Cyberattacks Are Threatening Airports Nationwide
Russian hackers coordinated cyber attacks that took down computer systems in over a dozen airports including LaGuardia in New York, O’Hare in Chicago, Hartsfield-Jackson in Atlanta, and Los Angeles International Airport in California.
A cluster of cyberattacks shut down over a dozen U.S. airport websites on the morning of October 10. Russian-speaking hackers claimed responsibility for the attack which began around 3 a.m. EST and temporarily disabled 14 customer-facing websites. The disruption did not affect air traffic control or other key operations, but it did cause a great deal of inconvenience for travelers attempting to access flight information.
Targeted airports included four of the country’s biggest airline hubs: LaGuardia in New York, O’Hare in Chicago, Hartsfield-Jackson in Atlanta, and the Los Angeles International Airport. Security experts said the cyberattack appeared to be a coordinated series of distributed denial of service (DDoS) incidents. Most of the affected websites were brought back online within hours, but some were not fully functional until Tuesday morning.
An unnamed official from the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) confirmed the attack to USA TODAY. “CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed.” The official declined to offer any additional information, including information on who might have been responsible.
However, a Russian group of “hacktivists” called KillNet claimed they were behind the cyberattacks, stating their responsibility on a Twitter account called the Russian Service of the Voice of America. Hacktivists are individuals or groups who gain unauthorized access to computer networks to push their social or political goals. According to Grunge, KillNet has a mission to stop anti-Russian aggression against the Kremlin.
A Politico report states that many Russians support KillNet’s mission and see their cyberattacks as heroic actions against Russia’s enemies. In May 2022, the group released a video declaring war on the U.S., the U.K., Ukraine, Poland, Estonia, Lithuania, Romania, Latvia, Italy and Germany. The group is comprised of volunteers who form squads that coordinate to perform DDoS attacks.
As the name indicates, distributed denial of service attacks flood and overwhelm servers with malicious online traffic. This sudden barrage of traffic ties up resources and blocks legitimate users from connecting to the site or accessing its services. KillNet has executed a series of DDoS cyberattacks since April 2022.
Cybersecurity experts sometimes find DDoS attacks tricky to resolve because they involve a botnet. A botnet is a network of computers (bots) infected with malware and controlled from a single point. Botnets are often distributed around the world, which means the cyberattacks come from multiple traffic sources and are harder to block than an attack from one isolated IP address.
“DDoS attacks are favored by actors of varying sophistication because they have visible results, but these incidents are usually superficial and short-lived,” John Hultquist, a vice president at Mandiant, a Google-owned cybersecurity firm told CNN. DDoS attacks are usually performed by groups seeking attention, not by groups capable of creating significant disruptions, such as interfering with critical airport operations. KillNet has also claimed responsibility for several other recent cyberattacks, with targets including a German railroad and government websites in Colorado, Kentucky and Mississippi.
A Transportation Security Administration (TSA) spokesperson said the TSA is monitoring the situation and working with airports to resolve issues resulting from the most recent attack. Frank Cilluffo, a former White House cybersecurity official, said that the attacks could be the start of an ongoing trend. “While likely the handiwork of ‘hacktivists’ sympathetic to Russia, this incident underscores that we are likely to see more such nuisance cyber activity moving forward.”
