T3 disruption a well-planned attempt
More than a year ago, on June 29, a disgruntled employee of Delhi airport’s service provider company had disrupted the check-in, boarding and baggage handling systems at Terminal 3.
More than a year ago, on June 29, a disgruntled employee of Delhi airport’s service provider company had disrupted the check-in, boarding and baggage handling systems at Terminal 3.
A CBI investigation has now revealed that Gurucharan Kalluraya, who used to work with ARINC India Pvt Ltd, had meticulously planned the operation, believing that his former employer will require his help to fix the software.
ARINC India maintains the servers that run the Common Use Passenger Processing System (CUPPS) and Baggage Reconciliation System (BRS) for check-in, boarding and baggage handling. CBI has charged Kalluraya with administering a malicious script ‘kill.cmd’ to the servers.
Kalluraya worked with ARINC as the system development lead. Later, he shifted to other companies in Bangalore. “But he believed that he and his team were not given sufficient opportunities for career advancement. He wanted to prove his worth to his former employer by bringing down CUPPS and BRS systems at the T3. He anticipated that ARINC will require his help for the recovery of the system,” disclosed the CBI investigation.
According to investigators, when the system was disrupted on June 29, 2011 between 2.56am and 2.56pm, initial probe suspected an insider job as it was extremely difficult for an outsider to write a malicious script with the sole purpose of damaging the system.
There were multiple levels of security, requiring different access credentials.
The probe also revealed that the system was remotely accessed in Bangalore and that between June 9 and June 28, it was accessed eight times by Kalluraya from different locations in Bangalore. And as a former employee, he had all the log-in credentials to access multiple servers. “This investigation is a lesson in how companies should secure their systems by constantly changing access mechanisms,” said a CBI officer.
During the 12-hour period, the malicious script had run riot with only 14 counters operating at T3. The airlines had resort to manual check-in, badly affecting passenger processing services.