Did a Cyber Attack Ground Delta Airlines?

There was one glaring problem with Delta's explanation for its recent massive outage: No one else near, or around, or on the grid with Delta suffered any electrical disturbances during that period.

Did hackers strike Delta?
Did hackers strike Delta?

On August 8, 2016 at 1:36 PM, Delta Airlines (DAL) sent out this startling tweet: “1:30 p.m. ET: Delta has canceled 451 flights due to a power outage, while operating about 1,679 of its nearly 6,000 scheduled flights”.

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a href="http://observermedia.com/terms">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

Hundreds of flights were cancelled and over a thousand were delayed, stranding countless passengers.

Now, nearly two months later, it’s pretty clear to security experts that what was labeled a power outage, was probably not an outage at all. Maybe it was a simple computer hack, maybe a computer malfunction. Most probably it was a cyber attack.

At the time, OAN (One America News Network), which reported that Georgia Power spokesman John Kraft, said that a circuit breaker that needed to be reset caused the outage. It is called a switchgrear.

And according to the CBS News website: “A power outage at an Atlanta facility early Monday initiated a cascading meltdown, according to the airline, which is also based in Atlanta. The FBI said it has no evidence that the Atlanta outage was a hack.”

But there was one glaring problem with that explanation for the outage: No one else near, or around, or on the grid with Delta suffered any electrical disturbances during that period. And Georgia Power received not one complaint about a power outage. In fact, a spokesperson for Georgia Power told The Associated Press that the company believes that it was the failure of Delta equipment that caused the airline’s power outage. They said no other customers lost power. That piece of information was also included in the CBS News piece.

DEBKA, a Middle East and counter terror report based in Israel, conducted their own independent investigation into the shut down and confirmed the statement made by Georgia Power. Moreover, Debka suggested that Delta was crippled because of a cyber attack.

Generally speaking, huge companies that rely on their computers have backup as well as multiple alternative electrical sources to make certain that something like a power outage does not happen to them. A hack, however, is much harder to fix.  Even the Delta information boards were not showing old information that was stored in the cache which is supposed to go into default mode in the event of a malfunction or a reset.

The likely cyber attack on Delta is a nightmare for every business and every secure network around the world. The ramifications are startling.

Delta is the third largest airline in the world. Every single component of their vast computer system was affected and shut down. Ticketing, boarding passes, cargo, takeoffs and landings, plane scheduling, ground crews, plane crews, maintenance, seating, upgrades, suppliers, payments.

It should have been obvious from the get go that this was more than a power shortage that needed a reset. No global company, Delta Airlines included, maintains all of their servers and routers in a single place.  And wherever they are, they are located deep beneath the ground. And each of these locations has several independent backup electricity systems in the event of a blackout.

In addition, because of that ubiquitous storage system called “the cloud” everything should be immediately or almost immediately accessible through other access points.

Delta, like most major companies, should have a disaster recovery plan that they have rehearsed and tested just so that when there is a problem, their clients or travelers will never even feel the disruption.

There still exists a small possibility that the August disruption of Delta was due to a malfunction, but only a slight possibility. A domino affect caused by a malfunction that impacted multiple continents is very hard to imagine.

A more likely scenario: malware was inserted into Delta computers months ago. Then, on command, the spyware shut down Delta’s computers and blocked emergency protocols from automatically kicking in to protect the company.  Without a safety plan in action, there was no way for Delta to function. They could not even do something as simple as hand write boarding passes because they could not confirm seats.

Giving Delta the benefit of the doubt, let’s say they did not immediately know that they had been attacked. But by now they should know. And so should everyone else. Whoever is responsible for the possible Delta attack will try again. Next time, their attack will prove more sophisticated.

In response to The Observer’s query, Delta spokesman Michael Thomas asserted that the August 8 “outage was definitely not a cyber attack”

Did a Cyber Attack Ground Delta Airlines?