Hack on United Airlines Makes CIA's Job More Difficult

Uploaded on 2015-09-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

6298494626_000950b26a_b.jpg

CIA's favoured Frequent Flyers Program

The Chinese hackers that stole the personally identifying information of more than 20 million people from the Office of Personnel Management (OPM) last year also hacked into United Airlines, Bloomberg reports. And Dave Aitel, CEO of cybersecurity firm Immunity, Inc., notes that the hackers’ breach of United is especially significant as it’s the main airline in and out of Washington, DC’s Dulles International, the nearest international airport to the CIA’s headquarters in Langley, Virginia.
“Every CIA employee and visitor coming from abroad flies in and out of Dulles, and chances are they’re flying United,” Aitel told Business Insider.
“The combination of information the hackers obtained from OPM with the travel information they now have from United is hugely powerful” for the Chinese, Aitel said, “and it will make the kind of work the CIA does much more difficult.”
Mike Oppenheim, the manager of threat intelligence at the cybersecurity firm FireEye, told the New York Times that Beijing is building “a massive database of Americans, with a likely focus on diplomats, intelligence operatives and those with business in China.”

The OPM hack, described by top counterintelligence official Joel Brenner as a “significant blow” to American human intelligence, has the CIA especially worried about American spies working in Beijing with diplomatic cover, sources told the Times. This “other information”, such as stolen medical and financial records, may now include US intelligence officials’ travel itineraries from the world’s second-largest airline.
FireEye estimates that the Chinese-based hackers have infiltrated at least 10 US companies and organisations, according to Bloomberg.

United Airlines claims it detected the breach in late May or early June. But the hackers’ digital footprints appear to be well over a year old, dating back to April 2014, according to Bloomberg.
The hackers who infiltrated OPM similarly had access to the agency’s security clearance computer system for over a year before they were detected.
“The average time Chinese hackers have access to a compromised system is 356 days and the longest recorded was 4 years and 10 months,” Mark Wuergler, a senior cybersecurity researcher at Immunity Inc., told Business Insider last month. “They are really good at what they do, and when they break into something it’s not just smash and grab.”
Business Insider:http://http://bit.ly/1Je5Dhe

 

« Cyber Attack on US Power Grid Will Cost $1 Trillion
Countdown: 10 Things Cyber Crooks Could Do To Your Computer, Without Even Touching It »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

King & Spalding

King & Spalding

King & Spalding is an international law firm with offices in the United States, Europe and the Middle East. Practice areas include Data, Privacy & Security.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.

Phone Monitoring Service

Phone Monitoring Service

Phone Monitoring Service provides cyber security services, ethical hacking services, social media hacking services in the USA, Canada, Europe.

Tria Federal

Tria Federal

Tria Federal is the premier middle-market Technology and Advisory services provider delivering digital transformation solutions to federal health and public safety agencies.