Hack on United Airlines Makes CIA's Job More Difficult

Uploaded on 2015-09-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

6298494626_000950b26a_b.jpg

CIA's favoured Frequent Flyers Program

The Chinese hackers that stole the personally identifying information of more than 20 million people from the Office of Personnel Management (OPM) last year also hacked into United Airlines, Bloomberg reports. And Dave Aitel, CEO of cybersecurity firm Immunity, Inc., notes that the hackers’ breach of United is especially significant as it’s the main airline in and out of Washington, DC’s Dulles International, the nearest international airport to the CIA’s headquarters in Langley, Virginia.
“Every CIA employee and visitor coming from abroad flies in and out of Dulles, and chances are they’re flying United,” Aitel told Business Insider.
“The combination of information the hackers obtained from OPM with the travel information they now have from United is hugely powerful” for the Chinese, Aitel said, “and it will make the kind of work the CIA does much more difficult.”
Mike Oppenheim, the manager of threat intelligence at the cybersecurity firm FireEye, told the New York Times that Beijing is building “a massive database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China.”

The OPM hack, described by top counterintelligence official Joel Brenner as a “significant blow” to American human intelligence, has the CIA especially worried about American spies working in Beijing with diplomatic cover, sources told the Times. This “other information”, such as stolen medical and financial records, may now include US intelligence officials’ travel itineraries from the world’s second-largest airline.
FireEye estimates that the Chinese-based hackers have infiltrated at least 10 US companies and organisations, according to Bloomberg.

United Airlines claims it detected the breach in late May or early June. But the hackers’ digital footprints appear to be well over a year old, dating back to April 2014, according to Bloomberg.
The hackers who infiltrated OPM similarly had access to the agency’s security clearance computer system for over a year before they were detected.
“The average time Chinese hackers have access to a compromised system is 356 days and the longest recorded was 4 years and 10 months,” Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider last month. “They are really good at what they do, and when they break into something it’s not just smash and grab.”
Business Insider:http://http://bit.ly/1Je5Dhe

 

« Cyber Attack on US Power Grid Will Cost $1 Trillion
Countdown: 10 Things Cyber Crooks Could Do To Your Computer, Without Even Touching It »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

SEON Technologies

SEON Technologies

At SEON we strive to help online businesses reduce the costs, time, and challenges faced due to fraud.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.