Early Monday, Malaysia Airlines conceded that its Web site had been “compromised,” though it appears another version is now smoothly running at malaysiaairlines.com. “Malaysia Airlines confirms that its Domain Name System (DNS) has been compromised where users are re-directed to a hacker website,” the airline said in a statement. “At this stage, Malaysia Airlines’ web servers are intact. The airline has resolved the issue with its service provider and the system is expected to be fully recovered within 22 hours.”
It said its customers’ information was safe. “Malaysia Airlines assures customers and clients that its website was not hacked,” the company said. “And this temporary glitch does not affect their bookings and that user data remains secured.”
From their perch on Twitter, Lizard Squad meanwhile taunted Malaysia Airlines, which has lost two passenger-filled airplanes in the last year. “Write Lizard Squad on your forehead, thanks,” one tweet said. “We would like to point out that [Malaysia Airlines] is lying about user data not being compromised. … Going to dump some loot found on malaysiaairlines.com servers soon.” It tweeted a picture of what appeared to be an inbox filled with Malaysia Airlines e-mails.
Regardless of the veracity of Lizard Squad’s claims, the episode marks just the latest hack suffered by major international names from Sony to Xbox to the U.S. military. It also shows the murkiness under which cybersecurity specialists and hackers operate. In an online community governed by anonymity, anyone could pose as anyone else. Who is to say Lizard Squad hasn’t really been Cyber Caliphate all along — or vice versa?
Also unanswered on Monday was whether Lizard Squad actually has any relationship with the Islamic State or was just trying to ride the jihadist group’s notoriety. As Lizard Squad put it: “Lololol.”