Intercontinental Hotels Group (IHG) cyber-attack was “for fun”

IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun

Holiday Inn logo and signIMAGE SOURCE, GETTY IMAGES

Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) “for fun”.

Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled.

They accessed the FTSE 100 firm’s databases thanks to an easily found and weak password, Qwerty1234.

An expert says the case highlights the vindictive side of criminal hackers.

UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands.

On Monday last week, customers reported widespread problems with booking and check-in.

For 24 hours IHG responded to complaints on social media by saying that the company was “undergoing system maintenance”.

Then on the Tuesday afternoon it told investors that it had been hacked.

“Booking channels and other applications have been significantly disrupted since yesterday,” it said in an official notice lodged with the London Stock Exchange.

The hackers, calling themselves TeaPea, contacted the BBC on the encrypted messaging app, Telegram, providing screenshots as evidence that they had carried out the hack.

The images, which IHG has confirmed are genuine, show they gained access to the company’s internal Outlook emails, Microsoft Teams chats and server directories.

“Our attack was originally planned to be a ransomware but the company’s IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead,” one of the hackers said.

A wiper attack is a form of cyber-attack that irreversibly destroys data, documents and files.

The average wage in Vietnam is about $300 (£270) per month

Cyber-security specialist Rik Ferguson, vice-president of security at Forescout, said the incident was a cautionary tale as, even though the company’s IT team initially found a way to fend them off, the hackers were still able to find a way to inflict damage.

“The hackers’ change of tactic seems born out of vindictive frustration,” he said. “They couldn’t make money so they lashed out, and that absolutely betrays the fact that we are not talking about ‘professional’ cybercriminals here.”

IHG says customer-facing systems are returning to normal but that services may remain intermittent.

The hackers are showing no remorse about the disruption they have caused the company and its customers.

“We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is average $300 per month. I’m sure our hack won’t hurt the company a lot.”

The hackers say no customer data was stolen but they do have some corporate data, including email records.

TeaPea say they gained access to IHG’s internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment.

They also had to bypass an additional security prompt message sent to the worker’s devices as part of a two-factor authentication system.

English computer keyboardIMAGE SOURCE, GETTY IMAGES
Qwerty1234 is a popular password because it comprises the first five letters and the first four numbers of an English keyboard

The criminals then say they accessed the most sensitive parts of IHG’s computer system after finding login details for the company’s internal password vault.

“The username and password to the vault was available to all employees, so 200,000 staff could see. And the password was extremely weak,” they told the BBC.

Surprisingly, the password was Qwerty1234, which regularly appears on lists of most commonly used passwords worldwide.

“Sensitive data should only be available to employees who need access to that data to do their job, and they should have the minimum level of access [needed] to use that data,” said Mr Ferguson, after seeing the screenshots.

“Even a highly complex password is just as insecure as a simple one if it is left exposed.”

An IHG spokeswoman disputed that the password vault details were not secure, saying that the attacker had to evade “multiple layers of security”, but would not give details about the extra security.

“IHG employs a defence-in-depth strategy to information security that leverages many modern security solutions,” she added.

Reported by BBC News on 17 September 2022.

TravelRisk for First-Class passengers on French trains

French police nab first-class wig gang suspects

High-speed train in Le Chemin, France in 2007IMAGE SOURCE, GETTY IMAGES

A suspected gang of thieves who allegedly stole items worth €300,000 (£260,000) from first-class passengers on French trains has been captured.

It is thought they stole luggage from passengers after sitting beside them on high-speed trains crossing the country.

One man, aged 57, is said to have posed as a woman, wearing a wig.

He and two other men, 47 and 40, have confessed to carrying out the thefts over five to six years, French media say.

They are believed to have stored stolen goods in a flat in the southern city of Marseille.

The alleged modus operandi was to steal items during station stops after the unsuspecting owners got off the train to stretch their legs or have a smoke.

