$10 doesn’t buy you much these days, but it can buy you back-door access to a major international airport’s security system, building automation, and surveillance and transit systems.
Reportedly, a dark web marketplace was selling access to the airport’s remote desk protocol (RDP). The RDP, priced at just $10, lets employees access some computer systems on the airport’s network from outside remote devices. “The process is often used for support and administration, but in the wrong hands, RDP can be leveraged with devastating consequences–researchers point to how SamSam ransomware campaigns begin with RDP access as an example of this,” notes ZDNet. In March, Atlanta was paralyzed by a SamSam ransomware attack from which it is still trying to recover.
It’s becoming increasingly common for cybercriminals to sell stolen sensitive technologies and data on the dark web, often at a low cost. Yesterday, we reported that a hacker was attempting to sell the training manual and maintenance documents for the US military’s MQ-9 Reaper drone for just $150 on the dark web.
But what makes the RDP discovery even more notable is that as the researchers were browsing the compromised machines available on the dark web forum, they saw that three were tied to one single international airport. ZDNet reports that the accounts were associated with two companies that provide elements of airport security.
Researchers are not releasing the name of the airport for security reasons.
Get the full story at ZDNet.