Using dark websites for crisis communication – three case studies: Norsk Hydro, Boeing and Ethiopian Air

Mar 22, 2019

Charlie discusses the use of dark websites for crisis communication

I thought this week I would discuss the use of dark websites for crisis communication. When you hear about a crisis on the news, I always suggest you take a look at the organisation’s website and see how they are portraying the incident.

A dark website is a website which is hidden from existing users and only deployed when an incident occurs. This is particularly common for airline’s, as if they experience a crash and there are casualties, they will take all the colourful adverts off the front of their website and only show links to information about the crash. As this has been organised in advance, the website can be put into place very quickly.

When organisations don’t have this prepared on their website, it can be a source of embarrassment. Your organisation may have just killed several people and all customers see when they look on your website is adverts for further trips. If your organisation is not managing the incident well then this adds to the perception that you are incompetent. Depending on how organisations manage their website this can be a difficult or easy task. If you have good in-house website designers, they can quickly re-code the website and change the front picture. If there aren’t in-house web designers and you rely on a design agency, you may not even have their out of hours contact information. So, if the incident takes place on a Friday evening, as they invariably do, nobody may be able to change the website until Monday morning.

There also needs to be a balance between putting the incident on the front page of your website, so that you are acknowledging it, and drawing attention to the incident, which may not be public or be known to many. Depending on the size and impact of the incident, you may want to have a smaller banner which links to further information on the website.

Using your website to provide information for stakeholders during an incident also has to be thought through in a cyber-attack, for example, the one affecting Norsk Hydro, one of the world’s largest aluminium producers. They were affected by ransomware this week and had to take down all of their systems, including their website. I presume that the website was hosted on their own servers, so they also had to take this down. If you host your website with a third party then it will not be affected during a ransomware attack, and the website can be used to communicate progress on the Incident with all stakeholders.

If you have a second website outside of your own servers, to use during a cyber-attack, you also have to think about information security. It is common for fraudsters to set up fake company websites during incidents in order to harvest data or to commit financial fraud. How do customers know that the website which has a different web address to your normal site, is actually your website and not that of a fraudster? At the beginning of the Norsk Hydro incident, they were using their Facebook page to post information, so, alternative communication during a ransomware attack does need to be thought through.

The image below shows their website when the incident first occurred. It has been taken down now, but there is still basic information which signposts you to the Facebook page.


Although the site is basic it at least tells you where to find further information on the company and offers reassurance that there has been a cyber-attack, rather than the company going bankrupt, which is sometimes the case when a website disappears.

The image below shows their website the next day, so you can see that the functionality has returned. It is still stark and grey, which to me shows that they are sombre about the incident, even though they are starting to bring back their systems.

Sign-up to our Newsletter

"*" indicates required fields