iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A hacker claims to have stolen the data of 42,000 individuals connected to the International Civil Aviation Organization.
A member of a popular clear-web hacking forum is claiming to have stolen a large amount of personal data belonging to individuals linked to the International Civil Aviation Organization (ICAO), a United Nations agency that oversees the coordination of international air travel.
The hacker, known as natohub, said on 6 January that he was “sharing a data leak from ICAO” and selling “42k documents of users data”.
“Some of the details involved: First Name, Last Name, Date of birth, Gender, Marital Status, Country, Address, City, State, Zip Code, Phone number, Primary Email, Secondary Email, Education Information, Employment Information …,” natohub said.
Natohub – who was also responsible for hacks against the US Department of Defence, the USMC, and the United Nations itself last month – shared two sample documents, which appear to be forms relating to employment within the ICAO. The documents include all the data mentioned above, as well as the details of emergency contacts for each individual.
The documents also feature a questionnaire asking the individual about the status of their nationality, willingness to travel, and any previous criminal convictions or proceedings they may have been a part of.
ICAO has confirmed it is aware of the hacker’s claims and is in the process of investigating the incident.
“ICAO is actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organisations,” a spokesperson for ICAO told Cyber Daily.
“We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation.
“Further information will be provided once our preliminary investigation is complete.”
Another forum member, who appears to have purchased the data, provided some further analysis of what is in the alleged data leak. It contains 57,240 unique emails, most of which belong to the .com domain. The leak is also alleged to contain 1,661 .gov.xx emails.
According to the poster, 148 of the emails belong to the Australian .au domain.
There are 193 nations that are members of the ICAO, which is headquartered in Montreal, Canada, with Australia being one of 10 nations of “Chief Importance”. According to the Department of Infrastructure, Transport, Regional Development, Communications and the Arts, Australia has been involved with ICAO since it was first formed in 1945.
“Officials and experts from a number of Australian government agencies actively participate in a wide range of ICAO groups, including panels, working groups, study groups, and regional implementation, planning and safety groups,” the department said on its website.
The data is being sold for just a few euros.
This is not the first time the agency has been hacked. A Chinese-backed hacking group compromised two of ICAO’s servers in 2016 and was using the compromised devices to spread malware among the agency’s members. At the time, ICAO was accused of attempting to cover up the incident and conducting inadequate post-incident remediation.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
