Someone hiding in the long shadows of the Internet has taken against the world’s most popular flight tracking website, Flightradar24.
The Swedish company hasn’t confirmed it suffered a Distributed Denial of Service (DDoS) attack but that seems the most likely explanation for a series of outages and general instability that affected the site from the early afternoon of September 27 ET.
After subscribers took to forums to muse on odd communication errors and empty maps on the mobile app, the company’s Twitter feed initially put the issue down to “network problems.”
Cue further problems and a flurry of updates over the following 24 hours and suddenly the feed’s explanation turned from gremlins in the data center to something more significant:
“For the third time in two days Flightradar24 is under attack. Our engineers are working to mitigate the attack as quickly as possible and we hope to be back tracking flights soon. We appreciate your patience and apologize for the inconvenience.”
The good news is that by Tuesday, September 29, the site was available again without issues.
DDoS attacks aren’t a surprise – frankly it’d be more of a surprise if a day passed without a large site not experiencing some form of traffic issue – but potentially suffering three in rapid succession large enough to disrupt a popular service always stands out.
For those unfamiliar with the joys of Flightradar24, it is used by its two million fan base across the globe to track 180,000 aircraft movements per day in real time, complete with airspeed, altitude, flight heading, aircraft type, registration number, and airline identifier.
In late 2018, aviation enthusiasts were even able to use it to unmask President Trump’s unscheduled trip to Iraq on call sign Air Force One, after connecting an unidentified aircraft movement on Flightradar24 to an amateur ground report of a Boeing VC-25A (production run: 2) flying over the UK.
Assuming the latest disruption was caused by a DDoS attack (Flightradar24 was contacted for comment but has not yet replied), why target a site like Flightradar24? Various theories have surfaced on user forums, some wilder than others.
One theory is that it was an attempt to obscure military aircraft movements connected to military clashes which started last week between Azerbaijan and Armenia.
This seems far-fetched. Flightradar24 shouldn’t normally identify or even show military aircraft bar the odd training flight or transport, which would in any case be visible to combatants using more specialized local systems than an app.
Or perhaps Flightradar24 was collateral damage and the real target was something else using the same hosting infrastructure. Or any number of other theories. As everyone moves on, the underlying motivations for a DDoS attack are rarely clear.
As it happens, according to this week’s Netscout Threat Intelligence report, the period between April and May 2020 saw the largest number of DDoS attacks ever recorded by the company in a 31-day period, 929,000.
Predictably, it’s a toll nobody notices or cares about until something useful suddenly disappears.