Malaysia Air site hacked, some customer data appears online

By KELVIN CHAN AP Business Writer HONG KONG (AP) — Hackers defaced the website of Malaysia Airlines on Monday and threatened to dump stolen information on...

By KELVIN CHAN
AP Business Writer

HONG KONG (AP) — Hackers defaced the website of Malaysia Airlines on Monday and threatened to dump stolen information online after posting a glimpse of customer data obtained in the attack.

The airline’s site was down for at least seven hours, replaced by a message from the Lizard Squad hacker group, before the company brought it back online by mid-afternoon in Malaysia.

The hackers at first changed the site to display a message saying “404 – Plane Not Found” and that it was “Hacked by Cyber Caliphate,” with a photo of one of the airline’s Airbus A380 superjumbo jets. The browser tab for the website said “ISIS will prevail.”

Malaysia Airlines is struggling to recover from twin disasters last year, the disappearance of Flight 370, which authorities believed crashed 1,800 kilometers (1,100 miles) off Australia’s west coast, and the downing of Flight 17 over Ukraine.

The hackers later replaced the jet with a picture of a lizard in a top hat, monocle and tuxedo smoking a pipe. The Islamic State reference was removed and the claim of responsibility changed to “Lizard Squad – Official Cyber Caliphate,” with a link to the group’s Twitter account.

Notorious for their attention-seeking antics, Lizard Squad has claimed responsibility for a variety of hacks over the past year, most of them aimed at gaming or media companies. Lizard Squad occasionally makes tongue-in-cheek claims to support Islamic State, although there are no known links between the groups.

The airline said in a statement that it was a “temporary glitch” that didn’t affect passenger bookings and that the breach had been reported to Malaysia’s transport ministry and Internet security agency. It said user data “remains secured.”

Lizard Squad, however, tweeted that it was “going to dump some loot found on malaysiaairlines.com servers soon,” and posted a link to a screenshot of what appeared to be a passenger flight booking from the airline’s internal email system.

The particular booking was made by Malaysian Amy Keh, who said she had made it in October for her mother and two relatives to travel from Kuala Lumpur to Taiwan in March.

“I am a bit worried about their security. Now the whole world knows that they will be going to Taipei,” said Keh, who logged on Monday to check the itinerary. She said the website looked different and called the airline, which told her of the hacking. However, she only found out when contacted by The Associated Press that the travel information was posted online

The Lizard Squad group last year claimed it was behind attacks on Sony’s online PlayStation network and Microsoft’s Xbox site.

In August, it also tweeted to American Airlines that there might be explosives on a plane carrying the president of Sony Online Entertainment, which makes video games, forcing the flight to be diverted.

Explaining how the hack had occurred, Malaysia Airlines said its domain name system was “compromised” and users were redirected to the hacker group’s website. The domain name system translates web addresses typed into browsers into the numbers that computers use to identify and connect with each other on the Internet.

The Islamic State group now holds about a third of both Syria and Iraq, territory it has declared a caliphate. Police in Malaysia have detained more than 50 people on suspicion of links to the extremist group, underscoring concerns held by Prime Minister Najib Razak that the spread of Islamic State ideology could lead to conflict in predominantly Muslim Malaysia.

___

Associated Press writer Eileen Ng in Kuala Lumpur contributed to this report.

Copyright 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Copyright © 2024 The Associated Press. All rights reserved. This website is not intended for users located within the European Economic Area.

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more
    Amelia Brust/Federal News Networkcybersecurity

    How should software producers be held accountable for shoddy cybersecurity products?

    Read more