ATLANTA — On Monday, at least 14 airport websites and travel information websites were the target of a coordinated hack, seemingly for political gain and attention.
Atlanta's Hartsfield-Jackson International Airport was one of the targets for the pro-Russian activists, in what cyber threat intelligence experts call the group's largest hacking effort to date.
"We're not surprised that they've started an attack like this, they've been sort of attacking some European nations, Eastern European nations, and starting to move west and actually started in late spring doing a very minimal denial of service attack on an airport in Connecticut, and then have had a few more attacks since then," said Tony Sabaj, Head of Engineering for Check Point.
Check Point is a cyber threat intelligence organization with hundreds of researchers, some of which, infiltrated the messaging app Telegram, where the hackers appear to coordinate and congratulate themselves on cyber attacks.
Researchers with Check Point sent 11Alive two screenshots from the hackers, where they encourage more attacks and even shared a CNN article. The group seemingly rejoiced in having their name mentioned in the article.
The attack on the airport websites is what's called a distributed denial of service (DDoS), which is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming a site with a flood of Internet traffic. It's similar to when a website might crash due to hundreds or thousands of users trying to access the site at the same time.
"They're truly what we call a 'hacktivism' type of group," Sabaj explained. "So they're not out for financial gain. They're out for political gain and to make a statement. This group appears to be a very pro-Russian group that is attacking countries that are supporting Ukraine in the current conflict."
The goal of the attacks appears to be solely for attention-seeking purposes, Sabaj said.
"Just like you would protest in front of a business or a government building. You're not doing it necessarily to cause financial damage, but you're doing it as a platform to get your point across," Sabaj said.
The attacks did not disrupt actual airlines or flights, but rather targeted sites, where customers would check flight information and TSA wait times.
“We noticed this morning that the external website was down, and our IT and security people are in the process of investigating,” said Andrew Gobeil, a spokesman for Hartsfield-Jackson International Airport. “There has been no impact on operations.”
Sabaj noted it appears the latest attack by the group, who Check Point has followed for the past year, is the largest successful attack to date. The upside, Sabaj said, is DDoS attacks recovery period is fairly quick and there should be no concern for any consumer who may have tried to use one of the websites.
"They weren't going after information. It wasn't like a breach of information like we've seen in many attacks, where personally identifiable information was gathered," Sabaj explained. "This was really just an overflow of the website, to make it inoperable or unreachable by people. So, it's really a disruption in service and not a stealing of information."
Sabaj said he fully expects the group to continue targeting government websites in countries that show support for Ukraine. He also expects airlines to continue to put in mitigation tools to thwart future attacks.