Hackers took down U.S. airport websites, Department of Homeland Security confirms
Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.
The official from DHS' Cybersecurity and Infrastructure Security Agency, or CISA, declined to comment on who might have been behind what appeared to be a coordinated series of distributed denial of service (DDoS) incidents, which did not affect the actual operations of the airports or planes flying into and out of them.
"CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed," said the official, who declined to speak on the record or provide any more information about the cyberattacks and who might have been responsible.
Russian-speaking "hacktivists" from a group calling itself KillNet claimed responsibility for the attacks, which took down websites at 14 airports, including Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX), according to the official Twitter account of the Russian service of the Voice of America.
DDoS attacks are used to overwhelm computer servers by sending them many thousands of requests at the same time, according to CISA. In this case, the servers hosting the airport sites were swamped with thousands of requests, making it all but impossible for travelers to connect and to get updates about their scheduled flights or book airport services, according to Frank Cilluffo, a former White House cybersecurity official.
Smart analysis delivered to your inbox: Sign up for the OnPolitics newsletter
Cilluffo said such attacks usually are intended to generate attention rather than to cause significant destruction or even disruption, such as taking down airport operations.
"But they are not trivial and in this case they could be the beginnings of a larger trend," said Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. "While likely the handiwork of ‘hacktivists’ sympathetic to Russia, this incident underscores that we are likely to see more such nuisance cyber activity moving forward.
"More importantly, cyber activity cannot be treated in isolation of broader geopolitics, and it is necessary to discriminate between annoyances perpetrated by hacktivists and more significant cyber incidents against our critical infrastructure and critical services sponsored by Russia or its proxies," Cilluffo told USA TODAY. "We need to continue to keep our eye on the ball and shields up with respect to the latter."
Kiersten Todt, CISA chief of staff, said the agency is on alert. “Obviously we’re tracking that, and there’s no concern about operations being disrupted,” Todt said Monday at a security conference in Sea Island, Georgia, according to CNN.
More: Biden says 'we are prepared to respond' if Russia launches cyberattack against US
Last week, KillNet attacked other U.S. targets, including government websites in Colorado, Kentucky and Mississippi, according to CNN.
Glenn Gerstell, general counsel of the National Security Agency from 2015 to 2020, said such attacks are notoriously hard to pin on someone, especially so soon after such a broad and seemingly coordinated series of incidents. But he said the Russian government, perhaps using private-sector hacker groups as it often does, is by far the most likely suspect.
"It's hard to believe it's the work of just random criminals or teenage hackers just having fun, because it does seem to be coordinated with an attack on multiple major airline airport websites," said Gerstell, who also served on the president's National Infrastructure Advisory Council. The council reports to the president and the secretary of Homeland Security on threats to the nation's infrastructure.
"It does certainly illustrate our vulnerability here in the United States to cyberattacks attributable to actions and political events that happen halfway around the world."
More: Cyberattacks and disinformation are everyday tactics for Putin's Russia. Is that the future of war?
It's good news that no operational systems appear to have been taken down, said Gerstell, who is now a senior adviser to the International Security Program at the Center for Strategic and International Studies in Washington, D.C.
"It doesn't seem to have affected airline operations or airport operations, much less airport control," he said. "But it does highlight our vulnerabilities in information technology, and how we all rely on it, whether it's just using our cellphones to check when a flight is coming or departing or the current operations at an airport that's congested."
This article originally appeared on USA TODAY: Did Russian hackers take down U.S. airport websites?