The denial-of-service attack created hours of headaches in operations had it not been for the airports’ IT team.
"There’s always going to be bad guys out there trying to do harm," said General Manager Balram Bheodari told the Atlanta City Council Transportation Committee during a meeting on Wednesday.
Bheodari provided a behind the scenes look at how his team stopped the hackers.
The general manager was in Florida at a conference with other airport bosses when he got a call.
"And I stepped out and answered it, and I saw the director of Phoenix (Sky Harbor International Airport) behind me, the director of LAX behind me, and the Chief Operating Officer of the Port Authority behind me," Bheodari said. "And I looked around, wondering what’s going on with the. Why are we all walking out of this room? And we’re all getting the same messages simultaneously."
The alert was about one of airport’s network systems was being flooded with malicious emails.
"Twenty-nine million emails per second…trying to get…penetrate our server," Bheodari said.
"You have a finite resource, you know, being a server or being a network cable or something like that, or a channel, and you basically try to stack as much input into that one finite resource as possible," said Brian Tant with Raxis, a company that specializes in security testing. "And what happens is, is that system just gets overwhelmed. It can’t respond to the legitimate traffic and the net effect is it goes offline."
The airport's external website where travelers get information like parking availability and security screening wait times did go down for a couple of hours. Bheodari gave an order to stop out-of-the US emails for a period.
"There would have been no impact to the flight operations, it would just be a large inconvenience," said Tant.
The motive behind the attack was not for money, but rather was political. Cyber security experts say the attack was orchestrated by a shadowy group of pro-Russian hackers that calls itself Killnet. The group published a target list on its Telegram channel.
The hack did not interrupt service at the airport.