A Belgian man who goes by the name ‘Kevin D’ has been sentenced by a court in Mechelen to three years in prison for various computer hacking incidents, that include hacking numerous airline websites for cheaper flight tickets, reports by Geeko and Le Soir.
‘Kevin D’, who had carried out cyber attacks since the age of 12, hacked into multiple American Airlines websites in 2017 in order to get cheaper plane tickets.
In total, the Belgian man committed 21 fraudulent airline ticket reservations in hopes of purchasing cheaper flight tickets.
His various cyber attacks enabled him to buy 10 business class tickets without paying for them, gain access to the airline’s loyalty program, obtain staff and customer data, and access information on internal procedures at American Airlines and airports in the US served by the company.
The estimated damages incurred by the hacking amounted to over $200,000 (£172,000).
But this isn’t the first case of airline hacking as earlier in the year a man hacked an Indian airline’s website to track his missing luggage. The man admitted to not being an experienced hacker but somehow was still able to hack the low-cost airline’s website.
In addition to American Airlines, Kevin D also committed similar acts against Brussels Airlines, Mobistar, Utopolis, and Lufthansa. The sentence handed down in mid-August 2022 by the Mechelen courts reflected that it wasn’t the first offence.
The man was first arrested in Milan in October 2021 and has remained in prison in Italy. Due to the offences against an American company, the US asked Belgium to extradite him so that he could face a penalty of 22 to 45 years in prison, a far longer sentence than the one he received in Belgium, where he carried out the acts.
Belgium opposes his extradition to the US.
If the Belgian judgment rules on the cancellation of the extradition to the US and the American justice rejects the Belgian judgment, the defendant will no longer be able to leave the territory. Otherwise, he risks arrest and extradition to the US.
With hackers admitting how easy it is for them to access airline servers, will airlines take a better approach to improve their cybersecurity? Let us know your thoughts.