Lizard Squad vs. AA Flight #362 Analysis


On August 24, 2014, American Airlines flight #362 (Dallas > San Diego) was diverted to Phoenix for an emergency landing.


Lizard Squad tweet4.jpgThis twitter threat allegedly came from an individual (or group) known as Lizard Squad.
Earlier that day, Lizard Squad claimed responsibility for DDOS attacks on several online gaming systems.  Among them was the Sony Playstation network.  Although the attacks were widely reported as “hacks,” they’re more accurately termed as “distributed denials-of-service.”  Picture how a pizza shop’s business might be impacted if it was bombarded with thousands of fake phone-in delivery orders.

John Smedley, the President of Sony Online Entertainment, was on board flight #362.  He made three separate entries on his personal twitter account.

Awesome.  Flight diverted to Phoenix for security reasons.
I hate American Airlines
Something about security and our cargo.  Sitting on Tarmac.

Lizard Squad carried on, posting a picture of an airline ticket from the flight, a video of 9/11 footage and veiled threats regarding ISIS (Islamic State of Iraq & Syria).

At some point, Smedley became aware that his presence on the plane was directly related to its emergency landing.

Yes. My plane was diverted.  Not going to discuss more than that.  Justice will find these guys.

After the plane was cleared to resume its journey, Smedley’s tweets continued…

I wish the national media would stop letting these DDOS trolls occasional use of the ISIS crap be taken seriously.  Seeing news accounts

that make it sound like that’s serious.  Media please don’t get trolled.  those Isis guys are pure evil and shouldn’t be conflated with trolls.

Finally, when he realized the likelihood of this story being picked up by the national media, there was a meager attempt at damage control.

btw when I was bitching about American yesterday it was simply because I’m tired of paying $25 a bag and $10 for food after the ticket.

One quick note — the mainstream media often refers to any technology mishap as a “hacking” incident.  These characterizations frequently imply a greater level of technological sophistication than is warranted.

Here’s some major takeaway points from the Lizard Squad incident:

  • It’s glaring evidence of how someone can become ensnared and potentially contribute to a real-world crisis.  Just how easy is it to coerce the unwitting participation of an average individual?  And what’s the game plan for thousands of simultaneous threats directed at hundreds of airlines?  From a decentralized social media perspective, I truly doubt any contingency plan would be sufficient (assuming one even exists).
  • If someone wanted to ground an airplane via the internet, they would have a better idea of how to go about it.  It exposed a threshold level of circumstances — specific online activity that can result in the diversion of a commercial airplane.  This could serve as a template/blueprint for future copycats.
  • It illustrates an ability to impact national security and high profile OODA* loops (the scrambling of fighter jets and critical, snap decisions from traditionally bureaucratic organizations such as the FAA and the FBI).

Whether or not the plane’s diversion was justified is well outside my realm of expertise.  Although the threats were layered and multifaceted, I think it’s reasonable to conclude that those in charge suspected they were not credible.  The plane’s emergency landing was more likely executed out of an abundance of caution.  Also, the unfolding of events in the public domain could have been a factor.  Taking no action whatsoever could have been perceived as an act of negligence.

  • Assuming Lizard Squad is a small group or lone individual, it demonstrates a dangerous level of technological super-empowerment.  This fact should not be dismissed just because it’s disconcerting and difficult to address.

The artificially generated stampede represents a far more serious conceptual dilemma.  Cell phones can be used to transmit and receive information including illegitimate evacuation orders and hoax bomb threats.  Think of it in terms of a crowded football stadium.  Fans acting as cars involved in a “wireless demolition derby” with zero distinction between friend or foe.  You either acknowledge the presence of 50,000 – 100,000 mobile devices OR you don’t.  If you choose the latter, the consequences could be devastating (a dominipede).  The general public is not familiar with the prospect of artificially generated stampedes.  They lack situational awareness.  Even worse are the security “experts” — the ones familiar with the overt disconnect in evacuation protocol.  There’s this relentless, pervasive state of oblivious denial.  This isn’t a failed strategy.  It’s not a strategy at all.  When presented with a dangerous hypothetical, they’re choosing the path of intentionally blind ignorance.

Finally, the Lizard Squad incident shows the increasing difficulty in adapting to real-world technological conditions.  Human stampedes can develop instantly consistent with herding instincts and “fight or flight” triggers.  You’re not afforded the necessary time to assess the situation.  So what happens when OODA loops are rendered irrelevant or cease to exist?

I think it’s important to extrapolate a bit.  Could the dispensation of mass information impact widespread personal, physical movement?  The artificially generated stampede resembles a “reverse flash mob.”  Instead of summoning a large group of people, it’s simply an effort to force a sudden evacuation.  It’s not really that complicated.  At the very least, the fact that virtually everyone is in possession of an active cell phone demands a general contingency plan.  Simply put, it’s imperative to physically warn people that legitimate stadium evacuation orders do NOT come from personal cell phones.

There seems to be an outdated, 1950’s way of thinking when it comes to bomb threats.  The industry consensus is that if it happens, it can only be a singular threat.  And that threat will be received and processed by a switchboard operator conveniently located at the main desk.  This is blatantly inconsistent with real-world conditions.  Regarding emergency evacuation protocol, it’s as though every stadium incident commander is operating at a kindergarten level during nap-time.  ALL of them are asleep at the switch.

And here’s the most vexing question.  Why am I the only person concerned about such a generically inevitable national security issue?  Furthermore, why is it my responsibility to fix this mess?  If you have any insight, I’d be very receptive to hearing your thoughts.


* OODA loops characterize the manner in which decisions are made.  Observe, orient, decide, act.