Big Apple locals hire Russians to game New York’s taxi system

Two men have been charged for allegedly conspiring with Russian hackers to manipulate the taxi dispatch system at New York’s John F. Kennedy International Airport.

Taxis may wait for several hours at the airport in a holding area before being allowed to pick up passengers. They do so because the fare into Manhattan – $52 presently – or other boroughs is typically substantial enough that it’s worth the wait.

Daniel Abayev, 48, and Peter Leyman, 48, are accused of altering the JFK taxi dispatch system to advance selected taxis to the front of the taxi queue in exchange for a $10 payment, according to a federal indictment [PDF] made public on Tuesday.

“As alleged in the indictment, these two defendants — with the help of Russian hackers — took the Port Authority for a ride,” said Damian Williams, the United States Attorney for the Southern District of New York, in a statement. “For years, the defendants’ hacking kept honest cab drivers from being able to pick up fares at JFK in the order in which they arrived.”

The scheme proved popular with taxi drivers, some of whom were supposedly exempted from the $10 fee when they managed to recruit other drivers to participate. Abayev and Leyman are said to have helped as many 1,000 drivers per day skip the line and to have paid Russian hackers more than $100,000 for “software development,” as the bank transfers were described.

Drivers are said to have learned of the scheme by word of mouth and to have coordinated with Abayev and Leyman by sending their taxi medallion numbers using an unspecified chat app.

Abayev and Leyman allegedly tried various techniques to hack the taxi dispatch system, including bribing someone to insert a flash drive containing malware into computers connected to the netowrk, or accessing the dispatch system’s Wi-Fi network without authorization, and stealing tablet computers connected to the dispatch system.

The court filing indicates that between November 2019 and November 2020, Abayev and Leyman used unauthorized access to manipulate the dispatch system and move specific taxis to the front of the line.

The indictment does not specify which hacking technique ultimately compromised the dispatch system. But it cites a Computer Fraud and Abuse Act violation that suggests the use of malware, specifically Title 18, Section 1030 (a)(5)(A): “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.”

Abayev and Leyman each face two counts of conspiracy to commit computer intrusion, which carry a maximum sentence of ten years in prison.

The US Attorney’s Office for the Southern District of New York did not immediately respond to an inquiry to explain how the scheme was ultimately detected. The Port Authority of New York and New Jersey did not immediately respond to a request for comment.

A spokesperson for the New York City Taxi & Limousine Commission was unable to meet our deadline but suggested a comment might follow later – The Register will update this story if so. ®

READ MORE HERE