How easy it is to hack the flight control system

Exactly $ 10 - they only cost in the Tor network RDP login credentials for various systems that are used by airports and beyond. All this without using 0-day exploits or an advanced phishing attack.

A team of researchers from the McAfee company discovered in the Tor network the markets selling credentials to log systems through the RDP protocol allowing any user to log on to the computer via a graphical interface. In the wrong hands, such access can be used to download a list of passengers or other data, to encrypt files with a ransomware, to install cryptocurrency excavators or to paralyze the airport after taking control of the systems.


Sold logins and passwords do not come from theft, but are the result of regular research: criminals use publicly available tools, such as Shodan search engine and Hydra, NLBrute or RDP Forcer software, to crack dictionary passwords and logins. Frequent spills of credentials make it easier to build a database of potential correct pairs of logins and passwords, and security teams do not always hinder the life of burglars.

BlackPass is the most dynamically operating group in this business. Researchers have determined that they trade RDP, SSH credentials, payment card data, bank credentials, e-mail accounts, PayPal and online stores.


Among all this information was the login details of the system connecting passengers and transport terminals at the airport, to which access was sold for only ... $ 10 - without a specialized exploit and without any complicated attack.

Systems like these should not be easily accessible from the Internet. It's best to secure them with 2FA authentication and limit unsuccessful login attempts. And if it's possible, it's best to turn off RDP access from outside. The attack may start from the center of the organization, therefore it is absolutely necessary to log the information provided by employees in the airport network. It is also worth realizing that even the most modern systems will not guarantee security if the network is not monitored from the inside and outside.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.