@dang I feel like this qualifies for the "Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize" rule. The airports themselves are not under attack.
As far as "airport-travel related systems that could be affected without seriously impacting anyone's travel", "airport websites" are the top of the list.
I think the last time I used one, it was to find out if there was an airport lounge in a specific terminal.
"Airport Websites Briefly Unavailable" is a much less exciting, but much more accurate headline.
Every article about "cyber" is fundamentally fearmongering, because they incorrectly analogize to the physical world where security is outsourced to an ambient third party (post facto law enforcement), implying an attacker is the purely responsible party. In digital reality, this headline would be more appropriate as "Airline website insecurities taken advantage of by Russia to disrupt business". The focus should be on the irresponsible duct-tape-and-string operations these businesses are running, rather than the people half a world a way sweet talking the computers into misbehaving.
"... taken advantage of by an entity capable of causing Russian computers to convince U.S. computers to misbehave, or to convincingly mis-attribute that activity in at least the preliminary stages of an investigation."
Sure, it could be either malice or ignorance. But when there is a strong incentive to misrepresent this (views, ads), they lose the benefit of the doubt. Plus, if it is ignorance, then they have no business reporting on cyberattacks.
Journalism is a profession, not a gig, the practitioners have a professional responsibility to be able to report on their topic. Representing yourself as a professional while being ignorant is malice.
There's some irony that this is right after John Oliver did a whole episode on media fear mongering and the result of which is people thinking crime is increasing and their safety is decreasing.
> (NEW YORK) -- Some of the nation's largest airports have been targeted for cyberattacks Monday by an attacker within the Russian Federation, a senior official briefed confirmed to ABC News.
Senior official from what agency / organization are making those claims?
> The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion
Why would they be doing DDoS on this service?
> Hartsfield-Jackson Atlanta International Airport reported around 10:30 a.m. ET that its site is back up and running and that "at no time were operations at the airport impacted."
And operations are not being impacted...
I hear "Russia" is doing X and at this point I don't believe it without evidence being presented. Anonymous sources are equivalent to saying "some random person says X". Also why would they do anything with not negative impacts.
...the source literally isn't anonymous, it's Mandiant (not Mandian, that's a typo), and Mandiant has released so much evidence to back its claims over the years that if you can't by now at least give some credibility to the Mandiant name, you're not acting rationally.
He also directly states that this group is Russian but not acting on behalf of the Russian government in this case:
> Hultquist said there is no evidence the Russian government was involved in directing this attack.
There are two sources. Read the article carefully. There's an anonymous "senior official" and a person from "Mandian" (assuming ABC made a typo - Mandiant).
Do you want more than a name and a organization? Would you like John’s home address?
> Over a dozen airport websites were impacted by the "denial of service" attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandian[t], told ABC News. That type of attack essentially overloads sites by jamming them with artificial users.
>” Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.
> Over a dozen airport websites were impacted by the "denial of service" attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandian, told ABC News. That type of attack essentially overloads sites by jamming them with artificial users.
That's not a "senior official"; "official" implies government, that's a company.
Yes, I would like to know the government agency official providing this information.
>” Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.
What evidence supports this? IMO it's coming from that unspecified official. And yes, I think evidence needs to be provided before claims are made. They're just saying "I think it's these guys" ... because?
this killnet guys stated that they are starting USA airports DDOS in their telegram channel, they also provided list of airports and their urls
they've done similar things before, most of their "hacking" consists of ddosing some sites that they randomly decide are an enemy to Russia
If they truly do a cyber attack on infrastructure like they’ve been doing to Ukraine it will end in war. There’s a reason they are only attacking the wait time pages and not airport operations.
Read the book This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
by Nicole Perlroth. It has a chapter that shows a lot of what has been going on in Ukraine. One quote that stuck with me was a Ukrainian saying you guys (US/West) are next, they are practicing on us.
> One quote that stuck with me was a Ukrainian saying you guys (US/West) are next, they are practicing on us.
Don't forget this goes bi-directional. We (the West) aren't idle recipients of what others do to our countries without response and even preventive measures. Granted the main danger is that we basically have a lot more to lose than our self-proclaimed adversaries but that doesn't mean we are helpless.
> If they truly do a cyber attack on infrastructure like they’ve been doing to Ukraine it will end in war.
This has been the conventional wisdom, yes. Just like the conventional wisdom before February was that full scale land warfare between modern industrialized european nations was a thing of the past.
What we’ve seen over the last year invalidates all of that. If they could paralyze Ukraine with a cyberattack, they would have by now. That bodes pretty poorly for their ability to meaningfully impact the US.
They most certainly have thrown to Ukraine all they could do and it hasn't ended anything. It seems we have overestimating what Russia is capable of (like we did for their conventional forces).
