Airport CEOs learned of cyberattack together at industry conference

Credit: Jason Getz / Jason.Getz@ajc.com

Credit: Jason Getz / Jason.Getz@ajc.com

Atlanta airport leader details how officials learned of attack that hit Hartsfield-Jackson website

Hartsfield-Jackson International Airport General Manager Balram Bheodari was at an industry conference in Orlando to speak in an airport CEO roundtable discussion when his phone rang.

It was about 7:45 a.m. Monday morning, Bheodari said. The heads of the airports in Los Angeles, Phoenix and Seattle were also at the American Association of Airport Executives’ National Airports Conference at a Hilton resort.

Bheodari looked around and noticed the other airport CEOs were also stepping out to take calls, and he started to wonder, “What’s going on with them? Why are we all walking out of this room?”

It turned out that “we were all getting the same message simultaneously,” Bheodari said.

Airports across the country including Hartsfield-Jackson had been hit by a cyberattack allegedly organized by a pro-Russian group of hackers, temporarily shutting down their websites.

It was a distributed denial-of-service attack, in which a targeted server gets flooded with Internet traffic, overwhelming the system.

Bheodari said in this case, the airport was getting 29 million hits per second coming into its server.

They were coming from various international Internet Service Providers, Bheodari said. In response, the airport halted access to the server from outside the United States.

The Atlanta airport’s website wasn’t restored until about 10:17 a.m. The cyberattack did not affect flights or other airport operations, Bheodari said.

ExploreHartsfield-Jackson website restored after outage

Hartsfield-Jackson is investigating the incident. The airport has been monitoring email coming in since Monday morning.

On Wednesday, Bheodari told an Atlanta City Council committee meeting, “We’re at the point where we are starting to open our server back to known entities.”