Lizard Squad Hack Adds to Malaysia Airlines' Woes
Around 10 AM local time on Monday morning, visitors to the Malaysia Airlines website were greeted with an image of one of the carrier’s jets flying above the clouds, and a not very funny message: “404 – Plane Not Found.” The tasteless allusion to the still missing Flight MH370 was signed “Cyber Caliphate” and accompanied by a thumping hip-hop tune; the tab marking the site was changed from “Malaysia Airlines” to “ISIS Will Prevail.”
Despite appearances, there's really only one certainty about this bizarre hack: ISIS had nothing to do with it. Approximately 90 minutes after the hack began, the responsible party changed the Malaysia Airlines home page again, this time from the image of jet to one of a lizard wearing a monocle and a top hat, accompanied by a message: “HACKED BY LIZARD SQUAD – OFFICIAL CYBER CALIPHATE.” Well-known in hacking circles, the Lizard Squad is a collective best known for 2014 attacks on the PlayStation and Xbox gaming services, as well as claims to have taken down North Korea’s internet on December 22. They’re also media savvy -- which explains why they might invoke ISIS at the front end of a hack.
So why hack Malaysia Airlines? In a general sense airlines make rich targets for cyber vandals: they're high-profile companies that depend on an aura of safety and security, so hackers who pull off an airline hack are rewarded with digital notoriety. Given that airlines are also repositories of customer data ranging from credit cards to passport numbers, there are potential financial rewards, as well. Indeed, the biggest surprise about the Malaysia Airlines attack is that -- at a time when movie studios and retailers have been under sustained digital attack -- somebody didn’t try to hack and deface a major global air carrier earlier.
Malaysia Airlines, of course, isn’t comparable to one of the big European or North American carriers. Were one of their sites to be hacked and defaced with ISIS-related graffiti, the story (and panic) would have been greater than what echoed across Southeast Asia today. But what it lacks in scale, Malaysia Airlines certainly makes up for in notoriety derived from the twin tragedies that befell it in 2014 -- flights MH370 and MH17. Those disasters permanently damaged the carrier’s reputation (mostly through no fault of the airline) and today’s hack only served to remind Malaysians, in particular, that their once-proud state-owned flagship has become the airline that simply can’t catch a break. For a hacker interested in garnering some attention, that’s an inviting target.
There is, of course, one other possible reason that hackers targeted Malaysia Airlines: its website seems likely not to have been as secure as those maintained by other global carriers. For the moment, it appears that Malaysia Airlines wasn’t prepared to deal with an attack on its servers. Nearly twelve hours after the hack commenced, the site remains down (for users in Malaysia), and the backup site that it tweeted is slow and sometimes unresponsive. This lack of a robust contingency plan doesn’t exactly instill confidence in the carrier’s security.
Meanwhile, there’s increasing evidence that the hack was much more than vandalism. Lizard Squad claims to have found “loot” on Malaysia Airlines servers that it plans to eventually “dump” for public consumption. As proof, it posted a screen grab (now deleted) to imgur of a flight reservation belonging to Malaysia’s Minister of International Trade and Industry, including his mobile phone number. Malaysia Airlines, for its part, claims via twitter that its “user data is secured” -- a claim that Lizard Squad dismisses as “lying.” Who’s telling the truth? For now, the hackers' evident prowess has earned them the edge in credibility.
Will customers flock back to the Malaysia Airlines website once it’s back up? If it turns out that, despite the carrier’s denials, user data really was compromised, the impact on the airlines’ business could be serious. The airline that couldn’t catch a break will become the airline that couldn’t keep its customers’ personal information safe. The airline, already undergoing a state-sponsored restructuring of its operations, will need to consider a similarly ambitious project to repair its reputation, too.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Adam Minter at firstname.lastname@example.org
To contact the editor on this story:
Cameron Abadi at email@example.com