Charging fellow cabbies stuck at John F. Kennedy airport in New York $10 each to skip ahead in the busy taxi lines outside seemed like a brilliant plan for drivers Daniel Abayev and Peter Leymen — especially when aided with the help of Russian hackers — but this week, the kickback saga ended with dual prison sentences.
Appearing before U.S. District Judge Paul Crotty on Monday in Manhattan, Abayev was sentenced to four years for the criminal conspiracy while Laymen received two years. The discrepancy was due to Abayev’s role as leader in the plot which saw up to 1,000 “fraudulent taxi trips” roll out of the airport daily for more than a year, according to a statement from prosecutors and confirmed in court records reviewed by Law&Crime.
A sentencing letter explained that the taxi dispatch hacking scheme began in November 2019 and continued through 2021 as the Queens-based cabbies conspired with Russian hackers Aleksandr Derebentc and Kirill Shipulin to access the Port Authority Dispatch System and by “bribing someone to insert a flash drive containing malware into computers” connected there and more.
Once they had achieved unauthorized access, which included access via stolen tablets, all four of the men manipulated the system over Wi-Fi, changing up the order of taxis in line so those who paid could cut to the front.
“Individual taxi drivers paid the members of the Hacking Scheme in a variety of ways, including through a mobile payment system or in cash. Taxi drivers learned that they could skip the taxi line by paying $10 to members of the Hacking Scheme through word of mouth, and members of the Hacking Scheme offered some taxi drivers waivers of the $10 fee in exchange for recruiting other taxi drivers to pay the $10 fee to skip the taxi line. In some cases, brokers purchased trips in bulk from the members of the Hacking Scheme, and then gave those trips to taxis they controlled,” prosecutors said.
Abayev was the one who conceived of the scheme and who recruited Derebentc to handle the “technical aspects.” While he was in the U.S., he and Layman stayed in contact with Derebentc and Shipulin to provide updates or instructions.
It was early into the plot when Abayev quipped to his hacker confidant Derebentc: “I know that the Pentagon is being hacked. So, can’t we hack the taxi industry[?]”
Prosecutors say Abayev, who was paranoid about surveillance, attempted to shield his communications by using Telegram. In a large group chat for cabbies, Abayev sent thinly-veiled messages:
DEAR DRIVERS !!!! PLEASE !!!!
Do not wait at the gas station in JFK
Please do not go around the CTH Lot (Face emoji, plane emoji)
Please do not wait at Rockway av (Police emoji)
You have to be very very carefully (Two police emoji)
Both he and Leyman kept track of their profits in a detailed spreadsheet, often boasting to each other of their success.
“On our end this is absolutely a record. Here we almost have 600. We netted at least 500. This has never happened before. . . . This is exactly the level that I want to have every day. . . Now in the morning we are going to collect the dough,” Abayev wrote, according to the government’s Jan. 29 sentencing letter.
He and Layman kept 25% of the profits and sent 50% back Shipulin and Derebentc.
The Justice Department said Monday that Shipulin and Derebentc are still at large.
In addition to their prison sentences, Abayev and Layman were ordered to forfeit just under $162,000 in assets and pay $3.4 million in restitution.
Leyman pleaded guilty to a single count of conspiracy to commit computer intrusion last October. Leyman also pleaded guilty to the same charge. Derebentc and Shipulin have been charged for their roles but remain on the run and are suspected to still be in Russia.
Court documents fail to illuminate what hack of the Pentagon Abayev might have been referring in his quip to his co-conspirator, but the Defense Department has certainly fallen victim to hackers before.
In October 2023 the email addresses of more than a half-million Defense Department and Justice Department employees were breached in a massive cyberattack that officials said was spurred by criminal Russian hackers. In addition to email addressees, Bloomberg reported at the time that internal government employee surveys were exposed as well as tracking codes and other sensitive data once hackers got in through a file transfer program called MOVEit.
A program known as Hack the Pentagon was launched by the Department of Defense in 2016 and for nearly a decade, the program has been aimed at having “white hat” hackers detect vulnerabilities and bugs in Pentagon systems. A report last summer from Security Week noted these good-guy hackers have helped expose 2,100 vulnerabilities in Pentagon systems and have earned over $650,000 in so-called bounty payments.
Have a tip we should know? [email protected]