Police were first alerted in April when a passenger reported the theft of a briefcase containing jewellery worth €50,000, local media say.

Four months later, police discovered a hoard of stolen goods in the Marseille flat.

Items included €130,000 in cash, a €70,000 watch, designer handbags, shoes, cameras and jewellery.

Local police believe more than 100 people had items stolen and are trying to track down passengers who were targeted on trains travelling between Paris, Geneva and Nice.

The men face up to seven years in prison if convicted of robbery.

Reported by BBC on 17 September 2022.

TravelRisk Pilots fall asleep on ITA Airways Airbus A330 flight from New York to Rome

INCIDENT Two French fighter jets were scrambled over France after a A330’s captain apparently fell asleep

INCIDENT Two French fighter jets were scrambled over France after a A330’s captain apparently fell asleep

Two fighter jets were scrambled to intercept the plane and urgent messages sent between Paris and Rome when the captain failed to respond for 10 minutes.

A pilot triggered a terrorist alert over French airspace after falling asleep in the cockpit of a passenger jet for 10 minutes, it has emerged.

The co-pilot was also sleeping, but was taking an authorised nap within the context of a “controlled rest” period. The captain of the jet was the only one at fault, having fallen asleep accidentally during this time.

The Italian pilot and co-pilot were flying an ITA Airways Airbus A330 flight from New York to Rome on April 30 when the incident occurred, leading the plane to remain silent for 10 minutes while flying over French airspace.

This sparked concern with the French authorities, who warned Italian authorities that the Airbus A330 could be hostage to terrorist hijackers.

French authorities scrambled two fighter jets to intercept the Airbus A330 and check that it was not subject to a hostage situation.

Italian authorities then contacted ITA Airways’ central command centre, which also tried to contact the pilots, firstly through a satellite phone and then through ACARS messages. After 10 minutes, the communication finally got through.

ITA Airways has reported that both the captain and the co-pilot were both asleep for a short time, although only the captain fell asleep accidentally.

The captain has now been fired for committing “a grave error”. He denies having fallen asleep and instead said that the silence was due to problems with the communication system.

Davide D’Amico, ITA Airways spokesperson, said that the plane’s passengers were never in danger at any point as the plane’s automatic pilot system was in place. The plane never diverted from its planned flight route during the entire incident.

Reported by AirLive on 3 June 2022.

Travelrisk: Air France Boeing 777 didn’t react to commands on final approach to Paris CDG

Pilots of Air France #AF11 reported their Boeing 777 didn’t react to commands on final approach to Paris CDG

Pilots of AF11 had a serious issue with commands on final approach to Paris.

The crew of AF11 from New York JFK to Paris CDG had to deal a serious issue at very low altitude this morning Tuesday 5 March 2022.

  • UPDATE The BEA opens a safety investigation regarding Air France #AF11 Boeing 777-300 incident yesterday, CVR and FDR data are currently analyzed.

The Boeing 777 (reg. F-GSQJ) was on approach to runway 26L when the crew reported an issue.

The plane didn’t respond to the commands and started to deviate to its left. Pilots could not talk to the ATC as they were dealing with the issue. We can hear them fighting with the commands in the following video.

Loading video

They finally managed to go around at only 1,200 ft then hold 4,000ft and returned to Paris CDG for a safe landing on runway 27R.

Listen to recording on YouTube.

Reported by Air Live on 5 March 2022.

TravelRisk – Government Sanctions leave Visitors Stranded

Thousands of Russians scramble to leave Thailand as sanctions hit

International tourists, predominantly Russian nationals, visit a beach on Phuket island on March 20, 2020. More than 5,000 Russian tourists have found themselves stranded in Thailand, as international sanctions following the war in Ukraine hit worried holidaymakers. (AFP file photo)

More than 5,000 Russian tourists have found themselves stranded in Thailand, as international sanctions following the war in Ukraine hit worried holidaymakers.

