Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.
The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series of Distributed Denial of Service (DDoS) incidents, which did not affect the actual operations of the airports or planes flying into and out of them.
“CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed,” said the official, who declined to speak on the record or provide any more information about the cyber attacks and who might have been responsible.
Russian-speaking “hacktivists” from a group calling itself KillNet claimed responsibility for the attacks, which temporarily took down websites at 14 airports, including the Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX), according to the official Twitter account of the Russian service of the Voice of America.
DDoS attacks are used to overwhelm computer servers by sending them many thousands of requests at the same time, according to CISA. In this case, the servers hosting the airport sites were swamped with thousands of requests, making it all but impossible for travelers to connect and to get updates about their scheduled flights or book airport services, according to Frank Cilluffo, a former White House cybersecurity official.
Smart analysis delivered to your inbox:Sign up for the OnPolitics newsletter
Cilluffo said such DDoS attacks usually are intended to generate attention rather than to cause significant destruction or even disruption, such as taking down the operations of airports.
“But they are not trivial and in this case they could be the beginnings of a larger trend,” said Cilluffo, the director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. “While likely the handiwork of ‘hacktivists’ sympathetic to Russia, this incident underscores that we are likely to see more such nuisance cyber activity moving forward.”
“More importantly, cyber activity cannot be treated in isolation of broader geo-politics, and it is necessary to discriminate between annoyances perpetrated by hacktivists and more significant cyber incidents against our critical infrastructure and critical services sponsored by Russia or its proxies,” Cilluffo told USA TODAY. “We need to continue to keep our eye on the ball and shields up with respect to the latter.”
Kiersten Todt, CISA chief of staff, said the agency is on heightened alert. “Obviously, we’re tracking that, and there’s no concern about operations being disrupted,” Todt said Monday at a security conference in Sea Island, Georgia, according to CNN.
Last week, KillNet attacked other U.S. targets, including government websites in Colorado, Kentucky, and Mississippi, according to CNN.
Glenn Gerstell, the general counsel of the National Security Agency from 2015 to 2020, said such attacks are notoriously hard to attribute, especially so soon after such a broad and seemingly coordinated series of incidents. But he said the Russian government, perhaps using private-sector private hacker groups as it often does, is by far the most likely suspect.
“It’s hard to believe it’s the work of just random criminals or teenage hackers just having fun, because it does seem to be coordinated with an attack on multiple major airline airport websites,” said Gerstell, who also served on the president’s National Infrastructure Advisory Council. The council reports to the president and the secretary of Homeland Security on security threats to the nation’s infrastructure.
“It does certainly illustrate our vulnerability here in the United States to cyber attacks attributable to actions and political events that happen halfway around the world,” Gerstell said.
It’s good news that no operational systems appear to have been taken down, said Gerstell, who is now a senior advisor to the International Security Program at the Center for Strategic & International Studies in Washington, D.C.
“It doesn’t seem to have affected airline operations or airport operations, much less airport control,” he said. “But it does highlight our vulnerabilities in information technology, and how we all rely on it, whether it’s just using our cell phones to check when a flight is coming or departing or the current operations at an airport that’s congested.”