The Hawaii Department of Homeland Security (DOHS) just announced that there has been a recent event impacting the state’s airports. Apparently, from the limited information available at this time, the attack was limited to the state’s airport websites rather than anything more serious. More information will be forthcoming.
Hawaii DOHS indicated that there had been a DDoS (distributed denial of service) attack which may be linked to other events that have occurred nationally. The release states that the attack may be from a “Russia-based hacker group Killnet.” The attack was focused on systems hosting the landing page for 15 HawaiÊ»i airport websites, including the Daniel K. Inouye International Airport.
Killnet is a pro-Russia hacker group known for its DDoS attacks.
The group has targeted government institutions and private companies in several countries since the 2022 Russian invasion of Ukraine. It is believed that the group was formed in early 2022.
Yesterday other major U.S. airports beyond Hawaii found their websites unreachable, although it has been reported that in no cases have flights been affected thus far. The Killnet group published a target list of websites on its Telegram chat channel.
These attacks are designed to have a big impact and be highly visible, while not as serious as further intrusions into networks and systems that have the potential to be devastating.
LAX, Chicago’s O’Hare and Midway, and Atlanta are among the other airports that have been hit. LAX said that “No internal airport systems were compromised and there were no operational disruptions.”
Killnet last week executed DDoS attacks on multiple state government websites.
This kind of attack often points to weaknesses in systems designed to help prevent or mitigate DDoS attacks. That will be in part what we learn of here in Hawaii. Governor Ige said, “The State of Hawai’i, in cooperation with federal partners, routinely works to prepare for and respond to cybersecurity-related incidents.”
As indicated in the press release, “This attack was focused only on the public-facing website for the airports and had no impact on internal systems, operations, or traveler safety.”
“We are in close contact with our federal partners at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation regarding the situation,” said Office of Homeland Security Administrator Frank Pace. “Events such as this highlight the importance of all organizations, public and private, remaining vigilant of cyber threats and implementing recommended security measures.”
Is Hawaii more vulnerable than most?
Last year, a Hawaii nonprofit, CyberHawaii, began educating the state and its businesses about such issues. As for intrusions, “they’re happening very, very often. We’re talking about somewhere in the neighborhood of every 11 seconds.” That is according to Special Agent in Charge John Tobon at Homeland Security Investigations Honolulu. There is a vulnerability in the travel sector, including our airports, and our electric grid, among other things. He added:
“Hawaii is especially vulnerable, or is especially a significant target, because of its strategic importance. All of the military bases and all of the military installations within the state of Hawaii are targets for these state actors, and along with the universities are also going to be targets.”
The Russian Group Killnet has been around, prominently at times, for years so why downplay them? The DOS Attacks on Simple Targets have often been found to be just a distraction from their Real Targets that have been infected almost at the same time. Our Cyber Security has all too often proved to be lackluster. When will We learn how to best protect our Public and Private Businesses?
Why say the Airport was hit? Why not just say the Airport Web site? Kind of leads people to think it’s worse than it was. For what it’s worth, there were other bloggers leading with the same type of headline.
This should not have happened. There are ways to mitigate DDOS attacks. Just configure perimter firewalls to drop those packets so the servers don’t even respond to the ping packets.
Yes, that’s what should be done. Quite irresponsible to leave so vulnerable. Concerning.