On August 16, the official WeChat account of the Guangzhou Intermediate People’s Court issued a case verdict in which a 17-year-old boy used DDOS to attack an airline company. Part of the information disclosed in this case has caused the public to question the safety of airline computer information.
Under the DDOS attack, the ticket purchase system of China Southern Airlines crashed for 4 hours.
According to the details of the case disclosed in the court’s official account, in early June 2020, Xiao Chen Dissatisfaction arose due to the fact that the new crown epidemic was stuck in a severely affected area abroad, and the inability to buy a return ticket to the country. He sent threatening emails to a domestic airline and purchased attack packages on overseas websites, using DDOS (hackers used remote control servers or computers and other resources to launch high-frequency service requests to the target, making the target server paralyzed because it was too late to process massive requests) Such attacks have repeatedly and continuously attacked computer systems such as airline tickets.
The verdict showed that considering that Xiao Chen was 16 but not 18 years old when he committed the crime, he should be given a reduced or lighter punishment in accordance with the law. Taking into account the nature, circumstances, harmful consequences, and attitude of Xiao Chen’s crimes, he was sentenced to the crime of sabotaging computer information systems and sentenced to four years in prison; one laptop computer was confiscated. Hackers illegally invaded the airline system span>
The court stated in the official account that the hacker intrusion caused a paralysis of an airline’s external service network, including ticket business, WeChat live broadcast platform sales, and airport passengers The inability of service, flight, and operation control systems to operate normally resulted in the inability of computer systems such as passenger tickets serving more than 50 million users to operate normally for up to 4 hours, causing huge economic losses and negative online public opinion evaluations for an airline.
On June 10 last year, China Southern Airlines experienced the collapse of its official website ticketing system for nearly a few hours. However, in flight, operation control, and passenger service systems, not at allAffected by obvious attacks. At present, China Southern Airlines has not responded to the sentencing result of the case and related circumstances.
Li Hanming, the founder of civil aviation data analysis company Li and Li, told reporters that the picture provided in the information disclosed in the case showed that the attacker only accessed the airline’s direct sales Gateway and payment gateway. Li Hanming inferred that the impact of DDOS on the airlines in the incident was mainly due to the collapse of the official website ticket business, while airport passenger services, flight, and transportation control systems were basically not affected.
There is no solution to the DDOS bombing attack?
What is the DDOS attack that caused the airlines to collapse the fare system for a few hours? Several airlines told news reporters that DDOS, a hacking method, is to use massive amounts of data to access corporate IP, which can cause the system to crash if the server cannot handle it. “It’s not that airlines are ineffective. This attack method is more vicious. Although this trick works better for small and medium-sized companies, in fact, no matter which company it is, it will be bigger when it encounters a DDOS attack.”
< div class="contheight">
Many industry experts in the field of information security told reporters that any system has the possibility of being compromised. As long as hackers are willing to spend money to buy attack packages, even if the other party is not proficient in computer skills, You can spend money to hire people to carry out DDOS attacks, and there is not much technical threshold. But the only problem is that it’s easy to be locked out and caught, which is a disaster for both companies and hackers.
Liu Qing, general manager of the information security department of an airline company, told reporters, “At present, it is quite common for airlines to encounter hackers, and the attack data is shocking. Usually. The purpose is to obtain passenger data, gather wool, etc. Most of the attacks have been blocked. If the company deploys applications on the cloud, it will also reduce the risk. China Southern Airlines should be relatively strong technically. The attack event still depends on the specific case information and specific description. It may be that the Internet bandwidth is full.”
Liu Qing introduced to reporters that hackers used DDOS to target Bandwidth attacks will cause the airline’s Internet outlet bandwidth to be full, and indirectly cause various Internet-oriented services to be affected. If the airline does not purchase the carrier’s traffic cleaning service, there is no way to resist it, which can be said to be a fatal blow. You need to purchase services from operators such as China Telecom and China Unicom every year, or you can buy them after being attacked. There is no difficulty, but it is more expensive, with a price of about hundreds of thousands.
How does enterprise system security prevent attacks?
In the face of DDOS attacks, most companies have several tactical defense strategies. “Many domestic websites prohibit access to foreign IP segments or only allow access to home broadband IP segments. This is one of the strategies called “black and white lists”.” Li Hanming said. In addition, it is also possible to filter the repeated requests made by the attacker by using a custom encryption algorithm for the request sent by the client to the server.
When dealing with DDOS bombing systems with such an amount, there is still the possibility of incorrect seals by airlines at present. For example, Liu Qing said, for example, in a community where many people want to book tickets, this community uses the same IP address, and the airline’s security equipment or the purchased security service sees that this IP has a large number of ticket purchase behaviors, and will think that it’s not. It is normal to trigger the safety rules. “But for airlines, false seals are better than not being able to provide services.”
In the face of DDOS attack prevention mechanisms, Liu Qing introduced to journalists. In addition to attacks that occupy bandwidth, it may be useless to purchase traffic cleaning services under DDOS attacks on the official website itself. Security equipment must be defended by corresponding rules. It is necessary to deploy waf (web application firewall) with manual traffic analysis to solve the problem. Security equipment manufacturers will continue to update security rules, and airlines will also update themselves to deal with DDOS attack upgrades.
Currently common SMS verification code login, scan code login, face recognition, and payment with mobile phone scan code instead of directly input credit card, etc., are typical to prevent DDOS mechanism. Li Hanming said, “These features that improve user experience also help reduce the company’s overall information security risks.”
Li Hanming said that in addition to these strategic prevention In addition to technology, airlines will also have many systems installed in different places to avoid the risk of a single system being compromised. “For example, the ticketing system may have a backup in Beijing, Shanghai, and Guangzhou, so that the ability to deal with DDOS will be stronger.” Li Hanming also introduced, “The safest way to face an attack that has already been launched by DDOS is to directly like This time, we will also stop the’machine’ for maintenance, first suspend the provision of services, strengthen the processing ability to deal with DDOS, and go online after the ability is enhanced.”
(at the request of the interviewee , Liu Qing is a pseudonym in the text)