United Airlines has announced a penetration of its computer security in May and June, with investigators saying it was most likely the same Chinese squad that carried out the “cyber Pearl Harbor” attack on the Office of Personnel Management, along with an operation against health insurance company Anthem. It appears the Chinese raiders made off with a sizable amount of flight information, including passenger lists, from United.
Bloomberg Business notes this data theft is eerily compatible with the OPM heist: “It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors… That data could be cross-referenced with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances.”
The article reveals that investigators studying the methods used by the thieves who penetrated OPM had already compiled a list of possible additional targets, based on information distilled from their hacking tools, and included United Airlines on that list. As with the OPM attack, it appears the hackers lurked within United’s system for months before they were discovered. The hackers who hit both OPM and United also shared a penchant for employing aliases derived from Marvel comic books.
What, precisely, China plans to do with this bizarrely detailed model of American citizens remains to be seen, but investigators suspect their database is now augmented with a great deal of information about their travel arrangements. Business Insider relates theories that China is mapping out American business and government organizations to develop “infrastructure-killing cyber weapons.”
The OPM breach made it clear the hackers were particularly interested in U.S. government employees. The Bloomberg report notes that United Airlines is “one of the biggest contractors with the U.S. government among the airlines, making it a rich depository of data on the travel of American officials, military personnel and contractors.”
As cybersecurity expert James Lewis noted the United data could be cross-indexed with stolen OPM information about intelligence agents and their contacts to give Chinese intelligence “a better picture of what the other side is up to.” There is evidence of previous, unsuccessful efforts to steal travel information from government computers over the past few years.
There is also some speculation that Chinese attacks on United’s computer systems might have been responsible for recent computer faults that interfered with air travel and left thousands of passengers facing delayed flights—a possibility energetically dismissed by airline and government officials at the time, as they hastened to assure the public that hacker mischief was not responsible for those computer faults. It still is not deemed likely that the airline snafus were deliberate acts of sabotage, but sources within the investigation of the United hack said it was possible that at least one of the booking-system glitches could have been inadvertently caused by the database penetration.
News of this penetration is dismaying for United, which has been working to upgrade its electronic infrastructure for some time, due to both booking service interruptions and previous hacker raids. Business Insider reports the airline has been paying “bug bounties” to hackers who “responsibly and privately disclose bugs they find to the company.”
The Chinese government, as is their habit, responded to news of the United breach by ritually declaring their government personnel “never engage in any form of cyberattack,” and the rulers of Beijing “firmly oppose and combat any forms of cyberattacks.”