JFK airport taxi system hacked so drivers could skip the queue

NEW YORK- JULY 10: New York Taxi line next to JetBlue Terminal 5 at John F Kennedy International Airport in New York on July 10, 2014.
(Image credit: Shutterstock.com/ Leonard Zhukovsky)

Two men have been charged with with two counts of conspiracy to commit computer intrusions, which carry a maximum sentence of 10 years, after hacking the taxi dispatch system at New York's JFK airport. 

Working with Russian hackers, US nationals Daniel Abayev and Peter Leyman concocted a plan whereby taxi drivers would pay them to hijack the dispatch system in order to arrive at terminal ranks first, as opposed to waiting in line. 

The two men were arrested in Queens, New York, after running the scheme for years. U.S. Attorney Damian Williams stated that "now... these defendants are facing serious criminal charges for their alleged cybercrimes.”

Getting ahead

"For years, the defendants’ hacking kept honest cab drivers from being able to pick up fares at JFK in the order in which they arrived", Williams explained.

Port Authority Inspector General John Gay added, “This sophisticated, internationally coordinated conspiracy allegedly targeted hard-working taxi drivers trying to earn an honest living."

It is alleged that the two, along with help from Russia-based hackers, had been operating their plot since at least September 2019 to September 2021. 

Normally, cab drivers are required to wait in a designated lot before the dispatch system assigns them to a specific terminal. Often they wait for hours, and are dispatched roughly according to the order in which they arrive. 

Abayev and Leyman tried various ways to to gain access to the dispatch system, such as bribing operators to insert a flash drive containing malware into the system, hacking its Wi-Fi connection and stealing tablets used as endpoint devices. 

It appears they were successful starting from November 2019. Word of mouth spread among the drivers that paying $10 to the hackers would get them to the front of the line. The hackers even offered a refer-a-friend scheme, whereby their fee would be waived if they recruited other drivers. 

Messages between those involved have also been revealed, such as “I know that the Pentagon is being hacked[.].  So, can’t we hack the taxi industry[?]”, which was sent from Abayev to one of the hackers in Russia.

Group chat was also used for communication between the hackers and drivers. The hackers would send the message "shop open" when they had access to the dispatch system, as well as giving advise on how to evade detection by avoiding certain areas.

Over the entirety of the scheme, it is believed that up to 1,000 taxi fares a day were fraudulently gained. The case is being prosecuted by the Complex Frauds and Cybercrime Unit within the U.S. Attorneys Southern District of New York. 

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.