Blog Post
Cold-Blooded Hackers Take On Malaysian Airlines
Cold-blooded being a reference not only to the cruel nature of the attack, but the fact that the hacking group responsible for the attack go by the moniker ‘Lizard Squad’.
Jetsetters looking to buy tickets on the Malaysian Airlines website today won’t notice anything out of the ordinary, this is what the website looked like just 2 days ago:
The hacking group involved, Lizard Squad, has been responsible for other notable hacks of late, including taking down the XBox Live and Playstation Network online gaming platforms.
Most recently, they have even used their reptilian claws to compromise the 4th largest Twitter account in the world, belonging to Taylor Swift.
The attack on Malaysia Airlines is the textbook definition of what it means to kick someone when he’s down- the ‘404- Plane Not Found’ message being a very painful salt rub into the fresh wound that is the recent MH17 & MH370 tragedies.
While Malaysia Airlines claims that no data has been compromised, and BBC News reporting that the hack was nothing more than a simple DNS-switcheroo, Lizard Squad says otherwise, posting the following messages on their Twitter:
Why Malaysia Airlines?
Lizard Squad has claimed in the past that their hacks were done in order to spotlight security weaknesses in the XBox Live and Playstation Network platforms. Was the attack on Malaysia Airlines carried out with the same noble goal? Or was the attack orchestrated to garner attention for the group, attention they need to help sell their DDOS service ‘Lizard Stresser’? Or was it done simply, as the kids say, “for the lulz”?
Perhaps the only reason that matters is this- because they could. In a previous interview, a Lizard Squad member spoke out against companies which fell prey to their attacks, saying: “Not having people take down your business-critical systems like this should be one of your top security priorities. Which it clearly isn’t.”
There is a lot of evidence that supports the statement that many companies do not place data security as a priority. A Ponemon Institute study shows that only 22 percent of IT practitioners and end users believe their companies are placing a very high priority on data security.
And even companies that do attain certification for data security are quick to backslide- a separate study by Verizon shows that less than one-third of organizations had remained fully PCI compliant less than a year after being validated. Its a stark reminder that compliance does not equal security.
Hackers are renowned for going after low-hanging fruit, and will not hesitate to exploit security vulnerabilities in unsecured networks. It often matters very little who you are- if they can find an easy way in, they’re going to take it, and look around for anything worth taking.
Malaysia Airlines is just one of many companies to have fallen prey to one of many hacker groups out there, and they most certainly won’t be the last. But this breach serves as a grim reminder that no one is off-limits to hackers and that every company should make data security a top priority. Because in cases like these, you stand to lose a lot more than just money- your reputation is just as much at stake.