An apparently coordinated denial-of-service attack by pro-Russian hackers rendered websites at some major US airports inoperable Monday morning, though officials say flights were not affected.
The attacks, in which participants flood their targets with junk data, were orchestrated by a group calling itself Killnet. On the eve of the attacks, the group posted a list of its targets on its Telegram channel.
Although highly visible and primarily intended to cause psychological impact, Denial of Service (DoS) attacks are mostly an annoyance, unlike a hack that involves breaking into networks and can cause serious damage.
“This morning we noted that the external site was down, and our systems and security personnel are already in the process of investigating,” said Andrew Gobeil, a spokesman for Hartsfield-Jackson Atlanta International Airport. “There has been no impact on operations.”
Some public portions of the Los Angeles International Airport website were also affected, spokeswoman Victoria Spilabette said. “No internal airport system was in danger and there were no effects on operations.”
Spilabette said the airport notified the FBI and the US National Transportation Safety Board (NTSB), and the airport’s information technology team was already working to restore all services and investigate the cause. .
Several other airports on Killnet’s target list reported problems with their websites.
The Chicago Department of Aviation said in a statement that the websites for O’Hare and Midway airports were down Monday morning, but that no airport operations were affected.
Last week, the same group of hackers claimed responsibility for DoS attacks on state government websites of various entities.
John Hultquist, vice president of threat intelligence at cybersecurity firm Mandiant, tweeted that DoS attacks like the ones that hit airport portals and state governments are often brief and “superficial.”
“These are not serious impacts that will keep us awake at night,” he assured.
Instead, these attacks tend to reveal administrators’ inattentiveness to proper site protection, which now includes a DoS protection service.