Cyber-attack on three  European airports leads to disruption for thousands

Thousands of passengers saw their flights cancelled or delayed after a cyber-attack that affected Heathrow and airports in Berlin and Brussels.

Hackers targeted software used by airlines to check in passengers and give them boarding passes. Airline staff had to write boarding passes by hand, substantially lengthening the process which created hours-long queues for travellers.

The check-in systems are provided by Collins Aerospace, a US firm that also produces defence systems and was last week awarded a contract to run Nato’s electronic warfare planning. No hacking group immediately claimed responsibility.

The Liberal Democrats raised the possibility of a link to Russian aggression against Nato in eastern Europe, but cybersecurity experts from the Royal United Services Institute (RUSI) said that most hacking incidents are opportunistic ransomware attempts.

The cyber-attack was launched late on Friday night and by afternoon, 29 flights had been cancelled, according to Cirium, the aviation data provider, out of more than 1,000 from the three airports.

Collins said it had “become aware of a cyber-related disruption to our Muse software in select airports. The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations”.

Queues snaked around the terminals and some passengers at Heathrow said they had been waiting for 10 hours. Tereza Pultarova said she had arrived at 4.30am for a flight to Cape Town, but was still waiting yesterday afternoon without any prospect of travelling.

At Terminal 4, Helen Steel, who was trying to fly home to Oslo with her cat Thomas, said she had begun her journey at 3am in Dorset and it had been an “absolute nightmare”.

The National Cyber Security Centre said it was working with Collins and the airports, as well as police. Heathrow and Berlin said there had been a “technical issue”, but Brussels confirmed a cyber-attack.

The attack timing prompted suspicions it might be directed by Russia, coming on the same day that Nato jets intercepted three Russian MiG-31 jets in Estonian airspace, and shortly before Polish aircraft were deployed after Russian airstrikes in Ukraine.

Lib Dem foreign affairs lead Calum Miller said: “After the flagrant violation of Estonian airspace, the government needs to urgently establish if Vladimir Putin is now attacking our cyber systems.”

However, Jamie MacColl, a senior research fellow at the RUSI, said that it was more likely to be an opportunistic ransomware attack.

“For the time being I haven’t seen any evidence that would link it to Russia’s activity over the last two days,” he told The Observer. “We haven’t really seen Russian hacktivists have this type of impact over the last few years on major western critical national infrastructure.”

Photograph by Justin Tallis/AFP/Getty