iscover
A member of a popular clear-web hacking forum is claiming to have stolen a large amount of personal data belonging to individuals linked to the International Civil Aviation Organization (ICAO), the United Nations agency that oversees the coordination of international air travel.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
The hacker, known as natohub, said on 6 January that he was “sharing a data leak from ICAO” and selling “42k documents of users data”.
“Some of the details involved: First Name, Last Name, Date of birth, Gender, Marital Status, Country, Address, City, State, Zip Code, Phone number, Primary Email, Secondary Email, Education Information, Employment Information…”
Natohub – who was also responsible for hacks against the US Department of Defence, the USMC, and the United Nations itself last month – shared two sample documents, which appear to be forms relating to employment within the ICAO. The documents include all the data mentioned above and emergency contact details for each individual.
The documents also feature a questionnaire asking the individual about the status of their nationality, willingness to travel, and any previous criminal convictions or proceedings they may have been a part of.
ICAO has confirmed it is aware of the hacker’s claims and is investigating the incident.
“ICAO is actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organisations,” a spokesperson for ICAO told Australian Aviation’s sister brand Cyber Daily.
“We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation.
“Further information will be provided once our preliminary investigation is complete.”
Another forum member, who appears to have purchased the data, provided some further analysis of what is in the alleged data leak. It contains 57,240 unique emails, most of which belong to the .com domain. The leak is also alleged to contain 1,661 .gov.xx emails.
One hundred and forty-eight of the emails, according to this poster, belong to the Australian .au domain.
The data is being sold for just a few Euros.
This is not the first time the agency has been hacked. A Chinese-backed hacking group compromised two of ICAO’s servers in 2016 and was using the compromised devices to spread malware among the agency’s members. At the time, ICAO was accused of attempting to cover up the incident, as well as conducting inadequate post-incident remediation.
