VietNamNet Bridge - Regarding the cyberattacks at Noi Bai and Tan Son Nhat Airports on July 29, experts from BKAV, Vietnam's leading network security firm, believe that Vietnam Airlines’ computers might have been controlled by spyware.

On the afternoon of July 29, hackers attacked the website of Vietnam Airlines, the nation’s flag air carrier. On flight information screens at Noi Bai and Tan Son Nhat, airports, the posting notices were replaced with Chinese words distorting the East Sea situation.

CAAV, confirming the accident, said the attacks interrupted the airports’ electronic check-in systems, after which check-in procedures were handled manually.

Vietnam Airlines’ official website was accessible again at 5.10 pm on the same day. However, according to security experts, 90 Mb of data was spread on the internet, including a list of 400,000 accounts of Vietnam Airlines’ members with information about admission dates, points of accumulation and expiry dates.

Vietnam Airlines confirmed this and asked clients, who are members of the Golden Lotus Program, to change the passwords of their accounts after the system errors were fixed.

On July 30, Vietnam Airlines sent emails to clients with a message about protecting personal accounts on the airline’s system.

Ngo Tuan Anh, vice president of BKAV, said that the website was defaced and the hijacked screens showed that hackers could break into the system deeply. 

“It is highly possible that the administrators’ computers were supervised and controlled by spyware,” he said.

This is a familiar way of attack: spyware exploits vulnerabilities in document files (Word, Excel and Power Point) to spread viruses.

“The spyware is not a virus spread accidentally; they are spread intentionally,” Anh said.

Also according to Anh, in general, hackers conduct deface attacks through two ways. First, they change information directly on servers that run the websites. Or, they redirect the websites to other websites which contain false information.

In Vietnam Airlines’ case, the second way was implemented.

On July 31, on the fanpage of NukeViet, its board of management published an analysis about the incident with Vietnam Airlines, commenting that this was an ‘extremely serious security problem’, while Vietnam Airlines’ reaction was ‘extremely unprofessional’.

NukeViet commented that Vietnam Airlines either does not have a standard process of handling security incidents or it has a problematic process.

The air carrier emailed its clients and asked clients to change their passwords. In this case, it made two mistakes. First, in principle, as the carrier loses passengers’ information, it has the responsibility to fix the problem instead of putting the responsibility on clients and asking them to change passwords.

Second, it opened the hacked system for clients to change passwords.

In related news, 1937cn, a Chinese group of hackers, has denied the attack.

Kim Chi