US airport websites knocked offline by pro-Russia hackers

A pro-Russian group is claiming credit for a series of disruptions that temporarily knocked the websites of some US airports offline. 

The group, called Killnet, has engaged in a series of cyberattacks in recent months against Western targets, including incidents that temporarily rendered some state government websites offline last week, according to cybersecurity experts.

The attack caused intermittent delays with accessing LaGuardia Airport’s website, for 15 minutes starting about 3 a.m., according to a Port Authority spokesperson. There was no operational impact.

Los Angeles International Airport issued a statement saying its website was partially disrupted and that the interruption was limited to portions of the public-facing website. There were no disruptions to internal airport systems nor were there any operational difficulties, according to the statement.

Websites for O’Hare and Midway airports in Chicago were offline Monday, according to a statement from the Chicago Department of Aviation, but no airport operations were affected. 

On Killnet’s Telegram channel, the group claims to have launched attacks against dozens of US airports though it wasn’t immediately clear how many of the airports were actually hit and whether the victims suffered any disruptions.

The Transportation Security Administration, which oversees airport security, referred questions to the individual airports. The Federal Aviation Administration said it would defer comments to TSA.

The FAA’s air-traffic website showed no indications of any flight disruptions from the cyberattacks. Similarly, the tracking website FlightAware.com showed relatively few delays or flight cancellations across the country. The FAA’s air-traffic computers are designed to remain off the internet and have dedicated communication lines to ensure they are safe from hacking.

Killnet mostly deploys distributed denial-of-service, or DDoS, attacks, which direct large amounts of junk online traffic toward a site to knock it offline. While disruptive and irritating, such attacks can usually be mitigated and the overall impact tends to be minimal. 

“It’s easy to overestimate DDoS attacks because they are so easy to notice and very visible,” said John Hultquist, vice president of threat intelligence for Mandiant Inc. “But, ultimately, they’re superficial and short-term.”

A representative for the US Cybersecurity and Infrastructure Security Agency said the agency is aware of reports of DDoS attacks targeting airport websites. The agency was coordinating with the affected parties and offering assistance, the representative said.

Last week, Killnet waged hacks against as many as 15 state websites, according to Check Point Research Technologies Ltd., which says the group represents better organized and more sophisticated style of hacktivism. Sergey Shykevich, threat intelligence group manager at Check Point Software, said Killnet started around the time of Russia’s invasion of Ukraine in February.

While the group initially focused on Ukraine, it quickly shifted to the West, he said, targeting Eastern Europe, Japan and the US. Killnet has claimed more than 550 attacks between late February and September but only 45 of them were against Ukraine, according to Check Point’s research.

Shykevich described the group as Russian-related, saying there isn’t any proof they are tied to the Russian government. The group’s attacks attacks focus on targets that have made negative remarks about Russian or don’t align with its politics, he said.

Killnet continued to boast about its attacks on its Telegram channel Monday, urging others to join. “How about join forces and put down all the US airports?” the group wrote with a melting-face emotive. “Let the Hunger Games begin in USA.”