Cybercriminal group Lizard Squad has threatened to publicly release data it allegedly obtained over the weekend from an attack on servers belonging to Malaysia Airlines.
In a tweet Sunday, the group promised to “dump some loot” from the attack soon, even as the airline company downplayed the incident and insisted passenger and reservation information had not been compromised.
Lizard Squad claimed responsibility for redirecting visitors from MalaysiaAirlines.com to a Web page containing an image of a lizard wearing a bow tie, monocle and top hat headlined, “404–Plane Not Found.” Under the image was a message proclaiming that the site had been “Hacked by Lizard Squad-Official Cyber Caliphate.”
Some media reports, including one from the Wall Street Journal, noted that at one point over the weekend, MalaysiaAirlines.com visitors were greeted with a message proclaiming “ISIS Will Prevail.” The Web page contained a photo of a Malaysia Airlines plane and the “404–Plane Not Found” message, apparently referring to MH370, the Malaysia Airlines flight that disappeared without a trace last year.
Malaysia Airlines Downplays Incident
In a prepared statement on Facebook, beleaguered Malaysia Airlines acknowledged cybercriminals had compromised its Domain Name System (DNS) and succeeded in redirecting visitors to a malicious site. The airline said it resolved the issue with its service provider and expected the site to be fully restored in 22 hours.
However, the company maintained its website had not been hacked and claimed that its booking and customer data were not affected by the incident. In response, Lizard Squad claimed it would release data to prove it did break into the airline’s servers.
“We would like to point out that @MAS is lying about user data not being compromised,” Lizard Squad tweeted, adding that users should refer to an image Lizard Squad previously published online that purportedly showed details of a passenger’s flight itinerary booked on Malaysia Airlines.
In another tweet, the group taunted the airline company, saying, “@MAS Are you really that clueless? Wait until we package this nice present for you.”
Malaysia newspaper The Straits Times said it spoke to the individual referenced in the Lizard Squad tweet and confirmed he had made a reservation with Malaysia Airlines. The newspaper claimed Malaysia International and Trade Industry Minister Mustapa Mohamed was among the individuals whose itinerary was illegally accessed by the cybercriminals.
Motive Remains Unclear
It is unclear why Lizard Squad, which has claimed a link in the recent attack on Sony Pictures Entertainment, has apparently made Malaysia the latest target of its hacktivist attacks. The airline company has suffered two catastrophic crashes this year, with each one resulting in the death of all passengers and crew.
According to the Wall Street Journal report, two Twitter handles that were included in the images that greeted visitors to the hacked MalaysiaAirlines.com site suggest the incident may somehow be an attempt to settle scores with a U.S. video game-hosting company.
One of the Twitter handles is associated with a man employed by the video game firm, while the other belongs to the chief executive of the company. One of them was quoted as saying he was not involved in the attack in any way and had no idea why Lizard Squad had posted his Twitter handle.
Trey Ford, global security strategist at Rapid7, said in an email that a review of the event timeline validates Malaysia Airlines’ claim its DNS was compromised.
“I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event,” Ford said. The incident is embarrassing for Malaysia but is unlikely to cause much damage operationally.
“This strikes me as an attack of opportunity more than a focused compromise,” he said.