Cyberattacks on OPM, Anthem and United Airlines are Linked
By Peter Bernstein
The bad news on the cyberattack front got a whole lot worse with a story from Bloomberg by reporters Michael Riley and Jordan Robertson that revealed evidence that a group of China-tied hackers are responsible not only for the recent major data breaches at the U.S. Office of Personnel Management (OPM) and health insurer Anthem but also an until now not disclosed one at United Airlines (UAL) that was unrelated to the “glitch” that brought operations to a halt for several hours a few weeks ago.
The Bloomberg report is harrowing:
The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.
It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.
It is now estimated by security firm FireEye that the hackers have compromised at least 10 companies and organizations, and thanks to big data and sophisticated analytics are positioning themselves to be able to identify Americans who work in defense and intelligence, including those on the payrolls of contractors, and cross-reference that information with medical and travel records for the purpose of blackmailing or recruiting people who have security clearances.
All of this brings to mind the famous Mad Magazine Cover below.
The short answer for those who read the entire account, with the requisite Chinese government denial, is YES! The second paragraph above highlights that we need to worry.
As is my custom when these things occur, below are selected quotes from security experts on these latest revelations.
Tim Erlin, director of IT security and risk strategy for Tripwire commented: “As we’ve seen with other breaches, attackers are often resident inside an organization’s network for months before being detected. It’s clear that standard detection tools are simply not performing or not implemented correctly. Large companies and government agencies need to take a critical look at how they can identify what’s changing in their environment, and assess how those changes affect their security posture and attack surface.
The fact that this breach isn’t likely to require disclosure in most states, based on the current laws, should give The White House fuel to promote a national breach disclosure standard. There are few citizens who wouldn’t want to know if their data was included in this kind of breach.”
In a similar vein, Stewart Draper, director of insider threat at Securonix in comments aimed at the disclosure of the UAL breach stated: “Airlines are being attacked from all angles – their membership programs, reservations systems and even in-flight attempts to tamper with systems. The industry is going to have to quickly realize that they make up a critical part of infrastructure that appeals to nation states and hacktivist groups, and they need to do a better job to harden their systems. This is the second breach for United Airlines in the last 12 months and the FAA will need to prioritize industry level discussions around cyber security.
The hackers could have been trying to learn and establish routines of targets they already have data for from OPM and Anthem breaches as there is a lot less PII data available through commercial airlines. Behavioral analytics can play a significant role in the speed of detection and remediation to a breach.”
John Humphreys, CMO, Proficio on the UAL breach explained: “The Chinese are systematically looting data from strategic government and business sources. If you have this type of data, chances are you are already compromised. Expect more shoes to drop…”This is also an example of a popular Doppelgänger Evil Twin attack where Chinese cyber criminals stand-up a domain with a similar name to a corporate website and then set up redirect links in partner websites.”
Richard Blech, CEO and Co-Founder, Secure Channels adds: “Hackers used their sophisticated technological tools to support their social engineering techniques, which fooled the unsuspecting humans. Hackers were able to see clear text data, but if said data had been encrypted, such human error would have no effect. Mechanisms for perimeter defense and detection / alerting are not sufficient. Best practices would have mandated a layered security, including encryption. The technology exists, United Airlines chose not to use it, and they failed Best Practices and their customers.”
I also wish to share some advice from Tripwire’s chief technology officer, Dwayne Melancon, if you are a UAL customer, which I unfortunately have as my preferred air travel company. He says:
“Immediately use Equifax, Transunion or Experian to put a ‘freeze’ on your credit. This will significantly reduce the risk that anyone can open new lines of credit in your name.
Look into free credit monitoring and identity theft protection services. There’s no way to easily change the personal data stolen in this breach; it’s not like a credit card fraud. This means you’ll need to carefully monitor any changes to your finances. In addition, beware of any emails or calls regarding this incident as they are almost certainly fraudulent.
Change the answers to ‘secret questions’ used to validate your identity online, especially if they use personally-identifiable information as answers. Make up your own questions and answers, or use answers that are fictitious but memorable to you to prevent criminals from guessing their way into your online accounts.”
If nothing else this is certainly going to make Black Hat 2015 and the DefCon 23 hacker events, both of which are coming up next in Las Vegas, really interesting.
I guess I know what I will be doing today. Not sure how I feel anymore about electronic check-in when I fly. At least for the moment, however, all of my frequent flyer miles on various airlines are still accurate in all of my accounts and are hopefully not in a database in China along with my other personal information.
Find the original article here.