At the start of Monday local time, something odd happened to the website of Malaysia Airlines. Users visiting the site in some regions were redirected to a different webpage.
Someone calling itself "Lizard Squad - Official Cyber Caliphate" claimed responsibility for the attack. It has claimed attacks on the websites of other companies in the past.
As of press time, the official site was restored. But last night these were the two images that were alternately posted on the redirect page, along with a rap song.
On its official Facebook page, the airline posted this message:
"Malaysia Airlines assures customers and clients that its website was not hacked and this temporary glitch does not affect their bookings and that user data remains secured."
Lizard Squad counters, via its @LizardMafia Twitter account, that it has in fact separately compromised the airlines' data and posted an image of an inbox that appears to be the email account of an airline official.
Down a rabbit hole of intrigue
What we can be sure of is that attackers essentially kidnapped Malaysia Airlines' online address. They did this without having to access the airlines own servers.
They instead targeted the domain name system, or DNS, records for Malaysia Airlines' site. DNS records are stored on the separate servers of a third-party domain name registrar, which works metaphorically like an old-school telephone operator connecting phone calls.
Most servers that publish content to the internet are recognizable by a numeric address. For instance, Malaysia Airlines' web server is at 72.247.9.227.
The attackers obtained the username and password of its domain name registrar, a company that registers and stories the the directory records for various site domain names.
We don't know how hackers in this particular case obtained the log-in information but one common method is to send "phishing" emails that trick employees into revealing their password information.
But by changing the records on the server, the attackers could redirect visitors to a webpage of their choice -- turfing the airlines' domain.
DNS attacks are difficult to prevent, though some security providers, such as Akamai's Prolexic Technologies, CloudFlare, and VeriSign, can help business plan for how to respond if something goes wrong.