SMEX urges the Lebanese government and relevant authorities to undertake a transparent investigation to identify the party responsible for the breach, determine the nature of the incident, and implement essential measures to safeguard individuals’ privacy and data. Additionally, we demand the fortification of cybersecurity protocols not only at Beirut Rafic Hariri International Airport but also across all public facilities and official platforms.
On Sunday evening, January 7, 2024, Beirut Rafic Hariri International Airport’s screens were hacked, displaying political messages instead of flight numbers and timings. The cyber breach also led to the temporary suspension of luggage belts.
The following day, the Minister of Public Works and Transport Ali Hamieh in the caretaker government declared the ministry’s commitment to investigating the breach, emphasizing that despite the damage incurred, the airport remained operational.
The minister held a press conference disclosing that the Lebanese security services successfully identified the breach and how it happened. He further highlighted ongoing measures to determine the type of the breach, assess the extent of the damage, and identify the responsible party, whether internal or external.
On Monday, Fadi El-Hassan, the Director General of Civil Aviation, reported that the defects in the screens across arrival and departure halls and throughout the passengers’ terminals have been handled, with normal functionality restored.
How did the breach happen? Likely Scenarios
Official authorities in Lebanon have yet to release a statement regarding the breach at Beirut’s airport, with ongoing investigations being conducted by the Lebanese security services, as confirmed by the Minister of Public Works.
As of now, no entity has disclosed any compromise of data regarding airport information, flight details, or passenger records. However, the severity of this incident hinges on the underlying motive of the cyberattack, according to the technical team at SMEX. If it is confirmed that data has been compromised, the risk escalates significantly.
A technical expert at SMEX highlights the potential threats: “If the perpetrators were capable of altering screen content and disabling the Baggage Handling System (BHS), this suggests possible installation of malware on the compromised system.”
The Lebanese authorities have yet to identify the root cause of the airport breach, with speculation suggesting potential origins from internal, external, or even governmental sources.
The technical team at SMEX has outlined various conceivable scenarios for the breach at Lebanon’s sole primary airport:
- The breach may have originated from the internal network, potentially through the installation of malicious software by an individual with access within the airport.
- Another possibility involves the compromise of an employee’s device through social engineering or a phishing link delivered via email or other means. Clicking on such links could install malicious software on the employee’s device, allowing the hacker to access the screen system and manipulate luggage handling.
- An employee with system access may have been recruited through blackmail, bribery, or threats, facilitating unauthorized access to the airport’s systems.
Weak Cybersecurity and Weaker Privacy
In the years leading up to the Lebanese financial crisis in 2019, the government approved a number of plans and laws that would protect people’s data. These include the Electronic Transactions and Personal Data Law (81/2018) and the National Cybersecurity Strategy in 2019.
SMEX’s analysis has revealed a deficiency in basic protection standards, privacy policies, and other measures aimed at safeguarding residents’ data on numerous state-initiated platforms.
During the COVID-19 pandemic, the government launched various data-collecting platforms that provide services ranging from vaccine distribution and virus tracking to scheduling passport appointments and offering social support to vulnerable families. Subsequent platforms were established for state entities such as the Traffic Management Authority, the Ministry of Finance, the Public Corporation for Housing, and many more.
These developments took place without initiating and implementing a national cybersecurity strategy to establish clear foundations and standards for official platforms and websites, despite the strategy’s presence in the activities of the current government led by Najib Mikati.
For instance, a cursory examination of the Presidency of the Council of Ministers’ website reveals a lack of even the most basic protection measures, such as an SSL certificate for establishing an encrypted connection between users and the website.
Towards a Transparent Investigation and Strict Preventive Measures
Pending the investigation alluded to by the Minister of Public Works and Transport, and subsequently the Minister of the Interior, the Lebanese government and relevant agencies should prioritize the following actions:
- Initiate and conduct a transparent investigation to uncover the details and circumstances surrounding the breach.
- Determine the responsible party for the breach and ensure accountability for their actions.
- Implement necessary preventive measures to enhance the cybersecurity of the airport and secure all official institutions and platforms.
- Safeguard the privacy of users’ data by promptly notifying them in case of any breach. Clearly communicate which data was compromised or leaked and provide information on how relevant authorities are addressing the matter, along with guidelines for future protection.
- Activate and enforce cybersecurity strategies and committees dedicated to this field. Give paramount importance to securing the official digital sphere.
In the main image shared by users from Beirut Rafic Hariri International Airport in the aftermath of the breach, paper signs are prominently featured, indicating a makeshift system to guide passengers to their respective flights.