Sign up for our newsletter
Technology / Cybersecurity

Malaysia Airlines website hacked by Cyber Caliphate

The website for Malaysia Airlines has been hacked, with a group aligned with the Islamic State extremist group taking responsibility.

When users tried to access, the browser window displayed an ‘ISIS WILL PREVAIL’ message, with users unable to access the airline’s ticket booking or other services.

In place of the normal homepage, a picture of a Malaysia Airlines Airbus Group NV . A380 plane and the messages "404 — Plane Not Found," and "Hacked by Cyber Caliphate," were displayed.

The Wall Street Journal reported that the company had said that its web servers were intact and that customer data remained secure. The company added, the WSJ reported, that its domain name system had been the system compromised, affirming that it was not, in fact, hacked.

White papers from our partners

By today, normal service had resumed on the website.

This latest hack follows similar hacks said to be carried out by those aligned with the Islamic State extremist group. The US Central Command’s Twitter and YouTube accounts was reportedly hacked by the cyber hacking ring ‘CyberCaliphate’.

Trey Ford, Global Security Strategist at Rapid7, commented: "It’s been a terrible year for Malaysia Airlines, and a bad month so far for travel websites. A quick review of the timeline seems to validate Malaysia Airlines’ statement that the DNS was compromised."

"The Airline’s security response team would be able to piece together a timeline of events rather quickly; the investigation path on something like this is fairly straightforward, albeit reliant on third party participation from the Domain Registrar, a DNS provider, or others. I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event."

"While embarrassing, this redirection is little more than a nuisance from an operational perspective. This strikes me as an attack of opportunity more than a focused compromise. Due to the simple "defacement page", overt announcement of the compromise, and lack of additional malice – I believe this was more a press stunt or redirection on the part of the attackers claiming to be Lizard Squad."

This article is from the CBROnline archive: some formatting and images may not be present.