Sirena-Travel Sirena-Travel

Sirena-Travel is the owner of a data processing center equipped with computer and communication equipment, software and hardware of ARS Sirena Travel, as well as the Moscow switching node of the Sirena data transmission network.

CJSC Sirena-Travel is a Russian supplier of service automation systems in the field of air transportation. The line of solutions of CJSC Sirena-Travel includes:

• global distribution system - GDS Sirena-Travel (GDS);
• inventer system "Siren-2000";
• Sirena.Revenue airline revenue management system;
• SEB electronic ticket server;
• e-commerce solutions - FORS, WS-Gate;
• MyPayments processing system;
• passenger and baggage check-in system - DCS Astra,
• MySirena charter booking module (selected by Aeroflot).

The company's clients are over 100 air carriers, more than 500 accredited agencies throughout the Russian Federation (excluding sub-agency networks).

History

2024

The court appointed top managers of Sirens-Travel to ban certain actions in the case of leakage of these airline passengers

In April 2024, the Khoroshevsky Court of Moscow appointed two top managers of the developer of the Sirena-Travel air ticket booking system to ban certain actions in the case of leakage of these airline passengers. Read more here.

Searches

On April 3, 2024, security officials came to search the Sirena-Travel company, the developer of the Leonardo IT air ticket booking system. According to Kommersant, citing its sources, officers of the Ministry of Internal Affairs, the FSB and the Russian Guard held operational measures at the company's office on Leningradsky Prospekt in Moscow. Documents were seized.

According to the newspaper, the searches may be associated with large-scale attacks on the IT infrastructure of the Russian ticket booking system in the fall of 2023 (then Russian airlines, in particular the entire Aeroflot group, Ural Airlines and Red Wings, had interruptions in passenger registration), and law enforcement officers are studying the technique to establish "possible vulnerabilities." According to one of the interlocutors, Siren-Travel notified law enforcement agencies "about incidents in the field of information security, provides access to all the necessary documents and data during the investigation."

𝓲

Unsplash

The publication also notes that the same building where the Sirena-Travel office is located is JSC Research Center for Automated Design Systems (NIC ASK; this IT company provides engineering enterprises with services in the field of computer support). And there are operational measures on April 3, 2024. However, whether these two processes are connected is unknown to the sources of Kommersant.

The publication adds that investigative actions could also be carried out in the houses of the defendants in this case: the Meshchansky Court of Moscow on April 3, 2024 allowed the Ministry of Internal Affairs to hold events in the houses of two private individuals.

Earlier on April 3, 2024, the Shot Telegram channel reported that the SOBR fighters came to the building of the ASK Research Center, citing a source.^[1]

2023 Report on the hacking of the Siren-Travel passenger information database

On September 22, 2023, the media reported that hackers allegedly managed to hack into the database of the Russian company Sirena-Travel, which contained information about airline passengers, their insurance, as well as other personal data. The message about the hack was published on the Telegram channel of the KibOrg hacker community.

According to them, a certain Muppets group is behind the hack. According to hackers, the hack yielded about 3.5 billion records, including passenger phone numbers, and 664.6 million records with personal data, flight numbers, routes, fares and other information. This data covers the period from 2007 to 2023.^[2]

Notes