ICAO Investigating Potential Data Breach
By Luke Bodell - Jounalist | Simple Flying
The International Civil Aviation Organization (ICAO) is investigating a possible data breach after tens of thousands of records were reportedly stolen by hackers. The breach has been attributed to a "threat actor known for targeting international organizations."
ICAO looking into data breach
In a statement, the United Nations aviation agency said it is "actively investigating reports of a potential information security incident" that may have impacted tens of thousands of users' data, such as names, addresses, and other personal information. ICAO added that it has "immediate security measures" and is conducting a comprehensive investigation.
In an email to Reuters, a spokesperson for The International Civil Aviation Organization said its investigation was prompted by claims made by a hacker on a forum yesterday that up to 42,000 records had been stolen during a recent data breach. The agency did not elaborate further, stating,
"At this early stage of our investigation, we cannot provide additional details about the incident or confirm specific claims about the data potentially involved."
ICAO was the subject of a hack by a Chinese group back in November 2016, and the agency's subsequent handling of the data breach was criticized. Investigators believe the hack was performed by a group called 'Emissary Panda,' which has direct ties to the Chinese intelligence community. That attack was brought to ICAO's attention by a third party, who discovered that hackers were using ICAO's systems to spread malware to other government systems.
Members of ICAO's information and communications technology (ICT) department are said to have covered up evidence of the hack and dismissed offers of help from experts, while then-ICAO Secretary General Fang Liu also allegedly attempted to brush it under the carpet. ICAO's security systems at the time were said to have been very susceptible - it would subsequently invest a considerable amount of money into overhauling them.
Data contains personal information
According to CyberDaily, the post was made on well-known hacking forum BreachForum by user 'natohub,' who said the information included names, date of birth, marital status, gender, address, email, education and employment information. The hacker posted samples of the data, some of which showed ICAO employment forms, emergency contact details and personal questionnaire answers.
This account was also behind multiple hacks against the United Nations, US Department of Defense and United States Marine Corps (USMC) last month and has perpetrated previous attacks against NATO-affiliated organizations. These breaches also targeted the personal information of thousands of individuals - in the case of the USMC hack, data pertaining to around 13,000 service members was illegally accessed.
Discover more aviation news with Simple Flying.
Another forum user claimed to have purchased the data - which is apparently "being sold for just a few euros" - and provided further details on its contents. The information is said to contain 57,240 unique emails, of which 1,661 are '.gov' emails, meaning they are operated by government employees and officials of varying levels.
Aviation cybersecurity
With more and more of the aviation ecosystem relying on computer systems to function, the industry is at high risk of malicious activity from hackers. Airlines, airports and other industry stakeholders can all be targeted, with hackers usually holding information to ransom and demanding payment.
In response to growing hacking concerns, the Federal Aviation Administration (FAA) recently updated its cybersecurity standards for aircraft manufacturers, citing a 530% increase in cyberattacks between 2019 and 2020 alone.
For example, Seattle-Tacoma International Airport suffered a data breach last year, with hackers demanding $6 million in cryptocurrency to unlock the data. Boeing was also targeted in October 2023 by the infamous 'LockBit' ransomware gang which demanded $200 million to release data, a request Boeing g politely declined.