14 DAY TRIAL // Chinese police have arrested a 19-year-old teen, whom they accused of hacking a Chinese airline, stealing passengers information, and using the info to make hundreds of fraudulent transactions that pocketed him 1.1 million Yuan ($170,000 / €156,000).
The suspect was only identified by police by his first name, Zhang, and is a 19-year-old teen from Heilongjiang, North-East China.
The young hacker was accused of hacking the website of a yet unnamed Chinese airline company by exploiting vulnerabilities in its B2B system.
Hacker stole details about 1.6 million flight reservations
Zhang illegally accessed the airline's database and stole details about 1.6 million bookings. Other stolen information included details such as names, ID numbers, email addresses, and mobile phone numbers.
He also used his access to the website to cancel some current bookings, and later, using the stolen information, contacted airline customers via text messages, and asked them to re-book their flights.
This scheme is how the hacker made his money, by offering a re-booking link that pocketed him re-booking fees.
It took the airline three weeks to catch on about the data breach
These incidents took place between July 31 and August 20, and by August 22, the airline's customers started complaining about constantly canceled flights.
The company launched an investigation, and later announced a data breach on the same day, also alerting Guangzhou police.
According to People's Daily Online, authorities eventually tracked down Zhang and arrested him in Dalian, a city in North China, on November 11.
Police reports about the incident reveal that the hacker used a trojan to infiltrate the airline's computer systems, from where he acquired the necessary information and credentials to access their website. The lack of an up-to-date antivirus system also facilitated the incident, allowing the trojan infection to take root without alerting airline personnel.