News: WhiteHat Security’s Jeremiah Grossman says there is little excuse to leaving your brand unprotected.
A hacker going by the pseudonym of His Royal Gingerness (HRG) has reportedly breached Norwich International Airport’s passenger website, bragging to the BBC that he attacked the system to highlight the website’s ‘vulnerability.’
HRG told the BBC that the motivation behind the attack was the airport’s lax website security, having known of someone who planned to plant a bomb hoax in the airport’s system over Christmas. HRG said that he was able to prevent that attack from playing out.
Wishing not to be named for fear of persecution, HRG said to the BBC:
"I found I could do it and then contacted the airport to let them know," he said.
"It took me between two to three minutes to do this. I do this mostly to see what vulnerability there are in modern systems."
Norwich International Airport was quick to state that the hack had not impacted physical security and airport operations, further promising a more robust and secure replacement website in the coming weeks.
Jeremiah Grossman, Founder of WhiteHat Security, was quick to criticise the airport. He said:
"Not every website is as important as the next. Not every hacked website can be used to establish a foothold on the network to pivot to something that’s truly vital, and not every web hacked website falls under breach reporting regulations.
"Here’s the thing though, the public doesn’t know that — and they have no way of knowing that — which is crucial to appreciate. Imagine if the ‘official’ airport website is hacked and easily defaced with something designed specifically to cause public concern, or worse – panic. Or what if the site started delivering malware to visitors.
"Just because the site doesn’t store confidential information, it doesn’t mean its security can be ignored. There is little excuse for leaving your organisational brand unprotected, where someone can hack the underlying system within a few minutes of effort.
"Norwich International is hardly alone when it comes to incredibly common website security problems, but it’s 2015, and it’s time everyone did better."