Pierluigi Paganini December 22, 2019

A former contractor of British airline Jet2 has been sentenced to 10 months in prison for a cyberattack that shut down the airline’s systems for over 12 hours.

Scott Burns, a former contractor of British low-cost airline Jet2 has been sentenced to 10 months in prison for a cyberattack that shut down the company systems for over 12 hours.

According to the UK’s National Crime Agency (NCA), Burns worked with Jet2 through ICT services provider Blue Chip until December 2017. In January 2018, Burns is suspected to have accessed systems operated by Jet2 and its parent company, Dart Group.

On January 18, 2018, he removed user accounts from the compromised systems, locking out over 2,000 Jet2 employees from accessing the company’s systems, including their emails.

“Scott Burns, 27, of Queen Street in Morley, Leeds, was jailed for 10 months for his actions, which cost the company £165,000.” reported the BBC.

“The attack shut down Jet2’s computer network for 12 hours in January 2018.”

An investigation conducted following the incident revealed that Burns uninstalled a software component used for logging network activity, likely to hide its operations. He also accessed the email account of Jet2’s CEO.

Burns was arrested on February 8, 2018, and in November he pleaded guilty to charges under the Computer Misuse Act.

According to the investigators, Burns’s motivation was revenge for the treatment he received from the company following an incident at a 2017 “Benidorm roadshow.”.

“You intended to cause as much damage to Jet2’s computer system as you could.” Judge Andrew Stubbs QC told Burns.

“This went far beyond being mischievous. This was a revenge attack for a perceived slight you had suffered.”

“Network intrusion is not a victimless crime. Not only did Burns’s actions have a potential financial impact on Jet2, it caused huge disruption to their staff and technical operations,” said the NCA’s Jamie Horncastle. “These are serious offences.”

The fact that Burns was still able to access company systems with its account after he left the company also highlights that the company failed to properly implement the termination procedures.

Pierluigi Paganini

(SecurityAffairs – Jet2 airline, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]