BACA, the world’s largest Air Charter Association representing charter brokers and others in aviation, has issued a stark warning about the dangers of cybercrime after its European members reported a dramatic increase in attacks. Given the frequency of high-value charter transactions in business aviation and the enhanced security demanded by corporate and VIP customers, the BACA warning has particular resonance in the sector.
Commenting on the geography of the reports, BACA chairman Richard Mumford says: “It’s impossible to determine the origin of the attacks. A lot of high-value transactions take place in the UK and Europe, but in general, European businesses are aware of the risks, at least in general terms, and take steps to protect themselves.
“Our membership is predominantly European and we see the issue through that lens, but it is very much a global problem. It’s a growing issue and the attacks are becoming more sophisticated and more systematic in nature.”
There is no pattern to the attacks, but Mumford confirms that hacking and shadowing email accounts has been a preferred method in recent incidents. “The attacker sends emails from the hacked account attempting to change the bank details for payments due under charter flights.”
None of the attacks reported to BACA have been successful because, says Mumford, “Operators and brokers should not divert substantial payments on the basis of an email. But it takes just a moment of weakness for an attack of this nature to succeed.”
He also explains the wider, perhaps more worrying implications for clients: “If hackers are into a computer system they can harvest bank account, identity and other data. They can access data confidential to the customers and suppliers of the company.
“The reality is that cybercrime is a very effective means to steal large amounts of money with limited risk. The attacker can sit anywhere in the world in relative safety, obtaining and then moving money at great speed, putting it through a number of jurisdictions and bank accounts in order to cover their tracks. With unlimited resource, investigators can often trace the hacker and the flow of money, but it is prohibitively expensive for smaller businesses.”
Reassuringly, Mumford also speaks of a business resolute in its determination to rebuff cyber attacks and improve InfoSec. “The air charter industry takes the security of its clients’ money and their confidentiality very seriously indeed. The cyber attack detection and prevention rate is very high, and the fact that the industry talks about it and works together to minimise the risks to all market participants, demonstrates its commitment to its customers.”
The primary focus of cyber criminals is personal profit; thus far, no threats to flight safety have been reported by BACA members, according to Mumford. “The risk would be that the operator refused to fly if the funds had not arrived in its genuine bank account. However, our members recognise the importance of maintaining absolute confidence and security over their clients’ data and affairs. We’ve therefore introduced a broker accreditation scheme, in partnership with Argus International, which provides an audited market standard to help ensure the integrity of our members’ business.”
BACA has been collecting information from its members, prior to a cybercrime discussion and training forum. Mumford says the association is sharing experiences and providing guidance to members on how they might further improve their defences. And it is raising the profile of this issue externally and with authorities and government contacts.
“The key is to avoid weak spots in IT systems and processes, and this is an issue that is as important for the largest as it is for the smallest operators and brokers,” says Mumford.