed the
security of the Jet2 network.

Burns was not finished after causing the disruption. After the attack,
he compromised the email inbox of Jet2's CEO Steve Heapey and "once or
twice" checked up on the executive's messages to see what was being
said about the cyberattack -- and whether or not the company had any
suspicions of his involvement.

To try and avoid discovery, Burns also deleted log files and network
event records.

Dart Group, of which Jet2 is a subsidiary, provided evidence after the
cyberattacks to forensics teams. Together with the analysis of
computer systems, cybersecurity experts were able to trace the hacking
activities back to the contractor.

CNET: Facebook will stop using two-factor authentication phone numbers
for friend suggestions

The IT admin was arrested on 8 February. The seizure of electronic
devices belonging to him revealed he was unhappy working with the
airline, saying in chat messages that he was "finally sick and tired
of BC/Jet2" and that leaving Blue Chip was "freeeedom."

Burns also used Google to look up potential prison sentences for
network intrusion under UK law.

Burns pleaded guilty to a total of eight offenses under the UK's
Computer Misuse Act in November, leading to sentencing on Wednesday at
Leeds Crown court. He must serve 10 months in prison.

"Not only did Burns's actions have a potential financial impact on
Jet2, it caused huge disruption to their staff and technical
operations," Jamie Horncastle, NCA lead officer said. "I would always
encourage victims of such attacks to preserve as much evidence as
possible in the immediate aftermath -- it will assist law enforcement
in catching the perpetrator."

In August, a British teenager was sentenced to 20 months behind bars
for offering "hacker-for-hire" services, including data theft and
SIM-swapping attacks -- the temporary theft of a phone number which
can be used to steal the codes required to bypass two-factor
authentication (2FA) account protections, as well as instigate
password recovery procedures.

More information about the BreachExchange mailing list