World

Malaysia Airlines site back up following hack by Lizard Squad, group claiming support for ISIS

Hackers defaced the website of Malaysia Airlines on Monday and threatened to dump stolen information online after posting a glimpse of customer data obtained in the attack.

Airline's site was down for at least seven hours

The website of embattled Malaysia Airlines has been hacked by a group proclaiming support for the Islamic State in Iraq and Syria (ISIS). (Damir Sagolj/Reuters)

Hackers defaced the website of Malaysia Airlines on Monday and threatened to dump stolen information online after posting a glimpse of customer data obtained in the attack.

The airline's site was down for at least seven hours, replaced by a message from the Lizard Squad hacker group, before the company brought it back online by mid-afternoon in Malaysia.

The hackers at first changed the site to display a message saying "404 - Plane Not Found" and that it was "Hacked by Cyber Caliphate," with a photo of one of the airline's Airbus A380 superjumbo jets. The browser tab for the website said "ISIS will prevail."

Malaysia Airlines is struggling to recover from twin disasters last year, the disappearance of Flight 370, which authorities believed crashed 1,800 kilometers (1,100 miles) off Australia's west coast, and the downing of Flight 17 over Ukraine.

The hackers later replaced the jet with a picture of a lizard in a top hat, monocle and tuxedo smoking a pipe. The Islamic State reference was removed and the claim of responsibility changed to "Lizard Squad - Official Cyber Caliphate," with a link to the group's Twitter account.

Notorious for their attention-seeking antics, Lizard Squad has claimed responsibility for a variety of hacks over the past year, most of them aimed at gaming or media companies. Lizard Squad occasionally makes tongue-in-cheek claims to support Islamic State, although there are no known links between the groups.

The airline said in a statement that it was a "temporary glitch" that didn't affect passenger bookings and that the breach had been reported to Malaysia's transport ministry and Internet security agency. It said user data "remains secured."

Lizard Squad, however, tweeted that it was "going to dump some loot found on malaysiaairlines.com servers soon," and posted a link to a screenshot of what appeared to be a passenger flight booking from the airline's internal email system.

The particular booking was made by Malaysian Amy Keh, who said she had made it in October for her mother and two relatives to travel from Kuala Lumpur to Taiwan in March.

"I am a bit worried about their security. Now the whole world knows that they will be going to Taipei," said Keh, who logged on Monday to check the itinerary. She said the website looked different and called the airline, which told her of the hacking. However, she only found out when contacted by The Associated Press that the travel information was posted online

The Lizard Squad group last year claimed it was behind attacks on Sony's online PlayStation network and Microsoft's Xbox site.

In August, it also tweeted to American Airlines that there might be explosives on a plane carrying the president of Sony Online Entertainment, which makes video games, forcing the flight to be diverted.

Explaining how the hack had occurred, Malaysia Airlines said its domain name system was "compromised" and users were redirected to the hacker group's website. The domain name system translates web addresses typed into browsers into the numbers that computers use to identify and connect with each other on the Internet.

The Islamic State group now holds about a third of both Syria and Iraq, territory it has declared a caliphate. Police in Malaysia have detained more than 50 people on suspicion of links to the extremist group, underscoring concerns held by Prime Minister Najib Razak that the spread of Islamic State ideology could lead to conflict in predominantly Muslim Malaysia.