U.S. Case Involving Taxi Dispatch Hacking at New York’s JFK Airport
Two American citizens, Daniel Abaev and Peter Leiman, were taken into custody on suspicions tied to a scheme with suspected Russian ransomware actors to compromise the taxi dispatch system at John F. Kennedy International Airport. The situation was first reported by Sleep Computer.
Researchers indicate that the defendants used malware linked to Russian cybercriminals to breach the New York airport’s taxi dispatch network during a period spanning September 2019 to September 2021. The breach targeted the system responsible for coordinating taxi movements from the airport’s parking area to ride requests across multiple terminals.
According to authorities, Abaev and Leiman allegedly offered a payment of $10 to participants in the scheme. In turn, drivers were able to secure the next dispatch order almost immediately after finishing the previous one, effectively shortening the waiting time between assignments.
Participants in the scheme were required to make payments either in cash or through mobile payment methods. Investigators state that communications between the drivers and the defendants occurred via private group chats on instant messaging platforms. If convicted on all counts, Abaev and Leiman could face up to a decade in federal prison.
In a related note, pro-Russian group Killnet has issued statements claiming involvement with the broader cyber activity and has commented on aspects related to law enforcement actions, including the U.S. Federal Bureau of Investigation (FBI). This parallel narrative has drawn additional attention from security researchers and judicial authorities. [Attribution: US Department of Justice, Sleep Computer, Killnet statements]
The incident underscores the vulnerability of transportation service networks to coordinated cyber intrusions. It also highlights how criminal networks may exploit legitimate operations to accelerate the delivery of rides, a practice that could disrupt daily airport routines and create hidden costs for both drivers and passengers. Experts emphasize the importance of robust incident response plans, continuous monitoring of ride-hailing and taxi dispatch platforms, and rigid authentication controls to deter unauthorized access. [Attribution: Federal authorities, cybersecurity researchers]
Authorities continue to investigate the full scope of the breach and the roles of all parties involved. The case illustrates a broader trend in which cybercriminals seek to monetize disruption by shaping workflow in critical urban services. As the investigation progresses, analysts will look for additional indicators of compromise, new threat actor links, and potential collateral impact on other transportation hubs. [Attribution: Department of Justice, cybersecurity analysts]