Hacking an airport
Many years ago I was on a business trip and came early to Quebec International Airport to catch a flight. It was not all that many years ago (read: a few years after 9/11), so the first thing as you come to the airport is security. I went straight through thinking that in the secure zone I'll find pubs, coffee shops, duty free, and other conveniences. Instead, I found a totally empty cavernous hall with no one but a few attractive ladies in Air Canada's red uniforms chatting among themselves behind a counter. Details elude me, but mine was probably an early morning flight, so I was literally the only civilian there.
So I decided I could catch up on some work, opened my laptop, and quickly confirmed that even though I got a 192.168.0.something address I could not reach anywhere beyond that network. After restarting the network a couple of time, to no avail, on a hunch I typed https://192.168.0.1 into the browser and got exactly the same login screen as my WiFi router at home. Given that the network is unroutable I decided the router could not be the official airport WiFi. Guess what I did next? Correct! I typed the default admin/admin user/password combo, just for the hell of it. Lo and behold - I am admin on whatever it is that gives out IP addresses, routes traffic, has a firewall, etc., at an international airport!
At this point I came to the conclusion that I had broken enough laws, logged out from the router, shut the laptop down, approached the ladies in red uniforms behind the counter, introduced myself (it helped that I had an impressive-sounding - to "civilians" only! - title at a household name computer company, with a business card to prove it), and explained the situation. I will forever hold Air Canada personnel in very high regard: the ladies immediately got the point, took the gravity of the situation as seriously as I myself would, thanked me, and asked me to wait right there while they make some calls. One of them actually went somewhere at a brisk pace.
In a few minutes a policeman arrived. Uh-oh... I reintroduced myself - with Air Canada girls in rapt attention behind the counter - and retold the story. At no point did the policeman treat me as a cyber-criminal or a suspect - just thanked me, asked for my business card, and requested that I remained right there (I had a flight to catch, I wouldn't go anywhere) while he would find out what was going on. He came back a short while later to thank me again for my help and quick action to alert the personnel and security. he made it clear that I was not under any suspicion of doing anything but being very helpful.
Out of curiosity, I asked if he could tell me what damage could be done if I was not the law-abiding me. He could. It turned out that some maintenance work was being done nearby, and in order not to interfere with the main airport WiFi they brought in a router and created a temporary network. Either they hadn't thought it all the way through, or maybe they didn't think anyone would arrive that early in the morning, but they didn't realize that their temp router would start giving out addresses to anyone who asks, would thus be noticeable, and would be very insecure due to default settings. The policeman even said that I could not reach any really critical system, such as flight control, from where I was, but I could potentially do something nasty with systems controlling the departure/arrival information displays throughout the airport, and messing that up could cause serious trouble among the members of the flying public.
Well, that was a bit of a mess, but all ended well and I was very impressed by the way the situation was handled: calmly and professionally. It was clear that neither the Air Canada ladies not the policeman were engineers, but they understood things immediately on the basis of common sense, knew whom to report it to and even how to get reasonably detailed non-technical information about what exactly had happened and what was affected. And how to treat the innocent helpful sod who reported it - respectfully and politely. Well done!
The flight out of Quebec was uneventful.
Biting the hand that feeds IT
