In the war of propaganda, the sky’s the limit. Pro-Hamas and anti-Israel messages were recently blasted through speakers at airports in the US and Canada following apparent cyber hacks, officials said. One public address system at Harrisburg International Airport (HIA) in Pennsylvania was hacked for approximately 10 minutes.
The hacker can be heard saying "Free Palestine" and "F--- Netanyahu and Trump" over the speaker, according to videos circulating on social media. "An unauthorized user gained access to the airport PA system and played an unauthorized recorded message," HIA officials said in a statement.
The hacker identified as "Turkish Cyber Islam" breached Harrisburg International Airport's public address system this week. "Turkish hacker Cyber Islam was here," added the unauthorized user in an identifying message.
The airport called the announcement a "political message" that did not contain any threats to airlines, passengers or employees, according to HIA. Both the Kelowna International Airport and Victoria International Airport in British Columbia also confirmed similar incidents, according to CBC News.
Kelowna International Airport director of operations Phillip Elchitz told media that "a third party gained access" to the airport's flight information display and PA systems. He added that pro-Hamas and anti-Trump messages were briefly announced over the PA system and shown on screens inside the terminal building.
The PA system disruption lasted around 20 seconds, while it took several minutes to scrub the images from the displays, according to Elchitz, who added that a few flights were delayed as a result. "We're working with our service providers to better understand how these files ended up on these screens and on the PA system," Elchitz told CBC News. "And obviously, we want to make sure that any security loopholes that existed within those systems are shut down completely so this doesn't happen again. The cybersecurity incident was limited to a cloud-based third-party software provider. Airport systems are segregated to protect against cybersecurity incidents from migrating from one network to another," the airport said in a statement the following day. "A joint threat risk assessment was completed with Royal Canadian Mounted Police and Transport Canada, and the messaging displayed was not deemed to be a direct threat towards the traveling public."
A Victoria International Airport spokesperson told CBC News that only its PA system was hacked in an incident during which someone externally uploaded a "file containing unauthorized audio content" that aired over the airport's loudspeakers for "a few minutes." The spokesperson added that the airport's loudspeakers are linked to a cloud-based external system.
Windsor International Airport in Ontario also told CBC News that it responded to an "unauthorized/hacking incident" on the same day. "Our team responded quickly, removed the images and shut off the recorded PA [public address] announcement," the airport's president and CEO, Mark Galvin, said in a statement. The airport also stated that the messages were similar to those being reported by other affected airports on the same day, according to CBC News.
In the Pennsylvania incident, a Delta flight that was boarding at the time of the incident was searched out of an abundance of caution. "As the safety and security of our customers and employees come before all else, Delta followed the direction of TSA to return to the gate and complete a security check of the aircraft. We appreciate our customers' patience and cooperation," said a spokesperson.
The passengers on the flight headed to Atlanta were deplaned as the Transportation Security Administration (TSA) conducted a security sweep, delaying the flight by 45 minutes. The public address system was shut off and was then under investigation by the police.
The incident follows the FBI's July warning about a notorious cybercriminal group, known as "Scattered Spider," targeting the airline sector, as reported by FOX Business.
The FBI posted on X that the group relies on "social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access" and frequently involves methods to bypass multifactor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. "They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk," the FBI wrote.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
Comments