It has been revealed that the hacking group responsible for the theft of data on millions of U.S. federal employees also targeted United Airlines.
At the time ValueWalk predicted that the outages were the work of hackers. It has now been revealed that the world’s second-largest airline was also hacked around the same time as the U.S. Office of Personnel Management (OPM), according to Bloomberg.
United Airlines: latest victim of Chinese hacking group
Bloomberg cites several people familiar with the probe, who claim that United noticed a breach in its systems in May or early June. The sources claim that investigators have since linked the attack to the Chinese hacking group responsible for the OPM hack, and another attack on health insurer Anthem Inc.
The United Airlines breach was previously unreported, but it now appears that China may have data on the travel itineraries of millions of Americans. It seems that Beijing is compiling a massive database from strategic U.S. industries and institutions.
Security experts believe that the OPM hack allows the cyber attackers to identify U.S. citizens that are employed in defense and intelligence, including those who work for contractors. It is thought that the group passes information to the Chinese government.
Data holds significant strategic value for China
This information could be used in conjunction with stolen medical and financial records to blackmail and recruit potential informants with security clearances. The hacking group is responsible for cyber attacks on at least 10 companies and organizations, according to FireEye Inc.
Now that flight records have also been compromised, the Chinese could potentially track the travel patterns of government and military figures. United is a major contractor for U.S. government flights, thus its databases are a rich source of information on the movements of officials.
According to James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington, this information could allow China to track U.S. officials who make flights at the same time as Chinese counterparts.
Suspicions were also raised as to whether the hack was responsible for computer faults which left thousands of United passengers unable to fly. An outage on July 2 was apparently not linked to the hack, but investigators have not ruled out a possible connection to the June 8 computer failure.
United Airlines spokesman Luke Punzenberger declined to comment on the investigation. Zhu Haiquan, a spokesman for the Chinese embassy in Washington, released a statement which stated: “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks.”
Security experts closing back doors
It is thought that U.S. investigators working on the OPM hack may have helped United detect the breach. The investigators provided the digital signatures linked to the attack to a number of companies in the private sector, United Airlines included.
The loss of airline data could have far-reaching consequences for travelers. A mistake by either hackers or defenders could affect computer systems which control the movements of millions of passengers.
Although they have already made off with the data, the hackers may also try to retain access to United’s systems for later use. Security experts working for the airline are now tasked with closing any potential backdoor which could be used to disruptive effect in the future.
It is thought that the hackers gained access to the computer system months before a breach was detected. One web domain used in the attack, UNITED-AIRLINES.NET, was set up in April 2014.
Full extent of breach not yet known
Chinese hackers have tried to get their hands on travel data before, repeatedly targeting the U.S. Transportation Command, which is responsible for defense logistics and travel. At least 50 successful hacks of the Command’s contractors were outlined in a 2014 report by the Senate Armed Services Committee.
“The Chinese have been trying to get flight information from the government; now it looks as if they’re trying to do the same in the commercial sector,” said Tony Lawrence, a former Army sergeant and founder and chief executive officer of cybersecurity firm VOR Technology.
It is not yet known exactly what data was stolen from United’s servers. The process can take months, as proven by the OPM probe. That particular breach was detected in April, but a report was only published in June.
One source claimed that hackers may also have stolen information related to United’s mergers and acquisitions strategy. United claims that it will comply with breach-notification laws should the hack trigger disclosure requirements.