A Russian hacker group, Killnet, managed to temporarily take down several major US airport websites. The incident did not affect flights at Los Angeles International, Chicago O'Hare and Hartsfield-Jackson International in Atlanta, among others.
But more than a dozen public-facing airport websites appeared inaccessible on Monday morning. Kiersten Todt, Chief of Staff of the US Cybersecurity and Infrastructure Security Agency (CISA), said they are tracking the incident and there is no concern about operations being disrupted.
What is Killnet?
Killnet is a loosely organized "hacktivists", politically motivated to support Russia. However, its ties to Moscow are unknown. The pro-Russian group utilizes the help of the public to conduct attacks. Its actively recruiting new members on platforms like Telegram and requesting the help of the public by sharing target lists. Killnet has been relentlessly launching waves of attacks against NATO members and Ukraine-supporting countries. The group recently declared a war on multiple countries and other hacktivist groups.
Initially, Killnet was the name of a tool that could be used to launch DDoS attacks. The tool was available on a subscription basis on January 23 and was advertised on the Killnet Telegram channel. Users could perform layer 3/4 or layer 7 DDoS attacks with the click of the button. Users could rent a bonet for USD 1,350 per month. The 2.0 version of the tool was launched on March but its domain was taken down with Killnet saying it would be down until the end of Russia-Ukraine war. It had previously stated that the domain was taken offline because Killnet was under attack from all over the world and was blocked in Russia and Europe.
Transformation into Hacktivist
The war in Ukraine, and attack on Killnet brought the so-called tool's transformation from a "criminal service provider" to a "hactivist group". The tool's developers began using the Killnet name to launch DDoS attacks against countries opposing Russia or supporting Ukraine. Killnet attributed its actions to its mission to "stop the aggression against Russia" from foreign entities. It said countries siding with Ukraine or providing support to it, are contribution to the aggression.
The group has received overwhelming support from users in Russia. And this likely encouraged it to continue launching more attacks. Killnet now has over 100,000 subscribers across all its Telegram channels.
DDoS Attacks Increase
Killnet mainly hits with DDoS – distributed denial of service, whereby hackers flood computer servers with phony web traffic to know them offline. It aims at maximum psychological impact. Experts describe DDoS attacks as a noisy nuisance. The DDoS attacks on US airport websites did not have significant damage. Internal airport systems was not compromised and there were no operational disruptions.
John Hultquist, vice president for threat intelligence at Mandiant, said DDoS attacks are usually short in duration and typically superficial. "These are the serious impacts that have kept us awake." Hultquist said these attacks reveal insufficient attention by webmasters to adequate bulletproofing of sites, which now includes DDoS protection service.
Cyber War
Killnet seems to have declared a cyber war on those against the Kremlin – mainly United States, Germany, U.K, Latvia, Lithuania, Estonia, Italy, Romania, Poland and Ukraine. The group has launched DDoS attacks against organizations working within targeted geographies. However, most of its attacks are on government entities.
Killnet targeted Lithuania in June after the country blocked shipment of goods to the Russian enclave of Kaliningrad and briefly took down a US Congress website in July.