Thousands of Russian tourists in Thailand are struggling to find a route home, officials said Sunday, as international sanctions imposed over the war in Ukraine hit holidaymakers.

Russia’s invasion in February provoked a host of international measures targeting businesses and banks, with some Russian carriers cancelling flights and global payment firms suspending services.

Russians tourists have been among the largest group of visitors to return to Thailand’s beachside resorts since pandemic restrictions eased, but many now find themselves without a return ticket.

Chattan Kunjara Na Ayudhya, the deputy governor of the Tourism Authority of Thailand (TAT), said 3,100 Russians were stuck in Phuket, while just over 2,000 were in Samui, and smaller numbers were in Krabi, Phangnga and Bangkok.

The agency was working on helping those who wanted to return home, he said, including “discussion on return flights which could be regular or special flights”.

Russian tourist and mother-of-three Evgenia Gozorskaia said her family discovered their return Aeroflot tickets had been cancelled.

“We are very nervous because the children are very small, we don’t have enough money to live here,” said the 41-year-old psychologist who arrived from Moscow with her husband and children — aged seven, four and two — on Feb 27.

“We want to go tomorrow to the airport, but I don’t know what the situation will be,” she said from Phuket, adding that they were supposed to fly home March 28.

She said while some people had their tickets replaced others — including her family — had not been so lucky.

“They say that they cannot do it and put the phone off,” she said.

While Thailand has not banned Russian flights, international airspace restrictions have seen some firms — such as Russia’s flagship Aeroflot — cancelling services, leaving tourists to seek alternative routes, such as through the Middle East with different carriers.

Many tourists have also been hit by Visa and Mastercard suspending operations.

“We have seen instances of difficulty in card payments by Russians in Phuket due to how Mastercard and Visa have suspended services in Russia,” said Bhummikitti Ruktaengam, president of the Phuket Tourist Association.

He said officials were considering adopting the Mir system — a Russian electronic fund transfer structure — as well as digital currencies.

Local communities across Thailand were also stepping in.

“We will pay for water, electric, everything for them,” said Archimandrite Oleg, representative of the Orthodox Church in Thailand, who said they were helping at least one family with four children stranded in Koh Samui.

Pandemic travel curbs have hammered the kingdom’s tourism-dominated economy, but 2022 saw a surge of visitors as restrictions eased.

Around 23,000 Russians travelled to Thailand in January this year, according to the TAT.

Tourists from Russia previously accounted for the seventh-largest share of visitors to the kingdom, with around 1.5 million travelling to Thailand in 2019.

While Bangkok has backed a United Nations resolution calling for the withdrawal of Russian troops from Ukraine, it has stopped short of imposing sanctions.

Reported on 13 March 2022 by Bangkok Post.

Travelrisk from Bee impacts aircraft velocity measurement resulting in rejected takeoff

Incident: TAAG B737 at Maputo on Feb 9th 2022, rejected takeoff due to bee in pitot tube

A TAAG Angola Airlines Boeing 737-700, registration D2-TBJ performing flight DT-582 from Maputo (Mozambique) to Luanda (Angola), was accelerating for takeoff from Maputo’s runway 05 when the crew rejected takeoff at about 80 KIAS due to an airspeed disagree between captain’s and first officer’s instruments. The aircraft slowed safely and returned to the apron.

The airline reported a bee was found in one of the pitot tubes forcing the crew to reject takeoff. The passengers disembarked and were taken to a hotel. The aircraft was handed to maintenance to return it into an airworthy condition and was returned to service.

The aircraft departed again the following day after about 28 hours on the ground and reached Luanda with a delay of 28:15 hours.

A pitot tube, also known as pitot probe, is a flow measurement device used to measure fluid flow velocity.

Reported by The Aviation Herald on 12 February 2022.

TravelRisk live snake on Air Asia flight in Malaysia

Air Asia’s slogan “Now Everyone Can Fly” took a new dimension on Air Asia flight AK-5748 when a snake appeared on the flight.

