On August 16, the official WeChat account of the Guangzhou Intermediate People's Court issued a judgment on a 17-year-old boy using DDOS to attack an airline company. Part of the information disclosed in this case has caused the public to question the safety of airline computer information.
The ticket purchase system of China Southern Airlines crashed for 4 hours under the DDOS attack.
According to the details of the case disclosed in the court’s public account, in early June 2020, Xiao Chen was stranded in a foreign epidemic area due to the new crown epidemic and was unable to buy a return ticket. Produce dissatisfaction. He sent threatening emails to a domestic airline and purchased attack packages on overseas websites, using DDOS (hackers used remote control servers or computers and other resources to launch high-frequency service requests to the target, making the target server paralyzed because it was too late to process massive requests) Such attacks have repeatedly and continuously attacked computer systems such as airline tickets.
The verdict showed that considering that Xiao Chen was 16 years old but not 18 years old when he committed the crime, he should be given a lighter or lighter punishment in accordance with the law. Taking into account the nature, circumstances, harmful consequences, and attitude of Xiao Chen's crimes, he was sentenced to the crime of sabotaging computer information systems and sentenced to four years in prison; one laptop computer was confiscated.
Hacker illegally invaded the airline system
The court stated in the official account that the hacker intrusion caused a paralysis of an airline’s external service network, including ticket business, WeChat live broadcast platform sales, airport passenger service, flight, Operation control and other systems failed to operate normally, resulting in the failure of computer systems such as passenger tickets that provide services for more than 50 million users for up to 4 hours, causing huge economic losses and negative online public opinion evaluations for an airline.
On June 10 last year, China Southern Airlines experienced a crash of the official website ticketing system for nearly a few hours, but the flight, operation control, passenger service and other systems were not affected by obvious attacks. At present, China Southern Airlines has not responded to the sentencing result of the case and related circumstances.
Li Hanming, the founder of the civil aviation data analysis company Li and Li, told The Paper that the pictures provided in the information disclosed in the case showed that the attacker only accessed the airline's direct sales gateway and payment gateway. Li Hanming inferred the impact of DDOS on airlines in the incident,The main reason is that the official website of the ticket business collapsed, while the airport passenger service, flight, and transportation control systems were basically not affected.
No solution to the DDOS bombing attack?
So what exactly is the DDOS attack that caused the airlines to collapse the fare system for a few hours? Many airlines told The Paper reporters that DDOS is a hacking method that uses massive amounts of data to access the corporate IP, and the server cannot handle it enough to cause the system to crash. "It's not that the airlines are ineffective. This attack method is more vicious. Although this trick works better for small and medium-sized companies, in fact, no matter which company it is, it will have a bigger head when it encounters a DDOS attack."
Experts in the field of information security in the industry told The Paper that any system has the possibility of being compromised. As long as the hacker is willing to spend money to buy attack packages, even if the other party is not proficient in computer skills, he can also spend money to invite people to carry out DDOS attacks. Big technical threshold. But the only problem is that it's easy to be locked out and caught, which is a disaster for both companies and hackers.
Liu Qing, general manager of the information security department of an airline company, told The Paper that "At present, it is quite common for airlines to encounter hackers, and the attack data is shocking. The usual purpose is to obtain passenger data, gather wool, etc. Part of the attack has been blocked. If the company deploys an application on the cloud, it will also reduce the risk. China Southern Airlines should be relatively strong technically. The attack incident in this case still depends on the specific case information and specific description. It is possible that the Internet bandwidth is full."
Liu Qing introduced to reporters that hackers using DDOS to target bandwidth-occupying attacks will cause the airline's Internet outlet bandwidth to be full and indirectly cause various Internet-oriented services to be affected. If the airline does not purchase the carrier's traffic cleaning service, there is no way to resist it, which can be said to be a fatal blow. You need to purchase services from operators such as China Telecom and China Unicom every year, or you can buy them after being attacked. There is no difficulty, but it is more expensive, with a price of about hundreds of thousands.
How does enterprise system security prevent attacks?
In the face of DDOS attacks, most companies have several tactical defense strategies. "Many domestic websites prohibit foreign IP segment access or only allow family broadband IP segment access,It is one of the strategies called ‘black and white lists’. "Li Hanming introduced this way. In addition, you can filter the repeated requests made by the attacker by using the custom encryption algorithm for the requests sent by the client to the server.
is used to bomb the system in response to the amount of DDOS. When attacking, there is still the possibility of incorrect seals in airlines. Liu Qing said for example, for example, in a community where many people want to book tickets, this community uses the same IP address, the airline’s security equipment or purchased security When the service sees that this IP has a large number of ticket purchases, it will also think that it is abnormal and trigger the safety rules. "But for the airline, it is better to be blocked by mistake than not being able to provide the service. "
On the prevention mechanism of enterprises facing DDOS attacks, Liu Qing introduced to the surging journalists that in addition to attacks that occupy bandwidth, it may not be useful to purchase traffic cleaning services under DDOS attacks on the official website itself. The equipment must be defended by corresponding rules. waf (web application firewall) needs to be deployed in conjunction with manual traffic analysis to solve the problem. The security equipment manufacturers will continue to update the security rules, and the airlines will also update themselves to deal with the DDOS attack upgrade.
The current common SMS verification code login, scan code login, face recognition, and mobile phone scan code instead of direct input of credit card when paying are all typical mechanisms to prevent DDOS. Li Hanming said, “These features improve user experience in It also helps reduce the company's overall information security risks. "
Li Hanming said that in addition to these strategic prevention technologies, airlines will also have many systems installed in different places to avoid the risk of a single system being compromised. "For example, the ticketing system may have one each in Beijing, Shanghai and Guangzhou. Backup, so the ability to deal with DDOS will be stronger. "Li Hanming also introduced, "In the face of an attack that DDOS has launched, the safest way is to stop the'machine' for maintenance directly like this time, first suspend the provision of services, and strengthen the processing ability to deal with DDOS. After the ability is enhanced Go online again.
(At the request of the interviewee, Liu Qing is a pseudonym in the text)
Source: The Paper
.-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-