A return to normality for travellers will make them targets for hackers

An image of hackers, Cyber Security, A return to normality for travellers will make them targets for hackers

by Andy Still, CTO, Netacea

When are we returning to normal again? It’s hard to predict—and perhaps not advisable, given how many premature predictions of normality we’ve seen in the last year. At the time of writing the efficacy of vaccines is cause for hope, but the exact timeline for the reopening of borders and airlines flying again is unknown. One prediction, made by Tim Harford in the Financial Times, is that things will get better gradually, then suddenly. That is, we will get gradual good news for a long time, but the exact day, week, or month that we can say things are approaching normality will be incredibly difficult to predict.

One thing is for sure, once people are able to go on holiday, demand will be high. People will want the holidays that have been denied to them for so long. A struggling travel industry knows that it just needs to hold out until such time as restrictions are lifted—when the demand for vacations will be immense. But this also means that hackers, who have turned their attention away from the travel industry while it’s been quiet, will also be making plans.

Loyalty points as a dark web currency

Stealing from banks is not simple. Whether you’re going in through the front door to rob the safe, or trying to steal from customers’ accounts, security is tight. Financial services providers are heavily regulated and have a great deal of experience in keeping their customers’ money safe. Plus, they have the advantage of customer expectations. We want our bank accounts to be safe and so extra authentication methods that make any transaction slightly more difficult are acceptable—in fact, they’re often welcome.

A cybercriminal looking to steal money from bank accounts has their work cut out. It’s difficult to do and dangerous—any successful theft is likely to be followed by a forensic investigation. No bank wants to get a reputation as being a “soft touch”.

But what if there was something easier to hack? What if there were accounts that most people didn’t check every day, containing something just as valuable as money, that can be traded and exchanged for goods, but without the danger of stealing from a bank account? Loyalty points, especially travel points, have become a dark web currency. Accounts can be stolen, traded, and used to buy flights and hotel stays long before the original owner knows anything about it.

The problem is that we simply don’t treat loyalty points as being as valuable as money. We don’t demand the same level of security and therefore will not put up with the same level of inconvenience when accessing these accounts. Travel businesses have a choice. They can make these accounts as secure as possible, or risk business going elsewhere when a customer finds the login process too arduous.

The risks of a return to normal business

Hackers, like anyone else, take the route of least resistance. When certain sectors start to push back against their activity, they will look elsewhere for easy pickings. The travel industry, having been in the doldrums for most of the pandemic, has not been a prime target for hackers—there’s little value in a currency that cannot be used. But a return to normal trading will also mean a return to being a target for hackers.

A year can be a long time in hacking. That’s a whole year of leaked combo lists that are now available—lists of stolen usernames and passwords that can be checked for validity on other sites. The tendency for people to reuse passwords means that a criminal can buy a combo list and check these passwords for validity on other sites. This is an impossible task to do manually, but bots can make it simple. Hundreds of passwords can be checked every minute, making it possible to take over accounts and either drain them of loyalty points or sell them on.

The amounts held in these accounts are often much higher than many realise. Air Miles and similar accounts can be worth thousands or even tens of thousands of dollars, and it’s all up for grabs for those who know how. This often results in the travel business paying for the stolen points twice—the points are stolen and used by someone in exchange for expensive services, and the customer will often demand the points are refunded, or it may be prudent to do so in order to keep the customer’s loyalty.

How serious is this threat? On average, at least 50% of web traffic is generated by bots, and 9 out of 10 login attempts are made by malicious bots. Around 80% of travel businesses are worried that attacks on their business will harm their reputation and lead to losing customers. They could be right, but they may be looking for threats in the wrong place. Travel businesses need to take this threat as seriously as a bank would treat the theft of funds—protecting their loyalty schemes, their customers, and ultimately their profitability.

An image of hackers, Cyber Security, A return to normality for travellers will make them targets for hackers

Andy Still

Andy is a pioneer of digital performance for online systems. As Chief Technology Officer, he leads the technical direction for Netacea’s products, as well as providing consultancy and thought leadership to clients. Andy has authored several books on computing and web performance, application development and non-human web traffic.

Switching from monolithic web apps to microservices

Jon Hewines • 08th June 2023

Unlocking value in existing applications is highly desirable for CTOs, and one of the most effective way of doing so is to make the switch from monolithic architecture to microservices. It’s not a straightforward task, but the benefits can be huge.

BT launches 5G immersive spaces

Alex Foster • 26th May 2023

New connected spaces provide fully immersive experiences by combining interactive, 360° video content – complete with lights, sounds and smells – compatible with Augmented Reality (AR), Virtual Reality (VR) and Extended Reality (XR)

What are tomorrow’s cloud leaders thinking about today?

David Devine • 25th May 2023

Organisations today – from end-users to channel companies and industry groups – are all working to optimize their use of cloud technologies. Although there are increasing numbers of businesses seeing cloud’s benefits, and diminishing minorities operating on-premises, there are nonetheless hurdles that are common to all. OVHcloud’s annual conference at the London Stadium on June...

Job creation and learning from China

Arnold Ma • 22nd May 2023

With the barrage of negative headlines, however, it’s often easy to overlook how the introduction of and advances in new technologies can boost the economy by opening up job opportunities. And with reports of unemployment on the rise, as the UK’s economy struggles for growth momentum, this is more welcome news.