Jet2 cyberattack: Hacker who exploited airline's computer network faces jail term

Out of grudge, an ex-employee of Jet2 hacked into the airline's network as well as CEO's email account

A former employee of Jet2 IT contractor conducted a cyberattack targeting the airline's computer network for 12 hours. The Crown court in the UK heard that the hacker carried out the attack due to a grudge against the firm. During sentencing, the court came to know how a member of the staff at the airline prevented the attack by Scott Burns. But still, the company lost almost £165,000.

It should be noted that Burns also accessed the email account of Jet2 chief executive Steve Heapey.

Hacker in court

The cybercriminal has been sentenced to 10 months of imprisonment. During the court hearing, Judge Andrew Stubbs QC heard that Burns was unhappy about how Jet2 dealt with a disciplinary matter against him relating to an incident at a "roadshow in Benidorm" which took place in 2017.

The judge said that "What you intended to do was to cause as much damage to Jet2's computer system as you could. But for the prompt measures of an employee of Jet2, this would have been disastrous and brought their computer system crashing down. This went far beyond being mischievous. This was a revenge attack for a perceived slight you had suffered."

 Jet 2
Jet 2 Wikimedia commons

Mercy plea

Judge Stubbs rejected a plea from the defence lawyer, Michael Walsh who was representing Burns. The judge also mentioned that he needed to send a message about the "pernicious and far-reaching impact" of cyber-crime and to those who could commit this type of offence.

It was also revealed in court by prosecutor Rebecca Austin that the hacker used login details which he still had to access the system and delete all user accounts, including those with admin privileges, in January 2018.

In addition, she also mentioned that one of the IT workers at the firm managed to create a new, hidden admin account as the attack was ongoing. Through this the employee also able to advert and avert a "complete disaster" and rebuild the accounts from a back-up.

Related topics : Cybersecurity