STE WILLIAMS

Exclusive A man has pleaded guilty to hacking low-cost airline Jet2, including an attempt to compromise the CEO’s email account.

Scott Burns, of 37 Queen Street, Morley, Leeds, had been charged with eight crimes under the Computer Misuse Act (CMA) 1990.

The 27-year-old, formerly an IT project manager working for Blue Chip Data Systems, targeted the systems of Dart Group plc, the holding company that owns Jet2, travel agency Jet2holidays and logistics business Fowler Welch Coolchain.

During a three-week spree in January 2018, Burns accessed the inbox of Dart Group CEO Steve Heapy from various IP addresses resolving to companies including Servatech Ltd as well as “a Plusnet account in the name of Neil Leslie”.

Burns sealed his fate when he eventually accessed Heapy’s inbox from a Virgin Media account in Burns’ own name, as was laid out in the indictment against him at Leeds Crown Court.

Investigators were able to trace that illegal access back to a named desktop computer, with Burns having used two specific accounts to “secure unauthorised access to the computer hosting the domain of Dart Group… from a remote work station”.

A Linkedin account in Burns’ name has a project entry listed under Accomplishments referring to his carrying out an Office 365 migration for the Dart Group, including “preparation of back end systems to ensure a smooth migration for both the user and for reduced impact to system administrators and helpdesk consultants” for 5,000 users.

Last year Jet2 flew 12.1 million passengers, making it the UK’s fourth most popular airline – though it was fifth place behind Thomas Cook before the latter’s demise in September this year.

Blue Chip Data Systems refused to confirm whether or not Burns had ever worked for the firm, though he lists it as an employer on Linkedin.

Four years ago Blue Chip carried out a successful movement of Dart Group’s physical IT infrastructure from Bournemouth to its current Leeds base, taking on “the future management of Dart Group’s IT system” as noted in a 2015 case study.

A Jet2 spokesperson told The Register: “As legal proceedings are still ongoing, it would be inappropriate for us to make any comment at this stage. However it is important to note that at no point was any personal data or other customer, supplier or Group data compromised, and there was no impact on our distribution or leisure travel operations.”

Burns pleaded guilty to six offences under section 1(1) of the Computer Misuse Act 1990 (CMA), one attempted offence under section 1(1) and one offence under section 3(1) of the CMA. He will be sentenced in December and faces a potential 10-year prison sentence and fine, though statistically speaking, he is unlikely to end up behind bars. ®

Sponsored:
Technical Overview: Exasol Peek Under the Hood

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/11/06/scott_burns_jet2_guilty_plea/