Hack on United Airlines Makes CIA's Job More Difficult

6298494626_000950b26a_b.jpg

CIA's favoured Frequent Flyers Program

The Chinese hackers that stole the personally identifying information of more than 20 million people from the Office of Personnel Management (OPM) last year also hacked into United Airlines, Bloomberg reports. And Dave Aitel, CEO of cybersecurity firm Immunity, Inc., notes that the hackers’ breach of United is especially significant as it’s the main airline in and out of Washington, DC’s Dulles International, the nearest international airport to the CIA’s headquarters in Langley, Virginia.
“Every CIA employee and visitor coming from abroad flies in and out of Dulles, and chances are they’re flying United,” Aitel told Business Insider.
“The combination of information the hackers obtained from OPM with the travel information they now have from United is hugely powerful” for the Chinese, Aitel said, “and it will make the kind of work the CIA does much more difficult.”
Mike Oppenheim, the manager of threat intelligence at the cybersecurity firm FireEye, told the New York Times that Beijing is building “a massive database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China.”

The OPM hack, described by top counterintelligence official Joel Brenner as a “significant blow” to American human intelligence, has the CIA especially worried about American spies working in Beijing with diplomatic cover, sources told the Times. This “other information”, such as stolen medical and financial records, may now include US intelligence officials’ travel itineraries from the world’s second-largest airline.
FireEye estimates that the Chinese-based hackers have infiltrated at least 10 US companies and organisations, according to Bloomberg.

United Airlines claims it detected the breach in late May or early June. But the hackers’ digital footprints appear to be well over a year old, dating back to April 2014, according to Bloomberg.
The hackers who infiltrated OPM similarly had access to the agency’s security clearance computer system for over a year before they were detected.
“The average time Chinese hackers have access to a compromised system is 356 days and the longest recorded was 4 years and 10 months,” Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider last month. “They are really good at what they do, and when they break into something it’s not just smash and grab.”
Business Insider:http://http://bit.ly/1Je5Dhe

 

« Cyber Attack on US Power Grid Will Cost $1 Trillion
Countdown: 10 Things Cyber Crooks Could Do To Your Computer, Without Even Touching It »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Surrey Centre for Cyber Security (SCCS)

Surrey Centre for Cyber Security (SCCS)

The Centre focuses on three main research directions - Privacy and Data Protection, Secure Communications, and Human-Centred Security.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Australian Cyber Security Growth Network (AustCyber)

Australian Cyber Security Growth Network (AustCyber)

AustCyber brings together businesses and researchers to develop the next generation of cyber security products and services.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.