Hackers Breach United Airlines
News has broken that United Airlines have been breached by the group of China-backed hackers believed to have been behind the Anthem breach. They detected the attack in May or early June, and among the data stolen are manifests including information on their flights’ passengers and their destinations. Experts from Tripwire, STEALTHbits, Securonix, Proficio, and Secure Channels commented on the breach of united airlines by the hackers.
Tim Erlin, Director of Security and Product Management at Tripwire :
“If investigators are accurate in attributing these attacks to the same group, they have amassed a vast database of information that could be used for multiple purposes, from economic espionage to political gain. How they connect these data points together will determine the outcome, but it’s clearly not good for the United States.
As is often the case early in a breach investigation, details on exactly how the attackers succeeded in penetrating United Airlines systems is unclear. It will likely be months before we know more, but it’s imperative that details are shared with other organizations so that we can collectively improve defenses.
As we’ve seen with other breaches, attackers are often resident inside an organization’s network for months before being detected. It’s clear that standard detection tools are simply not performing or not implemented correctly. Large companies and government agencies need to take a critical look at how they can identify what’s changing in their environment, and assess how those changes affect their security posture and attack surface.
The fact that this breach isn’t likely to require disclosure in most states, based on the current laws, should give the Whitehouse fuel to promote a national breach disclosure standard. There are few citizens who wouldn’t want to know if their data was included in this kind of breach.”
Kevin Foisy, Chief Software Architect and Co-Founder, STEALTHbits :
“When we see major infrastructure being attacked, it’s hard not to imagine a state sponsored connection. The Art of War, “know thy enemy” comes to mind when we consider the intelligence being captured. On the surface, there’s sensitive data loss, but the bigger picture is the know-how being gained in ongoing successful penetration of infrastructure. These are undoubtedly training grounds for the real attacks that could come in the event of war. Recent breaches in the area of finance and transportation should serve as a warning for the crippling effects of an e-attack to a technology dependent nation in a time of conflict.”
Jeff Hill, Channel Marketing Manager, STEALTHbits :
“More alarming than the increasing sophistication and effectiveness of cyber-attacks is the exploding diversity of motives. From disrupting the release of a movie at Sony, to a moral objection to an adultery website at Ashley Madison, gone are the days when hackers simply stole credit card numbers to make a quick buck. Can we now add international espionage to that list? Analyzing the travel habits of US government personnel can somewhat harmlessly provide insight into the development of new alliances or business partnerships, but can also be an invaluable tool in the never-ending effort by intelligence agencies to compromise those with access to classified information. Despite the sophistication of high tech satellites, ground-based signals collection and monitoring devices, and other technology, the best intelligence is still obtained from the mid-level government employee desperate to keep his overseas fling a secret.”
Stewart Draper, Director of Insider Threat at Securonix :
“Airlines are being attacked from all angles – their membership programs, reservations systems and even in-flight attempts to tamper with systems. The industry is going to have to quickly realize that they make up a critical part of infrastructure that appeals to nation states and hacktivist groups, and they need to do a better job harden their systems. This is the second breach for United Airlines in the last 12 months and the FAA will need to prioritize industry level discussions around cyber security.
The hackers could have been trying to learn and establish routines of targets they already have data for from OPM and Anthem breaches as there is a lot less PII data available through commercial airlines.
Behavioral analytics can play a significant role in the speed of detection and remediation to a breach.”
John Humphreys, CMO, Proficio :
“The Chinese are systematically looting data from strategic government and business sources. If you have this type of data, chances are you are already compromised. Expect more shoes to drop.”
“This is also an example of a popular Doppelgänger Evil Twin attack where Chinese cyber criminals stand-up a domain with a similar name to a corporate web site and then set up redirect links in partner web sites.”
Richard Blech, CEO and Co-Founder, Secure Channels :
“Hackers used their sophisticated technological tools to support their social engineering techniques, which fooled the unsuspecting humans. Hackers were able to see clear text data, but if said data had been encrypted, such human error would have no effect. Mechanisms for perimeter defense and detection / alerting are not sufficient. Best practices would have mandated a layered security, including encryption. The technology exists, United Airlines chose not to use it, and they failed Best Practices and their customers.”
Here’s what Dwayne Melancon Chief Technology Officer, Tripwire, says you should do after the breach :
- “Immediately use Equifax, Transunion or Experian to put a “freeze” on your credit. This will significantly reduce the risk that anyone can open new lines of credit in your name.
- Look into free credit monitoring and identity theft protection services. There’s no way to easily change the personal data stolen in this breach; it’s not like a credit card fraud. This means you’ll need to carefully monitor any changes to your finances. In addition, beware of any emails or calls regarding this incident as they are almost certainly fraudulent.
- Change the answers to “secret questions” used to validate your identity online, especially if they use personally-identifiable information as answers. Make up your own questions and answers, or use answers that are fictitious but memorable to you to prevent criminals from guessing their way into your online accounts.”
Read the Information Security Buzz article here.