Cyberattacks on OPM, Anthem and United Airlines are Linked

By Peter Bernstein July 30, 2015

The bad news on the cyberattack front got a whole lot worse with a story from Bloomberg by reporters Michael Riley and Jordan Robertson that revealed evidence that a group of China-tied hackers are responsible not only for the recent major data breaches at the U.S. Office of Personnel Management (OPM) and health insurer Anthem but also an until now not disclosed one at United Airlines (UAL) that was unrelated to the “glitch” that brought operations to a halt for several hours a few weeks ago.

The Bloomberg report is harrowing:

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests -- which include information on flights’ passengers, origins and destinations -- according to one person familiar with the carrier’s investigation.

It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.

It is now estimated by security firm FireEye that the hackers have compromised at least 10 companies and organizations, and thanks to big data and sophisticated analytics are positioning themselves to be able to identify Americans who work in defense and intelligence, including those on the payrolls of contractors, and cross-reference that information with medical and travel records for the purpose of blackmailing or recruiting people who have security clearances.

All of this brings to mind the famous Mad Magazine Cover below.

via Mad Magazine

The short answer for those who read the entire account, with the requisite Chinese government denial, is YES! The second paragraph above highlights that we need to worry.

As is my custom when these things occur, below are selected quotes from security experts on these latest revelations.

Tim Erlin, director of IT security and risk strategy for Tripwire commented: “As we’ve seen with other breaches, attackers are often resident inside an organization’s network for months before being detected. It’s clear that standard detection tools are simply not performing or not implemented correctly. Large companies and government agencies need to take a critical look at how they can identify what’s changing in their environment, and assess how those changes affect their security posture and attack surface.

The fact that this breach isn’t likely to require disclosure in most states, based on the current laws, should give The White House fuel to promote a national breach disclosure standard. There are few citizens who wouldn’t want to know if their data was included in this kind of breach.”

In a similar vein, Stewart Draper, director of insider threat at Securonix in comments aimed at the disclosure of the UAL breach stated:  “Airlines are being attacked from all angles - their membership programs, reservations systems and even in-flight attempts to tamper with systems. The industry is going to have to quickly realize that they make up a critical part of infrastructure that appeals to nation states and hacktivist groups, and they need to do a better job to harden their systems. This is the second breach for United Airlines in the last 12 months and the FAA will need to prioritize industry level discussions around cyber security.

Image via Shutterstock

The hackers could have been trying to learn and establish routines of targets they already have data for from OPM and Anthem breaches as there is a lot less PII data available through commercial airlines.  Behavioral analytics can play a significant role in the speed of detection and remediation to a breach.”

John Humphreys, CMO, Proficio on the UAL breach explained: "The Chinese are systematically looting data from strategic government and business sources. If you have this type of data, chances are you are already compromised. Expect more shoes to drop…"This is also an example of a popular Doppelgänger Evil Twin attack where Chinese cyber criminals stand-up a domain with a similar name to a corporate website and then set up redirect links in partner websites."

Richard Blech, CEO and Co-Founder, Secure Channels adds: "Hackers used their sophisticated technological tools to support their social engineering techniques, which fooled the unsuspecting humans. Hackers were able to see clear text data, but if said data had been encrypted, such human error would have no effect. Mechanisms for perimeter defense and detection / alerting are not sufficient. Best practices would have mandated a layered security, including encryption. The technology exists, United Airlines chose not to use it, and they failed Best Practices and their customers."

I also wish to share some advice from Tripwire’s chief technology officer, Dwayne Melancon, if you are a UAL customer, which I unfortunately have as my preferred air travel company. He says: 

  1. “Immediately use Equifax, Transunion or Experian to put a ‘freeze’ on your credit. This will significantly reduce the risk that anyone can open new lines of credit in your name.
  2. Look into free credit monitoring and identity theft protection services. There’s no way to easily change the personal data stolen in this breach; it’s not  like a credit card fraud. This means you’ll need to carefully monitor any changes to your finances.  In addition, beware of any emails or calls regarding this incident as they are almost certainly fraudulent.
  3. Change the answers to ‘secret questions’ used to validate your identity online, especially if they use personally-identifiable information as answers. Make up your own questions and answers, or use answers that are fictitious but memorable to you to prevent criminals from guessing their way into your online accounts.”

If nothing else this is certainly going to make Black Hat 2015 and the DefCon 23 hacker events, both of which are coming up next in Las Vegas, really interesting. 

I guess I know what I will be doing today. Not sure how I feel anymore about electronic check-in when I fly.  At least for the moment, however, all of my frequent flyer miles on various airlines are still accurate in all of my accounts and are hopefully not in a database in China along with my other personal information. 

Edited by Dominick Sorrentino
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More