On 10 February 2022, an Air Asia Airbus A320-200, registration 9M-RAN performing flight AK-5748 from Kuala Lumpur (KUL) to Tawau (TWU) in Malaysia, was enroute at FL330 over the South China Sea about 250nm westnorthwest of Kuching (Malaysia) when a snake appeared in the overhead lockers in the passenger cabin. The crew diverted the aircraft to Kuching for a safe landing about 45 minutes later.

A replacement A320-200N continued the flight and reached Tawau with a delay of about 5:50 hours.

The occurrence aircraft was still on the ground in Kuching about 28 hours after landing.

Video posted on YouTube shows the outline of a small snake in the structure of the overhead lockers, above passenger heads.

The Airbus A320-216(WL), with tail number 9M-RAN was put it to service in May 2019 and belongs to lessor Castlelake.
Reported by The Aviation Herald on 11 February 2022.

TravelRisk Emirates Boeing 777 accelerating for take off without Air Traffic Control Clearance Instructed to Reject Takeoff

Another incident at Emirates in Dubai, this time a Boeing 777 passenger flight bound for India was accelerating for take off at Dubai – without air traffic control clearance – meanwhile another Emirates jet was crossing runway at the same time.

Incident: Emirates B773 at Dubai on Jan 9th 2022, rejected takeoff without clearance due to crossing aircraft

An Emirates Boeing 777-300, registration A6-EQA performing flight EK-524 from Dubai (United Arab Emirates) to Hyderabad (India), was accelerating for takeoff from Dubai’s runway 30R when the crew was instructed to reject takeoff at high speed (above 100 knots over ground) due to a crossing aircraft. The aircraft slowed safely and vacated the runway via taxiway N4 behind the aircraft, that had crossed the runway.


An Emirates Boeing 777-300, registration A6-EBY performing flight EK-568 from Dubai (United Arab Emirates) to Bangalore (India), was taxiing for departure and was cleared to cross runway 30R from taxiway M5A to N4 and was entering the runway just when EK-524 began the takeoff roll.

According to information The Aviation Herald received from two independent sources, EK-524 began their takeoff roll without ATC clearance. Tower subsequently instructed EK-524 to stop. According to information EK-524 may have reached 130 KIAS when they rejected takeoff. According to ADS-B data transmitted by the aircraft’s transponder EK-524 had reached 100 knots over ground about 790 meters/2600 feet down the runway and about 1700 meters/5700 feet short of taxiway N4.

EK-568 continued taxi and departed normally. EK-524 taxied back the holding point of runway 30R and departed about 30 minutes after the rejected takeoff.

On Jan 13th 2022 the airline reported, that EK-524 was instructed by tower to abort takeoff on Jan 9th 2022, the crew rejected takeoff successfully. There was no damage to the aircraft and there were no injuries. An internal investigation has been initiated, UAE’s GCAA also opened an investigation.

Reported by The Aviation Herald on 13 January 2022.

Emirates Pilots forget to set the Flight Director causing TravelRisk

Aviation is incredibly safe, and for every disaster there are many catastrophes that are narrowly avoided. It would appear that an Emirates Boeing 777 departing Dubai about a week ago nearly had a major incident after takeoff. Let me share what I’ve been able to piece together so far about this incident.

What happened to this Emirates plane on takeoff?

The flight in question is Emirates EK231 from Dubai (DXB) to Washington Dulles (IAD), which was scheduled to depart at 2:25AM on December 20, 2021. The flight was operated by one of Emirates’ newest Boeing 777-300ERs, with the registration code A6-EQI.

