georgia court says man owes delta air lines W r i t i n g

Find a story in the news from the past few weeks about cybercrime/cybersecurity incident, or from a criminal or civil case. Briefly describe the issue as the news reported it and why this example is defined as cybercrime/cybersecurity. What advice would you offer to the relevant leaders and policy- makers in regards to the issue?

____________________________________________________________________________

Respond to this post (Divine):

Gennady Podolsky, a dual Ukrainian and American citizen from Chicago and managing partner of Vega International Travel Services, Inc., pleaded guilty to trafficking in computer passwords. It was learned that he created a fraudulent account under the name of “RGI International” to accrue SkyBonus points under the SkyBonus program of Delta Air Lines. Furthermore, Podolsky provided one of his employees with access to the account, allowing the unidentified accomplice to unlawfully access Delta’s SkyBonus computer system and book Vega’s customers for air travel with the airline. By unlawfully transferring the password to RGI International’s fraudulent account, Podolsky ensured the account fraudulently accrued Delta SkyBonus points for purchasing eCert tickets. Included in the plea agreement, Podolsky has agreed to pay $1,000,000 as restitution to Delta airlines before his sentencing on January 27, 2021. He has also agreed not to engage in any business with Delta airlines or any company associated with the airline.

This incident is a cybercrime because the accused individual hacked into a database to traffic in computer passwords, which assisted in unlawfully accessing and manipulating an airline’s computer system for self-interest and monetary gains.

Regarding this issue, computer passwords are the front line of protection for user accounts. If not yet put in place, Delta Air Lines would need to employ an approved third-party auditor for penetration testing to perform password cracking or guess on a periodic or random basis to regularly test the security of their network and systems. Also, they need the policy to establish a standard for creating strong passwords for employees and, most notably, for their customers, protecting those passwords and the frequency of change if that is not yet applicable. Any employee found to violate or violate this policy may be subject to disciplinary action, up to and including termination of employment.

References

The Bharat Express News. (2020, November 1). Georgia court says man owes Delta Air Lines $ 1 million by Jan 27, 2021. https:// Travel agent charged for alleged fraud on delta loyalty points program. (2019, September 16). ajc. https:// Federation Of American Scientists – Science for a safer, more informed world. https://fas.org/sgp/crs/misc/97-1025.pdf

(PDF) Cyber security password policy for industrial control networks. (n.d.). ResearchGate. https://