January 28, 2015 By Jaikumar Vijayan 3 min read

Cybercriminal group Lizard Squad has threatened to publicly release data it allegedly obtained over the weekend from an attack on servers belonging to Malaysia Airlines.

In a tweet Sunday, the group promised to “dump some loot” from the attack soon, even as the airline company downplayed the incident and insisted passenger and reservation information had not been compromised.

Claiming Responsibility

Lizard Squad claimed responsibility for redirecting visitors from MalaysiaAirlines.com to a Web page containing an image of a lizard wearing a bow tie, monocle and top hat headlined, “404–Plane Not Found.” Under the image was a message proclaiming that the site had been “Hacked by Lizard Squad-Official Cyber Caliphate.”

Some media reports, including one from the Wall Street Journal, noted that at one point over the weekend, MalaysiaAirlines.com visitors were greeted with a message proclaiming “ISIS Will Prevail.” The Web page contained a photo of a Malaysia Airlines plane and the “404–Plane Not Found” message, apparently referring to MH370, the Malaysia Airlines flight that disappeared without a trace last year.

Malaysia Airlines Downplays Incident

In a prepared statement on Facebook, beleaguered Malaysia Airlines acknowledged cybercriminals had compromised its Domain Name System (DNS) and succeeded in redirecting visitors to a malicious site. The airline said it resolved the issue with its service provider and expected the site to be fully restored in 22 hours.

However, the company maintained its website had not been hacked and claimed that its booking and customer data were not affected by the incident. In response, Lizard Squad claimed it would release data to prove it did break into the airline’s servers.

“We would like to point out that @MAS is lying about user data not being compromised,” Lizard Squad tweeted, adding that users should refer to an image Lizard Squad previously published online that purportedly showed details of a passenger’s flight itinerary booked on Malaysia Airlines.

In another tweet, the group taunted the airline company, saying, “@MAS Are you really that clueless? Wait until we package this nice present for you.”

Malaysia newspaper The Straits Times said it spoke to the individual referenced in the Lizard Squad tweet and confirmed he had made a reservation with Malaysia Airlines. The newspaper claimed Malaysia International and Trade Industry Minister Mustapa Mohamed was among the individuals whose itinerary was illegally accessed by the cybercriminals.

Motive Remains Unclear

It is unclear why Lizard Squad, which has claimed a link in the recent attack on Sony Pictures Entertainment, has apparently made Malaysia the latest target of its hacktivist attacks. The airline company has suffered two catastrophic crashes this year, with each one resulting in the death of all passengers and crew.

According to the Wall Street Journal report, two Twitter handles that were included in the images that greeted visitors to the hacked MalaysiaAirlines.com site suggest the incident may somehow be an attempt to settle scores with a U.S. video game-hosting company.

One of the Twitter handles is associated with a man employed by the video game firm, while the other belongs to the chief executive of the company. One of them was quoted as saying he was not involved in the attack in any way and had no idea why Lizard Squad had posted his Twitter handle.

Trey Ford, global security strategist at Rapid7, said in an email that a review of the event timeline validates Malaysia Airlines’ claim its DNS was compromised.

“I have no hesitation in believing the systems managed by the airline were not impacted or undermined in the course of this event,” Ford said. The incident is embarrassing for Malaysia but is unlikely to cause much damage operationally.

“This strikes me as an attack of opportunity more than a focused compromise,” he said.

More from

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today