Two US citizens have been arrested for allegedly conspiring with Russian hackers to hack the John F. Kennedy International Airport (JFK) taxi dispatch system to move specific taxis to the front of the queue in $10 exchange fee.
The taxi dispatch system is a computer-controlled system that ensures that taxis are dispatched from the airport waiting area to collect the next available fare at the appropriate terminal.
Usually, taxis have to wait several hours in the parking lot before the dispatch system calls them.
This system was put in place to maintain a fair operating environment for taxi drivers in an area where the demand for their services is high.
Hack Dispatch System
According to the unsealed indictment released yesterday by the US Department of Justice, two men, Daniel Abayev and Peter Leyman, with the help of Russian hackers, breached the JFK taxi dispatch system between September 2019 and September 2021.
The DOJ says the hackers used their unauthorized access to create a paid service that allowed taxis waiting for a fare at JFK to go to the front of the line and be dispatched quickly.
Taxi drivers participating in the scheme had to pay the hackers $10 in cash or via mobile payment. Those who promote the service to their colleagues would be granted waivers allowing them to skip the queue for free.
Communication between the taxi drivers and the hackers took place via chat apps on private groups, where Abayev and Leyman made “Store open” and “Store closed” announcements.
“In order to avoid the taxi line, taxi drivers would send their taxi medallion numbers in group chat threads, and a member of the hacking system would then send a message to the terminal the taxi driver should go to to avoid the taxi line and get a ticket,” describes the indictment.
Spreadsheets viewed by law enforcement indicate that the hacking system illegally helped taxi drivers make around 2,500 rides a week. On peak days, like December 9, 2019, hackers helped with 600 trips.
The indictment also claims that Abayev and Leyman transferred at least $100,000 to hackers in Russia, with transaction rationales such as “payment for software development.”
The charges against both men carry a maximum sentence of 10 years in prison on two counts of conspiracy to commit computer intrusion.
If found guilty, the two hackers will also have to confiscate all property directly or indirectly related to the offenses committed in the United States.