View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 26, 2015

Malaysia Airlines website hacked by Cyber Caliphate

Browser tab displayed 'ISIS WILL PREVAIL', with homepage broadcasting 'Hacked by Cyber Caliphate' message.

By Ellie Burns

The website for Malaysia Airlines has been hacked, with a group aligned with the Islamic State extremist group taking responsibility.

When users tried to access www.malaysiaairlines.com, the browser window displayed an ‘ISIS WILL PREVAIL’ message, with users unable to access the airline’s ticket booking or other services.

In place of the normal homepage, a picture of a Malaysia Airlines Airbus Group NV . A380 plane and the messages "404 — Plane Not Found," and "Hacked by Cyber Caliphate," were displayed.

The Wall Street Journal reported that the company had said that its web servers were intact and that customer data remained secure. The company added, the WSJ reported, that its domain name system had been the system compromised, affirming that it was not, in fact, hacked.

By today, normal service had resumed on the website.

This latest hack follows similar hacks said to be carried out by those aligned with the Islamic State extremist group. The US Central Command’s Twitter and YouTube accounts was reportedly hacked by the cyber hacking ring ‘CyberCaliphate’.

Trey Ford, Global Security Strategist at Rapid7, commented: "It’s been a terrible year for Malaysia Airlines, and a bad month so far for travel websites. A quick review of the timeline seems to validate Malaysia Airlines’ statement that the DNS was compromised."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
How hackers’ tactics are evolving in an increasingly complex landscape

"The Airline’s security response team would be able to piece together a timeline of events rather quickly; the investigation path on something like this is fairly straightforward, albeit reliant on third party participation from the Domain Registrar, a DNS provider, or others. I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event."

"While embarrassing, this redirection is little more than a nuisance from an operational perspective. This strikes me as an attack of opportunity more than a focused compromise. Due to the simple "defacement page", overt announcement of the compromise, and lack of additional malice – I believe this was more a press stunt or redirection on the part of the attackers claiming to be Lizard Squad."

 

Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU