Hackers purporting to be from the “Lizard Squad – Official Cyber Caliphate” group have attacked the official website of Malaysia Airlines, leaving visitors to see a message that read: “ISIS WILL PREVAIL”. The airline’s ticket-booking and other services were also unavailable. Instead, a large picture of a Malaysia Airlines A380 plane and the words “404-Plane Not Found” and “Hacked by Cyber Caliphate” were shown.
However, although Malaysia Airlines confirmed its site was compromised , it said customers’ bookings and data were not affected and insisted that its own web servers were intact and the website itself had not been hacked.
Malaysia Airlines confirmed in a statement that its “Domain Name System (DNS) has been compromised where users are re-directed to a hacker website”. It added that it would take 22 hours to restore the website.
Craig Young, security researcher at Tripwire, shed some light on the situation: “A DNS hijack attack can in some cases be used to compromise user data. Depending on the site design, authentication tokens and passwords may be sent to the rogue server. DNS hijacking is also a common tool for government censors looking to perform man in the middle attacks.
“In this case, however, I think this was more of a prank than an attempt to compromise user data.”
Young continued: “Unfortunately, DNS is a fundamental flaw in the security of the Internet. Companies worried about this type of attack should carefully review the security practices of their registrar and make sure that a legitimate authority is contacted before records can be altered. Many services also exist to monitor and alert on unexpected DNS changes to expedite the recovery process.”
In another bizarre twist, the hackers later made the site display a different image of a tuxedo-adorned, pipe-smoking lizard sporting a top hat and monocle reading “Hacked by Lizard Squad, Official Cyber Caliphate”. The images displayed the Twitter handles for the accounts of what appear to be two men who work for UMG Events LLC, a company that hosts videogame events across the U.S.
“With the Lizard Squad group there is no particular rhyme or reason for who they target aside from where they can get media attention. I suspect that by referring to themselves as the Cyber Caliphate they increase the likelihood that the media will cover the hack, a tactic that has proven effective,” commented Ken Westin, security researcher at Tripwire.
“In addition to the images they also listed two twitter handles of employees of UMG Events LLC which runs several video game competitive events who claim that they were not part of the hack, but that the Lizard Squad group was sending them a message. The Lizard Squad twitter feed shows the same two employee’s handles referenced in relation to banning several gamers from their events, which may provide additional clues to law enforcement as to who is involved in Lizard Squad.”