Cyberattacks down airport websites, travel operations not disrupted

Russian-speaking hackers picked a new target to overwhelm: airport websites and the travel sector.

The hacking collective Killnet that flooded state government websites with traffic last week took aim this week at the airline industry, publishing a list of airport websites as targets on the tech platform Telegram.

Airports in the cyberattackers’ crosshairs included Atlanta’s Hartsfield-Jackson International Airport, Chicago’s O’Hare International Airport, and Denver International Airport, among several others.

The Hartsfield-Jackson International Airport’s website went down on Monday but access was restored by the afternoon and officials said it did not disrupt the airport’s function.

“An investigation into the cause of the incident is underway,” the Atlanta airport said on Twitter. “At no time were operations at the airport impacted.”

Both O’Hare International and Midway International airports similarly went offline but the Chicago Department of Aviation said it did not disrupt airport operations. Denver International Airport’s website was also unreachable amid the hacking campaign, according to the Denver Post.

The airports fell victim to Killnet apparently organizing distributed denial of service attacks, which overwhelm internet targets with a flood of traffic.

The Biden administration cautioned against thinking the hacks were sophisticated while saying it took the threat seriously. National Cyber Director John C. Inglis told CNBC on Monday the attacks largely appeared to be a defacement effort rather than something seriously disruptive.

“I would say we should be concerned about it, we should address that, we should make sure that those services are restored but we should make sure we discriminate between that and an actual threat to critical services,” he said.

Mr. Inglis said he was concerned about people’s confidence in the resilience of America’s systems, particularly fretting people would misconstrue a small swipe in cyberspace as indicative of a broader attack causing fear.

Emsisoft threat analyst Brett Callow said Killnet’s aim at the airports looks to be more “nuisance-level” activity but it could succeed in making Americans nervous. He said such efforts create fear, uncertainty and doubt about America’s ability to protect its critical infrastructure.

Check Point threat intelligence manager Sergey Shykevich said Killnet is likely to continue waging its distributed denial of service attacks against vulnerable targets in the U.S.

He said Killnet focuses on prominent websites that are not the most well-protected but whose outages cannot be ignored.

“We shouldn’t be surprised if we see more from Killnet this week,” Mr. Shykevich said in a statement.

Killnet posted more targets for attacks on Telegram on Tuesday, this time focusing on websites of J.P. Morgan Chase bank. The bank’s websites did not appear down on Tuesday at the time of publication.

• This article was based in part on wire service reports.