Based on what I’ve been told and have been able to piece together:

  • Before departure, the pilots forgot to set the flight director to an altitude of 4,000 feet, but rather left it at an altitude of zero feet (which the previous crew had presumably set on approach to Dubai)
  • After takeoff, the plane’s nose pitched down, to the point that the plane was at 175 feet and flying at 262 knots (this is supported by actual flight data, which you can find below); as a point of comparison, under normal circumstances the plane would be flying at well under 200 knots at that altitude
  • While I haven’t been able to figure out more details about this, I’m told that the plane sustained damage, yet the pilots made the decision to continue to Washington (I’m still working on figuring out what kind of damage we’re talking about, as the plane operated the return flight later that day)
  • I’ve been told that all four pilots have been fired, and that the US Federal Aviation Administration is now investigating this incident, given that the flight was US-bound (note that I haven’t gotten official confirmation of either of these, though at a minimum I’d assume the pilots are suspended pending an investigation)

For those curious, below is some data from Flightradar24 for the flight in question vs. a more “standard” flight on the same route. You’ll want to look at the right two columns, with the left column being the altitude, and the right column being the speed.

Here’s the data for the flight in question:

Then here’s the data for the same flight several days earlier:

As you can tell, that data is vastly different. This sounds concerning — a Boeing 777 (presumably) full of passengers and fuel was descending right after takeoff, to the point that it was lower than many high rises in Dubai, and flying at a very fast pace.

This incident happened on an Emirates Boeing 777

Emirates has sent a memo to pilots

While Emirates hasn’t yet officially commented on this incident, the airline did send out the following alert to pilots today, essentially referencing the incident:

CREWS ARE REMINDED THAT THERE ARE NO FCOM NORMAL PROCEDURE REQUIREMENTS TO CHANGE THE MCP AFTER LANDING OR SHUTDOWN. THERE HAVE BEEN TIMES WHEN THE MCP “ALTITUDE WINDOW” HAS BEEN SET TO THE AIRPORT ELEVATION WHICH MAY CAUSE ISSUES ON THE SUBSEQUENT DEPARTURE. CREWS SHALL NOT SET AIRPORT ELEVATION ON THE MCP AFTER LANDING OR SHUT DOWN.

I wonder what it was like on the plane

I’d be curious to hear from a passenger onboard, because I wonder if passengers had any clue what was going on:

  • On the one hand, perhaps passengers didn’t really know what was going on, since it was dark outside, and most people aren’t really avgeeks and paying attention to every aircraft movement
  • On the other hand, perhaps passengers totally knew what was going on, given that the plane was barely climbing after takeoff, but rather just kept flying faster and faster

While I feel safe flying with Emirates, in general I’m not surprised to see things like this happen once in a while:

  • Emirates pilots deal with a lot of fatigue, given that they often operate ultra long haul flights departing in the middle of the night; no matter how hard you try, this has to take a toll on you
  • In general Emirates hires 777 pilots with less experience than you’d find at some other airlines; that’s largely because it’s Emirates’ smallest plane, and Emirates isn’t going to consistently have a couple of people with 10,000+ flights hours at the controls (as you’d find on American and United, for example)
  • Then there’s coronavirus, which in general has caused a lot of pilots to become a bit rusty, since many have only recently been brought to work after being furloughed
I wonder what this incident was like for passengers

Bottom line

While I’m sure more information will emerge soon, it’s my understanding that an Emirates Boeing 777 had a pretty frightening departure out of Dubai about a week ago. Specifically, the altitude for after takeoff was set to ground level rather than 4,000 feet, and as a result the plane didn’t climb very high, but rather just sped up. The plane ended up flying at 261 knots just 175 feet over the ground, which must have been frightening for those on the ground and in the air.

Since the FAA is allegedly investigating the incident, hopefully we end up learning more. If anyone has more details on the incident, please chime in!

Reported by OneMileAtATime by Ben Schlappig on 28 December 2021.

Travel Risk of getting Omicron is 2-3 times higher for Aircraft Passengers

Omicron May Double Risk of Getting Infected on Planes, IATA Says

    • Business class likely safer than economy, airline advisor says
    • New strain dominates major markets on cusp of holiday season