The same operation has been doing DDoS attacks at various Russia-opponent-related targets for quite a long time, this is not a new unknown organization.
However, yes, there doesn't seem to be a reason to assert that it is ordered by the Russian state (specific attributions e.g. to a particular agency or individuals have been made for certain operations, but generally it takes a lot of time and is done only in restrospective), it could be just a loose group of activists scattered around the world and sharing just a chat channel, this attack is unsophisticated enough to not require any specific resources or cooperation.
yes you are correct, the group behind it (that claimed the attack) are hacktivists doing DDoS, they themselves are not connected to the Russian government
they've claimed multiple other similar attacks, but most of the time they are just spreading pro-war messages in their telegram
This is likely just a warning or nuisance (but intentionally not destructive). An actual cyberattack which disrupts air traffic will likely be considered an act of war.
> This is likely just a warning or nuisance (but intentionally not destructive). An actual cyberattack which disrupts air traffic will likely be considered an act of war.
That theory sounds a lot like the argument of “why not just shoot their legs” applied to escalation of force.
That’s not how it works. When you make the decision to shoot, you shoot to kill. And similarly, revealing your cyberattack capabilities through a “warning” attack is highly unlikely from a state based actor.
Readit News
> "It's an inconvenience," the source said.
> The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion.
> "It's an inconvenience," the source said.
How wildly irresponsible of the editor who came up with this headline.
> Jamming attacks like the one seen Monday morning are highly visible but largely superficial and often temporary
Gee, I wonder why these superficial attacks are so visible, ABC...
I think the last time I used one, it was to find out if there was an airport lounge in a specific terminal.
"Airport Websites Briefly Unavailable" is a much less exciting, but much more accurate headline.
Never assume malice etc
In short, there's no excuse for this from a source that has this level of impact.
The assumption isn't "malice", it's "profit"
Deleted Comment
Senior official from what agency / organization are making those claims?
> The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion
Why would they be doing DDoS on this service?
> Hartsfield-Jackson Atlanta International Airport reported around 10:30 a.m. ET that its site is back up and running and that "at no time were operations at the airport impacted."
And operations are not being impacted...
I hear "Russia" is doing X and at this point I don't believe it without evidence being presented. Anonymous sources are equivalent to saying "some random person says X". Also why would they do anything with not negative impacts.
This isn't much of a story IMO
He also directly states that this group is Russian but not acting on behalf of the Russian government in this case:
> Hultquist said there is no evidence the Russian government was involved in directing this attack.
> Over a dozen airport websites were impacted by the "denial of service" attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandian[t], told ABC News. That type of attack essentially overloads sites by jamming them with artificial users.
>” Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.
That's not a "senior official"; "official" implies government, that's a company.
Yes, I would like to know the government agency official providing this information.
>” Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.
What evidence supports this? IMO it's coming from that unspecified official. And yes, I think evidence needs to be provided before claims are made. They're just saying "I think it's these guys" ... because?
How do they know that? I assume killnet does not have a static IP address and doesn't leave it's return address
Dead Comment
Read the book This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth. It has a chapter that shows a lot of what has been going on in Ukraine. One quote that stuck with me was a Ukrainian saying you guys (US/West) are next, they are practicing on us.
Don't forget this goes bi-directional. We (the West) aren't idle recipients of what others do to our countries without response and even preventive measures. Granted the main danger is that we basically have a lot more to lose than our self-proclaimed adversaries but that doesn't mean we are helpless.
This has been the conventional wisdom, yes. Just like the conventional wisdom before February was that full scale land warfare between modern industrialized european nations was a thing of the past.
What we’ve seen over the last year invalidates all of that. If they could paralyze Ukraine with a cyberattack, they would have by now. That bodes pretty poorly for their ability to meaningfully impact the US.
This just just some random "senior official" from an unknown organization saying "must be russia"
However, yes, there doesn't seem to be a reason to assert that it is ordered by the Russian state (specific attributions e.g. to a particular agency or individuals have been made for certain operations, but generally it takes a lot of time and is done only in restrospective), it could be just a loose group of activists scattered around the world and sharing just a chat channel, this attack is unsophisticated enough to not require any specific resources or cooperation.
That theory sounds a lot like the argument of “why not just shoot their legs” applied to escalation of force.
That’s not how it works. When you make the decision to shoot, you shoot to kill. And similarly, revealing your cyberattack capabilities through a “warning” attack is highly unlikely from a state based actor.
But why? why are the western media doing it ? Are there any connections ?
> there is no indication that any airport operations were affected
[1] https://www.cnn.com/2022/10/10/us/airport-websites-russia-ha...