The Chinese hacking team behind the strike on the US government’s Office of Personnel Management is believed to be responsible for a fresh hack of United Airlines.
According to reports, a breach in the May/June timeframe resulted in hackers gaining access to “data on the movements of millions of Americans,” passengers' personal information, and, possibly, United’s forward-looking mergers and acquisitions strategy.
Sources said that the state-sponsored hacking team believed to be responsible is also behind two OPM breaches, compromising the details of roughly 26 million federal staffers, and Anthem. In terms of the latter, it emerged back in February that hackers successfully stole information on 78.8 million current and former customers and employees at the health insurance giant.
The US Department of Defense (DoD) has claimed that China is developing a vast database of information about US citizens, which would be used to craft crippling attack strategies.
“If investigators are accurate in attributing these attacks to the same group, they have amassed a vast database of information that could be used for multiple purposes, from economic espionage to political gain,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “How they connect these data points together will determine the outcome, but it’s clearly not good for the United States.”
In this case, data about geographic movements of individuals has been added to the enemy’s overall holistic view of American demographics.
“The location-based and personal information of citizens is a vital asset to our safety and should not be allowed to get in the hands of a foreign government,” Suni Munshani, CEO of Protegrity, said in an emailed comment. “With this breach, the target is getting more personal, and the information is a treasure trove of PII that is extremely valuable and harmful in the wrong hands.”
This breach, if proven, would be the second high-profile breach that the airline has faced, despite the airline instigating a bug bounty. In light of the national security aspect of the attack, some are calling for United to be transparent as to the attack vector, in order to raise all boats—or planes, as it were.
“As is often the case early in a breach investigation, details on exactly how the attackers succeeded in penetrating United Airlines systems is unclear. It will likely be months before we know more, but it’s imperative that details are shared with other organizations so that we can collectively improve defenses,” Erlin said. “As we’ve seen with other breaches, attackers are often resident inside an organization’s network for months before being detected. It’s clear that standard detection tools are simply not performing or not implemented correctly.”