At least 13 U.S. air travel websites, including those for Hartsfield-Jackson Atlanta International Airport and Los Angeles International Airport — two of the busiest airports in the country — were inaccessible Monday morning after a Russian hacktivist group named them as targets for cyberattacks.
There is no indication that any airport operations were affected, and the type of cyberattack the hackers claimed to use doesn’t do any lasting damage. But it was a sign of how an increasingly effective pro-Russia group, Killnet, can cause mischief for U.S. websites. Last week, Killnet targeted the websites of several U.S. states, successfully knocking Colorado.gov offline for more than a day and briefly interrupting Kentucky.gov.
Killnet specializes in Distributed Denial of Service attacks, or DDoS attacks, which overwhelm a website with internet traffic. While DDoS attacks are generally considered little more than a nuisance, they can knock websites offline for hours or even days.
A plane takes off at Hartsfield-Jackson International Airport in Atlanta in 2014.David Goldman / AP file
Killnet frequently posts lists of targeted websites on its Telegram channel, encouraging fellow Russia supporters with entry-level hacker skills to join it in trying to disrupt them. On Monday morning, it posted a list of websites for 49 airports and other air travel sites, most of them in the U.S., as its latest targets.
A spokesperson for Los Angeles International Airport said in an email: “Early this morning, the FlyLAX.com website was partially disrupted,” but that it didn’t affect flights.
“The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions,” the spokesperson said.
A spokesperson for the U.S. Cybersecurity and Infrastructure Agency, the federal government’s main cybersecurity agency, said that “CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites.”
“We are coordinating with potentially impacted entities and offering assistance as needed,” the spokesperson said.
The U.S. Department of Transportation declined to comment. Hartsfield-Jackson Atlanta International Airport didn’t respond to requests for comment.
An NBC News survey of the 49 websites posted on the Killnet Telegram channel found that the websites for many airports did not load properly, including Atlanta International; Montgomery, Alabama; Los Angeles International; Long Beach, California; Delaware Coastal; Southwest Florida International; Central Illinois Regional; Indianapolis International; Des Moines International; Jackson Municipal in Mississippi; and St. Louis Lambert International.
Some of Killnet’s targets indicated a lack of understanding of U.S. airports. It listed the city of Chicago’s general air travel website, flychicago.com, which was inaccessible Monday, but not that of its major airports, like O’Hare International or Midway International. Similarly, it targeted Hawaii’s state website for air travel, which was also inaccessible, but not Honolulu International.
Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.