The National Crime Agency (NCA) has arrested and released on bail a man in his forties in connection with the cyber incident that affected flights at Heathrow and other European airports over the weekend.
In a statement, the agency said its officers, supported by the South East Regional Organised Crime Unit (ROCU), arrested the man in West Sussex on the evening of 23 September on suspicion of Computer Misuse Act offences. He has been released on conditional bail.
The man was arrested as part of an investigation into a cyber attack on Collins Aerospace.
The incident, which was reported on 19 September, affected flights at Heathrow and other European airports over the weekend.
NCA officers, supported by the South East ROCU, made the arrest in West Sussex yesterday evening on suspicion of Computer Misuse Act offences.
Paul Foster, head of the NCA’s National Cyber Crime Unit, said, in a statement: “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing.
“Cyber crime is a persistent global threat that continues to cause significant disruption to the UK,” he added. “Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public.”
The incident caused disruption at airports including Heathrow, Berlin Brandenburg, Brussels and Dublin as staff resorted to pen and paper.
The European Union’s ENISA cyber security agency and the UK’s National Cyber Security Centre (NCSC) are among those who were scrambled after what seems to have been a ransomware attack on the systems of Collins Aerospace. ENISA confirmed the attack was ransomware on 22 September.
The core system impacted was Collins’ ARINC Multi-User System Environment software platform, which runs services such as electronic check-in and baggage management, and is designed to enable airlines to share staff and passenger-facing resources such as check-in desks and automated kiosks.
The BBC has reported it has seen an internal memo sent to airport staff at Heathrow about the difficulties software provider Collins Aerospace is having bringing their check-in software back online.
It is also reporting that extra staff have been deployed at Heathrow to help passengers and check-in staff but flights are still experiencing delays.
Berlin Airport said on Wednesday morning that “check-in and boarding are still largely manual”, which would result in “longer processing times, delays and cancellations by airlines”.
In an interview with Computer Weekly earlier this year, Will Lyne, head of cyber intelligence at the National Crime Agency, said ransomware is the highest-priority cyber crime threat to the UK, and has gone from a “niche cyber crime issue in the late 2010s to being a national security problem”, partly because of a democratisation of the threat technology, which is cheaply and easily available.
