Hack on United Airlines Makes CIA's Job More Difficult

6298494626_000950b26a_b.jpg

CIA's favoured Frequent Flyers Program

The Chinese hackers that stole the personally identifying information of more than 20 million people from the Office of Personnel Management (OPM) last year also hacked into United Airlines, Bloomberg reports. And Dave Aitel, CEO of cybersecurity firm Immunity, Inc., notes that the hackers’ breach of United is especially significant as it’s the main airline in and out of Washington, DC’s Dulles International, the nearest international airport to the CIA’s headquarters in Langley, Virginia.
“Every CIA employee and visitor coming from abroad flies in and out of Dulles, and chances are they’re flying United,” Aitel told Business Insider.
“The combination of information the hackers obtained from OPM with the travel information they now have from United is hugely powerful” for the Chinese, Aitel said, “and it will make the kind of work the CIA does much more difficult.”
Mike Oppenheim, the manager of threat intelligence at the cybersecurity firm FireEye, told the New York Times that Beijing is building “a massive database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China.”

The OPM hack, described by top counterintelligence official Joel Brenner as a “significant blow” to American human intelligence, has the CIA especially worried about American spies working in Beijing with diplomatic cover, sources told the Times. This “other information”, such as stolen medical and financial records, may now include US intelligence officials’ travel itineraries from the world’s second-largest airline.
FireEye estimates that the Chinese-based hackers have infiltrated at least 10 US companies and organisations, according to Bloomberg.

United Airlines claims it detected the breach in late May or early June. But the hackers’ digital footprints appear to be well over a year old, dating back to April 2014, according to Bloomberg.
The hackers who infiltrated OPM similarly had access to the agency’s security clearance computer system for over a year before they were detected.
“The average time Chinese hackers have access to a compromised system is 356 days and the longest recorded was 4 years and 10 months,” Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider last month. “They are really good at what they do, and when they break into something it’s not just smash and grab.”
Business Insider:http://http://bit.ly/1Je5Dhe

 

« Cyber Attack on US Power Grid Will Cost $1 Trillion
Countdown: 10 Things Cyber Crooks Could Do To Your Computer, Without Even Touching It »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Blancco Technology Group

Blancco Technology Group

Blancco Technology Group is a leading global provider of mobile device diagnostics and secure data erasure solutions.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

SteelGate

SteelGate

SteelGate’s core capabilities are centered around architecture design and engineering of network, systems, and cybersecurity solutions.

rConfig

rConfig

rConfig is a platform for automated network configuration management and backup. It enables quick rollbacks to prevent outages and ensures easy auditing.