Woman who hacked airline network busted through VPN logs

VPN Logs Lead to Capturing of an Ex-PenAir Employee Who Hacked Into Company’s Internal Networks.

A 59-year old US female has been arrested for hacking into her previous employer’s internal networks and creating havoc by sabotaging the day-to-day activities of the company, thanks to the VPN logs – The accused is a former employee of Peninsula Airlines or PenAir, an Alaskan regional airline.

The female, namely Suzette Kugler, has already pleaded guilty and been charged with carrying out Fraud in ‘connection with computers.’ Kugler was caught after tracking her VPN logs. As is the norm with a majority of electronic crimes, all her activities were revealed to the investigators through her activity logs.

As per the court documents, Kugler was an employee at PenAir but wasn’t happy when she was fired after serving the company for 29 years. Just a week before Kugler left PenAir, she utilized system privileges and created a new user account to control access to the internal network of the company.

More: List of VPN according to researchers that are saving your Internet logs

She then continuously accessed the airlines’ system remotely and conducted a number of malicious deeds such as blocking other employees’ access to the account. She also deleted official records due to which staff members at 8 different locations were prevented from creating or modifying bookings.

Another serious crime was that Kugler removed two pending flights seat maps, which were responsible for informing passengers about their booked seats. In the absence of seat maps, passengers couldn’t board their respective flights.

Airline hacker arrested; thanks to VPN logs
Suzette Kugler

However, luckily the seat maps deleted by Kugler weren’t due to be accessed by passengers for a further three days’ time. This provided PenAir employees an opportunity to recreate the maps to prevent unnecessary inconvenience to passengers.

Once the airlines got hints of some kind of foul play in their system, they immediately roped in the FBI to conduct a thorough investigation into the issue. It was later identified that Kugler was the one who was creating trouble for the airlines.

Eventually, her fake administration account was also discovered by the investigators. An arrest warrant was issued for the culprit after her home was searched by law enforcement officials. Two laptops were confiscated from her home in California.

Analysis of the laptops revealed that Kugler had downloaded internal company VPN connectivity software. The software contained a log file dubbed as ‘scvpn.log.’ Further probe into the log file revealed all the misdeed of Kugler as officials identified that she was the one using it all along. The timings of the events also perfectly matched the time when Kugler accessed the VPN service to remotely connect to the airlines’ network.

Since it was Kuglar’s first crime in her lifetime, therefore, she has received a rather lenient sentencing of just 250 hours of community service and has been put on probation for five years. According to U.S. Department of Justice’s press release

“Kugler used her specialized knowledge regarding the Sabre database to create fake employee accounts with high-level privileges, without authorization, and then used those accounts to destroy critical information in a series of network intrusions. It was discovered that the primary fake employee account used in the intrusions was created by Kugler a week before she left the company.”

More: PureVPN Aided FBI to Track CyberStalker by Providing His Logs

What is important to note in this case is that this time around a VPN provider hasn’t provided log files to the law enforcement. Server side logs are also not to be blamed this time for leading to the conviction of an accused but the internal VPN service of a firm and client side logs are responsible for giving away the information.

Therefore, it reaffirms the fact that users need to remain vigilant about their security. VPN services must not be trusted a lot, and additional security measures should be adopted to remain protected. Also, don’t forget to delete the activity logs.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.