{"id":893,"date":"2019-08-30T17:22:45","date_gmt":"2019-08-30T15:22:45","guid":{"rendered":"https:\/\/www.aviationadvocacy.aero\/blog\/?p=893"},"modified":"2020-04-27T11:05:10","modified_gmt":"2020-04-27T09:05:10","slug":"icaos-cybersecurity-cover-up","status":"publish","type":"post","link":"https:\/\/www.aviationadvocacy.aero\/blog\/?p=893","title":{"rendered":"ICAO&#8217;s Cybersecurity Cover-up"},"content":{"rendered":"\n<p>Back in June, we wrote about the cyber-attack on ICAO\u2019s internal network by Emissary Panda, a Chinese government-connected hacking collective. We also addressed the hack\u2019s subsequent breaches and ICAO\u2019s embarrassing cover-up attempt. CBC (Canadian Broadcasting Corporation) uncovered the scandal, and on July 25<sup>th<\/sup>, <a href=\"https:\/\/www.cbc.ca\/news\/canada\/montreal\/icao-patient-zero-cyberattack-whistleblower-1.5223883\">released new information<\/a>, directly from the whistleblower, ICAO\u2019s director of the bureau of administration and services, Vincent Smith, who has publicly come forward. <\/p>\n\n\n\n<p>Smith\nhad originally filed an internal complaint in late 2016, immediately following\nthe attack. The complaint was directed at the IT team, who had reported to\ntheir supervisor, James Wan, who then reassured Secretary General Liu that,\n\u201cthe entire cyber-security incident was a minor one\u2026.\u201d Smith stated that the IT\ncrew \u201cacted with intent to disguise the source, nature and impact of a breach\nof the ICAO network.\u201d Yet, none of the IT crew has been investigated, all four\nstill hold their posts, along with Wan. Since then, Smith has also accused Liu\nof acting in direct contravention of the UN Internal Oversight Services, who\nrequested an investigation into the IT crew members.<\/p>\n\n\n\n<p>Aside\nfrom the Secretary General, Smith also targeted Olumuyiwa Benard Aliu, ICAO\u2019s\ncouncil president. Here is where the call for a cover-up makes more sense. Back\nin 2010, Aliu was the Nigerian representative on the council. His son, Maxim\nAliu, was an ICAO IT officer, and while on a trip to Beijing in 2010, Emissary\nPanda infected Maxim\u2019s laptop. Maxim had domain admin status up until January\n2015. ICAO\u2019s chief INFOSEC officer, Si Nguyen Vo, pointed out that between the\n2010 breach and the 2016 attack, ICAO suffered a number of substantial\nbreaches, beyond the one initially reported by CBC, including one involving\nmutual funds. <\/p>\n\n\n\n<p>Additionally,\nthe hackers gained access to \u201cthe personnel records of past and current\nemployees, the medical records of those who had used ICAO\u2019s health clinic,\nfinancial transaction records, and the personal information of anyone who had\nvisited the ICAO building or registered on an IACO website.\u201d A member of the\nICAO\u2019s Nordic Delegation had received a suspicious e-mail, and that someone had\nsent e-mails from her breached account, posing as her. James Wan directed her\nto delete the e-mail and didn\u2019t conduct any follow-up investigation. Perhaps most\nnotably, \u201cwithin 30 minutes of the hack on ICAO, at least one of the UN\nagency\u2019s 192 member states, Turkey, had been compromised.\u201d Here, Emissary Panda\nalso established a watering-hole hack on Turkey\u2019s treasury board website.<\/p>\n\n\n\n<p>ICAO\u2019s\ninternal and external handling of the December 2016 hack have been a fiasco,\nand marred the image and credibility of the agency who claims to provide \u201csupport of a safe, efficient, secure, economically sustainable\nand environmentally responsible civil aviation sector.\u201d&nbsp; <\/p>\n\n\n\n<p>Students of history\nwill know that it is not the crime, it is the cover-up, that eventually gets\nyou.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Back in June, we wrote about the cyber-attack on ICAO\u2019s internal network by Emissary Panda, a Chinese government-connected hacking collective. We also addressed the hack\u2019s subsequent breaches and ICAO\u2019s embarrassing cover-up attempt. CBC (Canadian Broadcasting Corporation) uncovered the scandal, and on July 25th, released new information, directly from the whistleblower, ICAO\u2019s director of the bureau [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-893","post","type-post","status-publish","format-standard","hentry","category-international-civil-aviation-organization"],"_links":{"self":[{"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=\/wp\/v2\/posts\/893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=893"}],"version-history":[{"count":2,"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=\/wp\/v2\/posts\/893\/revisions"}],"predecessor-version":[{"id":897,"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=\/wp\/v2\/posts\/893\/revisions\/897"}],"wp:attachment":[{"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aviationadvocacy.aero\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}