Two U.S. citizens were arrested for allegedly conspiring with Russian hackers to hack the John F. Kennedy International Airport (JFK) taxi dispatch system to move specific taxis to the front of the queue in exchange for a $10 fee.
The taxi dispatch system is a computer-controlled system that ensures that taxis are dispatched from the airport’s holding lot to pick up the next available fare at the appropriate terminal.
Usually, taxis must wait several hours in the lot before the dispatch system summons them.
This system was put in place to maintain a fair operational environment for taxi drivers in an area with significant demand for their services.
Hacking the dispatch system
According to the unsealed indictment published by the U.S. Department of Justice yesterday, two men, Daniel Abayev and Peter Leyman, with the assistance of Russian hackers, breached the JFK taxi dispatch system between September 2019 and September 2021.
Beginning in 2019, ABAYEV and LEYMAN explored and attempted various mechanisms to access the Dispatch System, including bribing someone to insert a flash drive containing malware into computers connected to the Dispatch System, obtaining unauthorized access to the Dispatch System via a Wi-Fi connection, and stealing computer tablets connected to the Dispatch System.
The members of the Hacking Scheme also sent messages to each other in which they explicitly discussed their intention to hack the Dispatch System. For example, on or about November 10, 2019, ABAYEV messaged the following to one of the Russian Hackers in Russian: “I know that the Pentagon is being hacked[.]. So, can’t we hack the taxi industry[?]” – U.S. Department of Justice.
The DOJ says the hackers used their unauthorized access to create a paid-for service that allowed taxis waiting for a fare at JFK to go to the front of the line and get dispatched quickly.
Taxi drivers participating in the scheme had to pay $10 to the hackers in cash or via mobile payment. Those promoting the service to their colleagues would be given waivers allowing them to skip the line for free.
The communications between the taxi drivers and the hackers took place via chat apps on private groups, where Abayev and Leyman would make “Shop open” and “Shop closed” announcements.
“In order to skip the taxi line, taxi drivers would message their taxi medallion numbers into the group chat threads, and a member of the hacking scheme would then message the terminal that the taxi driver should go to in order to skip the taxi line and pick up a fare,” describes the indictment.
Spreadsheet documents seen by law enforcement indicate that the hacking scheme illegally helped taxi drivers perform about 2,500 trips per week. On record days, like December 9, 2019, the hackers helped with 600 trips.
The indictment also claims that Abayev and Leyman transferred at least $100,000 to the hackers in Russia, with transaction justifications such as “payment for software development.”
The charges both men face carry a maximum sentence of 10 years in prison for two counts of conspiracy to commit computer intrusion.
If proven guilty, the two hackers will also have to forfeit all property directly or indirectly related to the committed offenses to the U.S.
- Shplad – 1 day ago
This comes across as clickbait. The heading should have read "Two Russian citizens help…" Instead, it makes it sound like the Russian government performed these actions, which is misleading, especially considering the current war in Europe.