A pair of Vietnamese hackers calling themselves TeaPea told the BBC they were behind the cyberattack that hit the InterContinental Hotels Group (IHG) in early September. He says he acted for “fun”. The hospital group, which operates 6,000 hotels worldwide, including the Holiday Inn chain, said on Sept. 6 that a third party had accessed its information system, resulting in serious room booking failures.
Very weak password
In practice, TeaPea claims to have gained access to the British group’s information system by inciting an employee to download malware via a booby-trapped attachment. He had to bypass a security message sent to internal devices as part of a two-factor authentication system. However, evidence of the fragility of IHG’s security system is that “the username and password for the safe were available to all employees (…) And the password was extremely weak,” he told the BBC. Indeed, the password was Qwerty1234. A spokesman for the group disputes this version of the facts.
Screenshots, authenticated by IHG, show that the attackers had access to Outlook messenger email, Microsoft Teams conversations, and server directories. On the other hand, no customer data would be stolen.
Deal as much damage as possible
On Telegram, the couple tell British media that they originally wanted to use ransomware. However, “The company’s IT team continued to isolate the servers before we had a chance to deploy them.” So he resorted to a “cleaner” – a type of malware that erases data on infected computers. In other words, seeing that he couldn’t capitalize on this attack, he decided to take revenge by inflicting as much damage as possible. He showed no remorse for what he had done. “We don’t really feel guilty. We would prefer legal work here in Vietnam, but the average salary is $300 a month,” he explained.
IHG’s cybersecurity issues continue. In 2020, the group agreed to pay $1.5 million in a class-action lawsuit following a 2016 three-pronged attack in which criminals accessed the credit card details of 1,200 U.S. hotel customers.