In a YouTube video uploaded on Monday, a hacker calling himself His Royal Gingerness explained that he’d hacked Norwich International Airport’s website via a simple SQL injection attack – because he could.
According to His Royal Gingerness:
“while snooping around I found interesting things, like how to access the emergency broadcast system, how to lock the admins out of there systems, ip addresses, passwords and personal information for a variety of people including the site developers, various high level staff within the airport including its security department and it’s media centre which is where I got the email addresses I used to send this email as well as your passwords which you will see.”
But the airport’s general manager, Richard Pace, told the BBC that the “details accessed by the hacker were of people registered on the website’s media centre, and no commercial or operationally sensitive data was obtained”
His Royal Gingerness said he contacted the airport to tell them of the vulnerability and was told they’d fix it.
“After a month,” he said, “they sent a message back saying they’d made changes and it had been sorted. I went to check it and it was exactly the same.
“It took me between two to three minutes to do this. I do this mostly to see what vulnerability there are in modern systems.”
Find your vulnerabilities before criminal hackers do
Vulnerabilities common to off-the-shelf software, CMS platforms, applications and plugins are being discovered and exploited all the time by opportunistic criminal hackers who use automated scans to identify targets. This means that every Internet-connected organisation is at risk – not just airports. Whatever your industry, making sure you close security gaps and fix vulnerabilities as soon as they become known is essential to keeping your networks secure and your corporate information safe.
Many opportunistic attacks could easily be prevented by simple housekeeping. If you’re concerned about your organisation’s susceptibility to attack, we recommend using a penetration test to determine your attack surface so that remedial measures can be taken.
Penetration testing is an essential component of a best-practice approach to information security, such as that set out in the international standard ISO 27001, which addresses people, processes and technology.
IT Governance’s penetration testing services provide a prioritised set of results as standard, making the remediation process easier for clients, and reducing their long-term exposure to vulnerabilities. Vulnerabilities are presented in an easily comprehensible dashboard and ranked by importance according to the Common Vulnerability Scoring System (CVSS) – an industry standard. Critical vulnerabilities are reported to clients as soon as they are discovered and suggestions for remediation are provided so that clients can react in a timely and appropriate manner.
IT Governance is a CREST-accredited penetration testing service provider and a PCI QSA (Qualified Security Assessor), and is qualified to conduct vulnerability scans and penetration tests to ensure your compliance with standards including the PCI DSS and ISO 27001.
For more information on IT Governance’s penetration testing packages, please click here >>