Beirut Airport Cybersecurity Incident: How It Unfolded

On Sunday evening, January 7, 2024, Beirut’s Rafic Hariri International Airport experienced a cyber attack that resulted in political messages appearing on its departure and arrival screens, disrupting normal flight information and temporarily halting luggage belt operations.

Lebanon’s Minister of Public Works and Transport, Ali Hamieh, addressed the public the following day, expressing a commitment to uncovering the perpetrators of the incident and reassuring the public that the airport remained fully operational.

Meanwhile, Fadi El-Hassan, Director General of Civil Aviation, reported that the issues with the airport’s screens had been resolved, and normal functionality had been restored across passenger terminals, including arrival and departure halls.

Despite these developments, official statements from Lebanese authorities regarding the incident were yet to be released, as investigations continued under the oversight of the Lebanese security services, as confirmed by Minister Ali Hamieh.

As of now, no information has surfaced regarding the compromise of airport data, such as flight details, passenger records, or other sensitive information. However, technical experts at SMEX, a nonprofit organization dedicated to advancing digital human rights across West Asia and North Africa, say that the severity of the cyberattack reveals clues on the motives behind it.

Also Read: The Largest Data Breaches In The Middle East

Members of SMEX’s technical team raised concerns about the cyber breach, stating, “If the perpetrators were able to manipulate screen content and disrupt the Baggage Handling System (BHS), it indicates the possible presence of malware within the compromised system”.

SMEX’s technical experts have also outlined several conceivable scenarios for the attack:

• The breach may have originated from the airport’s internal network, possibly involving the installation of malicious software by an individual with insider access to the airport’s systems.
• Another possibility is the compromise of an employee’s device through social engineering or a phishing attack, typically delivered via email or other deceptive means.
• An employee with privileged system access might have been coerced or manipulated through blackmail, bribery, or threats, facilitating unauthorized entry into the airport’s systems.

Lebanese authorities have yet to pinpoint the root cause of the airport cyberattack, leaving room for speculation about potential sources, which may include internal, external, or even governmental actors.