Beirut Airport Cyberattack Targets Hezbollah

Screen displays at the Rafic Hariri International Airport in Lebanon were defaced with messages on Jan. 7, after hackers successfully compromised the flight information display systems at Beirut's main international airport.

The messages criticized Hezbollah, the Lebanese Islamist political party and militant group, and Iran. Multiple flight information displays were defaced with the same message, according to footage shared with local media.

The message said in part that "Rafik Hariri airport does not belong to Hezbollah," adding, "O Nassrallah [the Lebanese secretary-general of Hezbollah], you will not find a supporter if Lebanon is plunged into war. You bear your responsibility and its consequences, Hezbollah."

According to the privately-owned Lebanese Broadcasting Corporation (LBC), the same attack also disrupted the smooth operation of the airport's baggage handling system, with police putting greater reliance on the use of police dogs during baggage inspection checks.

Fog of Cyberwar

Carried out in the name of a Christian Lebanese group called Soldiers of God, the messages ostensibly criticize Iran and Hezbollah for drawing Lebanon towards a war with Israel by launching drone and rocket attacks.

However the Christian Lebanese group named in the messages has taken to social media to deny any involvement in the hack.

A Lebanese security source told the Asharq Al-Awsat that Israel might well be behind the attack, while adding that a great deal of work needs to be carried out before any attribution.

In the weeks since Hamas' Oct. 7 terror attack in Israel, all sides of the conflict have launched cyberattacks, the Jerusalem Post reported. For example, in October an Israeli-affiliated hack group claimed it had hacked into Iranian oil infrastructure project management systems as well as communication systems throughout Lebanon.

Display Boards "Easily Hacked"

Independent security experts told Dark Reading that hacking flight information systems would not have been particularly difficult. Ken Munro of UK-based security consultancy Pen Test Partners explains: "The flight display screens are simply computer monitors displaying a Windows app, so a hack of the systems running the flight display boards can result in any content the hacker wants to be displayed."

Munro adds, "You'll sometimes see a Windows error message running on the display boards when the PC has crashed, or a system issue has occurred."

A number of airports have asked Pen Test Partners to evaluate the security of their display boards, systems that are not infrequently left open to attack because of the absence of security controls.

"Like any system on a network, a lack of segregation or sufficient hardening can expose them to compromise," Munro explains. "The issue with flight display systems is that the world very quickly finds out that you've been hacked!"

Underlining the need for robust security in aviation-related systems, the cyberattack on Beirut's main international airport could easily have been far more disruptive.

Munro comments: "It's one thing to deface a flight display system and cause alarm, possibly even panic. However, if you want to cause total chaos at an airport, mix up the gates on the display system. It'll take a while for anyone to notice, during which time hundreds of flights will be missed."