The China-based hacking team that has been infiltrating U.S. government and business computer systems appears to be behind two newly discovered attacks — this time on travel reservation processor Sabre and American Airlines, Bloomberg Business reported last week.
Sabre confirmed that its systems — which contain sensitive records on as many as a billion travelers — recently were breached. American Airlines, the world’s largest carrier, is investigating whether hackers were able to crawl from Sabre’s systems into its own, according to the Bloomberg Business report, which cited unnamed sources. Some of the companies’ network infrastructures are shared.
The attacks appear to be part of a months-long series of hacks government officials have tied to China. Targets penetrated reportedly include the U.S. Office of Personnel Management, Anthem Insurance and United Airlines.
Connecting the Dots
United, the second-largest airline in the world, has denied the data breach reports that surfaced late last month.
“These reports are based on pure speculation, and we can assure our customers that their personal information is secure,” said United spokesperson Charles Hobart.
“We remain vigilant in protecting against unauthorized access and use top advisors and best practices on cybersecurity to maintain our effectiveness,” he told the E-Commerce Times.
There is good reason to give United’s denial of a breach some weight, noted Paul Tiao, a partner with Hunton & Williams.
“If personal information is involved, United would have a notification obligation under 47 state laws,” he told the E-Commerce Times.
“The other thing is, as a publicly traded company, it has SEC reporting obligations — and the SEC has been very focused on cybersecurity reporting,” Tiao added. “So if United is saying there was no hack, that’s something that should be taken seriously.”
If there is anything to the rumors, the risk of exposure is high.
Data stolen from United could be cross-referenced with other stolen data to create avenues for blackmail or recruitment of Chinese spies, Bloomberg explained in a report published last month.
“If they correlate Office of Personal Management data with airline manifests and medical histories, they can build a serious counterintelligence campaign against an individual or group or individuals,” said global information security researcher Bill Hagestad II.
“It’s very serious,” he told the E-Commerce Times.
Stolen information also could be used to launch future espionage campaigns.
“Any personal information can be used to conduct further intelligence-gathering operations through spearphishing and other types of social engineering attacks,” said Hunton & Williams’ Tiao.
“Depending on which networks the hackers got into, the intrusion could also have disruptive implications. It could disrupt United’s business operations,” he continued.
“The implications could be significant but we don’t know enough about what is happening and who’s responsible to know for sure what the significance is,” Tiao added.
The hackers are driven by big data analytics, explained Richard Blech, CEO of Secure Channels.
“The more data you can gather, the more you can do with it,” he told the E-Commerce Times. “They’ve got computer systems that will crunch all the data they steal, and they’ll get the value they need to get out of it.”
Pinching airline data would give the Chinese a way to chart the travel patterns of specific government or military officials. American Airlines and United Airlines are the two biggest airline contractors with the U.S. government, making them a goldmine of data on the travel of government personnel.
Sabre’s reservation data is another rich vein in that mine.
It appears the data thieves spent months tampering with United’s network. For example, a website called “united-airlines.net” was set up in April 2014 in preparation for the attack, according to Bloomberg.
That domain was registered by “James Rhodes,” which is the name of a character in Marvel Comics whose alter ego is “War Machine,” Bloomberg noted.
The OPM hackers often use Marvel Comics references as a way to “sign” their attack.
More to Come
Although numerous reports have linked Chinese hackers to the break-ins at Anthem, OPM, possibly United, and now American Airlines and Sabre, there are other organizations with the resources to perform massive intrusions.
“There are a lot of very sophisticated criminal hackers out there now,” Tiao said. “Sophisticated services are increasingly available on the black market Internet forums.”
Whether or not China is behind this recent rash of break-ins, one thing seems certain: More breaches are to come.
“It would be naive to think that they got to Anthem and OPM, and they’re not anywhere else,” Secure Channels’ Blech said.
“We just don’t know it yet,” he added. “It hasn’t been announced, discovered or revealed, but it’s safe to assume they’re pulling volumes of data from other places.”