Robert Greene Tech 10.10.2022 21:Oct PM EDT

14 Public Websites of US Airports Go Offline Due to Hackers

Hackers had forced 14 public websites of 14 airports in the United States at around 3 a.m. ET on Monday, Oct. 10. Authorities were quick to allay fears saying the hacking incident did not disrupt the operations of the impacted airports.

Cybersecurity officials have tracked the attack, Kiersten Todt, Chief of Staff of the US Cybersecurity and Infrastructure Security Agency (CISA), told a press conference in Sea Island, Georgia, on Monday, Oct. 10.

US Airports Operations Not Disrupted

"There's no concern about operations being disrupted," the official said.

Russian-speaking hackers named "Killnet" launched a distributed denial of service (DDoS) and succeeded in shutting down the public-facing websites of the airports for 15 minutes.

Some of these websites, such as LaGuardia, LAX, and O'Hare, went offline, affecting travelers who were waiting for security checks and other information.

The attack, however, failed to disrupt the airport's internal communications, traffic control, and other critical operations, an airport official said.

ABC News reported that a LaGuardia spokesperson said the DDoS attack lasted for 15 minutes resulting in "intermittent delays accessing the LaGuardia airport website."

Cybersecurity Defense Did Its Job

The cybersecurity defense system, according to the official, did its job of addressing the problem immediately.

After the attack was detected, federal and airport officials were alerted.

The CISA and the Federal Bureau of Investigation, agencies under the Department of Homeland Security, said they were fully aware of the malicious attack.

The attack has not impacted the critical operations of the airports, the Port official said.

At around 10:30 a.m. ET, the Atlanta International Airport announced that its public website was back and running.

Atlanta airport officials said the airport operations went on as usual, even at the height of the attack.

Pro-Russia Hacker Group

Authorities identified Killnet as a pro-Russia hacker group, but there is no evidence that the Russian government is behind the group.

In the past, groups similar to Killnet have been identified with government actors. No evidence has been found to link the recent attack to the Russian government.

The Russian-speaking hackers may have acted on their own, officials said.

CISA and Transportation officials are closely monitoring the situation.

What Is a DDoS Attack?

A DDoS attack, acccording to Cloud Fare, disrupts the normal volume of traffic of the targeted server or network. In this case, the US airport servers were the target.

A bird's eye view of the attack looks like a sudden traffic jam and disrupts the normal flow of traffic, delaying the arrival of travelers to their destinations.

The attack works by flooding the target server or network with internet traffic using a network of machines connected to the internet.

These machines are either computers or IoT devices, often referred to as bots or virtual zombies. A group of bots is called a botnet.

The hackers would maliciously infect these machines with malware allowing them to control these tools remotely.

Once established, the attackers could direct the attack against a server or network by giving instructions to the individual bot. Each bot will send the request to the targeted IP address overwhelming it in the process.