US Airport Websites Knocked Offline by Pro-Russia Hackers

Connect with us

(Bloomberg) — A pro-Russian group is claiming credit for a series of disruptions that temporarily knocked the websites of some US airports offline.

Most Read from Bloomberg

The group, called Killnet, has engaged in a series of cyberattacks in recent months against Western targets, including incidents that temporarily rendered some state government websites offline last week, according to cybersecurity experts.

Los Angeles International Airport issued a statement saying its website was partially disrupted and that the interruption was limited to portions of the public-facing website. There were no disruptions to internal airport systems nor were there any operational difficulties, according to the statement.

The site for LaGuardia Airport was also affected, in addition to Des Moines International Airport, ABC News reported. Websites for O’Hare and Midway airports in Chicago were offline Monday, according to a statement from the Chicago Department of Aviation, but no airport operations were affected.

On Killnet’s Telegram channel, the group claims to have launched attacks against dozens of US airports though it wasn’t immediately clear how many of the airports were actually hit and whether the victims suffered any disruptions.

The Transportation Security Administration, which oversees airport security, referred questions to the individual airports. The Federal Aviation Administration said it would defer comments to TSA.

The FAA’s air-traffic website showed no indications of any flight disruptions from the cyberattacks. Similarly, the tracking website showed relatively few delays or flight cancellations across the country. The FAA’s air-traffic computers are designed to remain off the internet and have dedicated communication lines to ensure they are safe from hacking.

A representative for the US Cybersecurity and Infrastructure Security Agency didn’t immediately respond to phone calls and emails.

Killnet mostly deploys distributed denial-of-service, or DDoS, attacks, which direct large amounts of junk online traffic toward a site to knock it offline. While disruptive and irritating, such attacks can usually be mitigated and the overall impact tends to be minimal.

“It’s easy to overestimate DDoS attacks because they are so easy to notice and very visible,” said John Hultquist, vice president of threat intelligence for Mandiant Inc. “But, ultimately, they’re superficial and short-term.”

Last week, Killnet waged hacks against as many as 15 state websites, according to Check Point Research Technologies Ltd., which says the group represents better organized and more sophisticated style of hacktivism. Sergey Shykevich, threat intelligence group manager at Check Point Software, said Killnet started around the time of Russia’s invasion of Ukraine in February.

While the group initially focused on Ukraine, it quickly shifted to the West, he said, targeting Eastern Europe, Japan and the US. Killnet has claimed more than 550 attacks between late February and September but only 45 of them were against Ukraine, according to Check Point’s research.

Shykevich described the group as Russian-related, saying there isn’t any proof they are tied to the Russian government. The group’s attacks attacks focus on targets that have made negative remarks about Russian or don’t align with its politics, he said.

Killnet continued to boast about its attacks on its Telegram channel Monday, urging others to join. “How about join forces and put down all the US airports?” the group wrote with a melting-face emoji. “Let the Hunger Games begin in USA.”

(Updates with additional details throughout.)

Most Read from Bloomberg Businessweek

©2022 Bloomberg L.P.

Leave a Reply

Your email address will not be published. Required fields are marked *