19-Year-Old Teen Arrested, Made $1.1 Million from Hacking Chinese Airline

Chinese police have arrested a 19-year-old teen due to accusations of hacking a Chinese airline, stealing passenger information, and later using the data to rake in $1.1 million.

Identified as Zhang, the 19-year-old suspect was found to exploit vulnerabilities in an unnamed Chinese airline's website within its B2B system. The teen hacker stole details from nearly 1.6 million flight reservations, including names, email addresses, mobile phone numbers and ID numbers.

The hacker was able to cancel various bookings after gaining access to customer data and contacted various airline customers through text message asking them to re-book flights. This is where the teen hacker was able to earn his money, by re-booking flights for those he notified of cancelation. He would essentially take their money through offering a re-booking of the canceled flights.

The Chinese airline, which remains to be unnamed, had a period of three weeks that went by while they were under attack by the 19-year-old hacker. During the time, between July 31st and August 20th, airline customers were being duped into re-purchasing bookings that were claimed to be cancelled by the hacker. On August 22nd, the affected airline customers started an uproar of complaints, which then sparked an investigation by the Chinese airline that later discovered the data breach.

Chinese law enforcement tracked down Zhang on November 11th and arrested him in Dalian, located in north China. In the police reports, the hacker incident revealed that the teen utilized a Trojan to infiltrate the airline's computer system giving him access to customer credentials.

The teen hacker was likely aware that the Chinese website had vulnerabilities that could be exploited through the use of a Trojan. The airline website and computer systems were found to lack the proper up-to-date antivirus and security protection put in place to prevent such a data breach. Additionally, once the infiltration of the Trojan took place, officials at the airline were not properly alerted to the infection or their system being breached, which is a major failure on the personnel responsible for implementing security.

While incidents like these take place often, this is one case that law enforcement can make an example out of in the capture and arrest of a hacker perpetrator. Hopefully, this case will be yet another lesson for other potential hacks in the unfailing war against hackers and malware.