JFK airport taxi system hacked so drivers could skip the queue

NEW YORK- JULY 10: New York Taxi line next to JetBlue Terminal 5 at John F Kennedy International Airport in New York on July 10, 2014.

(Image credit: Shutterstock.com/ Leonard Zhukovsky)

Two men have been charged with with two counts of conspiracy to commit computer intrusions, which carry a maximum sentence of 10 years, after hacking the taxi dispatch system at New York's JFK airport.

Working with Russian hackers, US nationals Daniel Abayev and Peter Leyman concocted a plan whereby taxi drivers would pay them to hijack the dispatch system in order to arrive at terminal ranks first, as opposed to waiting in line.

The two men were arrested in Queens, New York, after running the scheme for years. U.S. Attorney Damian Williams stated that "now... these defendants are facing serious criminal charges for their alleged cybercrimes.”

Getting ahead

"For years, the defendants’ hacking kept honest cab drivers from being able to pick up fares at JFK in the order in which they arrived", Williams explained.

Port Authority Inspector General John Gay added, “This sophisticated, internationally coordinated conspiracy allegedly targeted hard-working taxi drivers trying to earn an honest living."

It is alleged that the two, along with help from Russia-based hackers, had been operating their plot since at least September 2019 to September 2021.

Normally, cab drivers are required to wait in a designated lot before the dispatch system assigns them to a specific terminal. Often they wait for hours, and are dispatched roughly according to the order in which they arrive.

Abayev and Leyman tried various ways to to gain access to the dispatch system, such as bribing operators to insert a flash drive containing malware into the system, hacking its Wi-Fi connection and stealing tablets used as endpoint devices.

It appears they were successful starting from November 2019. Word of mouth spread among the drivers that paying $10 to the hackers would get them to the front of the line. The hackers even offered a refer-a-friend scheme, whereby their fee would be waived if they recruited other drivers.

> Russian hackers attack proved VPN providers were right about airport Wi-Fi

> The growing menace of QR Code scams - here's how to stay safe

> Microsoft Excel threats could be a major security risk to your business

Messages between those involved have also been revealed, such as “I know that the Pentagon is being hacked[.]. So, can’t we hack the taxi industry[?]”, which was sent from Abayev to one of the hackers in Russia.

Group chat was also used for communication between the hackers and drivers. The hackers would send the message "shop open" when they had access to the dispatch system, as well as giving advise on how to evade detection by avoiding certain areas.

Over the entirety of the scheme, it is believed that up to 1,000 taxi fares a day were fraudulently gained. The case is being prosecuted by the Complex Frauds and Cybercrime Unit within the U.S. Attorneys Southern District of New York.

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.