The websites of a handful of US airports, including those in Atlanta, Chicago, New York and Los Angeles, were taken offline during a cyber attack on Monday, although officials said there was no no effect on flight operations.
Managers at several airports said they notified the FBI and the Transportation Security Administration about the cyberattacks. In a statement, the FBI said it was aware of the incident but had no additional information. The TSA declined to comment, referring inquiries to individual airports.
The attacks were carried out by a group of pro-Russian hackers known as Killnet, according to John Hultquist, vice president of intelligence at Mandiant, a US cybersecurity firm. Killnet called for coordinated denial-of-service attacks on cyber targets based on a list it posted on its Telegram channel, a list that included several major US airports. Denial of service attacks occur when a target is flooded with traffic until it cannot respond or crashes.
Although highly visible, Hultquist characterized these attacks as more of a “public nuisance” than serious security threats because they do not target important internal systems that could affect an airport’s operations. Still, when they do take place, he said, they’re effective at getting the public’s attention.
Officials at the Cybersecurity and Infrastructure Security Agency, which is charged with understanding, managing and reducing risks to the nation’s physical and cyber infrastructure, did not respond to a request for comment Monday.
The Port Authority of New York/New Jersey said the LaGuardia Airport website experienced a denial of service incident around 3 a.m. Monday that caused intermittent delays for those trying to access the place
“The Port Authority’s cybersecurity defense system did its job by detecting the incident quickly, addressing the issue within 15 minutes and allowing us to alert others by immediately notifying federal authorities,” the agency said in a statement, adding that there was no effect on any Port Authority facilities.
At Denver International Airport, the attack began around 11 a.m., officials said.
Los Angeles International Airport administrators said in a statement that the airport’s website was partially disrupted, limited to parts of the public site. They said the airport’s information technology team restored all services and is investigating the cause.
“No internal airport systems were compromised and there were no operational disruptions,” the statement said.