The data breach at United Airlines could reveal a lot about hacker motivation
This week, United Airlines has been the target of a data breach linked to a group of China-backed hackers.
The company detected an attack into its computer systems in May or early June. Among the data stolen are manifests, which include information on flights’ passengers and destinations. Investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists – including the theft of security-clearance records from the US Office of Personnel Management and medical data from health insurer Anthem Inc.
So what can we learn from the United Airlines data breach? Here’s what members of the It security industry had to say:
“The data breach at United Airlines shows the importance of properly protecting all kinds of sensitive company data. Reports indicate that flight manifests were amongst the items stolen during the breach, giving the hackers detailed passenger lists and flight destinations. It sounds like something out of a Hollywood film, but in reality it is extremely concerning for all air travellers to think that this kind of information is now being targeted, particularly when the motives behind it are unknown.
“To stay ahead of the cybercriminals and reinforce consumer confidence, businesses must prioritise data protection. Too many companies focus on prevention, malware detection and remediation capabilities instead of properly securing the data itself. If companies have the appropriate data protection technology installed in their environment, it can prevent it from being accessed or exfiltrated by malicious attackers such as those responsible for this breach.”
Philip Lieberman, president and CEO of Lieberman Software
“Perhaps United Airlines should reconsider its choice of technologies and vendors that provide controls for privileged access to their systems and databases. The US Government could also serve a useful purpose in providing appropriate consequences to the attackers and their assets. There seems to be little incentive for this attacker to stop these attacks.”
“As investigators identify fragments of evidence from these intrusions, they are not only finding needles in the haystack, but also the threads connecting these needles across some of the biggest breaches we have seen. Through this discovery they see these threads weave together to form a rather disturbing tapestry revealing patterns of a much more strategic and sophisticated attack than we could have imagined.
Ken Westin, senior security analyst at Tripwire
“If the evidence does reveal nexus points and attribution to a group, particularly a nation state, it would also reveal the disturbing motivation of the attackers. Instead of a campaign to breach a single entity, the goal was to compromise multiple disparate sets of data for the purposes of correlation. This correlation would allow the actors to develop targeted profiles of individuals in the United States, particularly those with security clearances, leading to one of the most devastating intelligence compromises we have seen to date.
“Identifying individuals with security clearances and linking that data to travel information is one example of how the combination of this type of data can be exponentially more damaging the individual data sets alone.”
Tim Erlin, director of security and product management at Tripwire
“If investigators are accurate in attributing these attacks to the same group, they have amassed a vast database of information that could be used for multiple purposes, from economic espionage to political gain. How they connect these data points together will determine the outcome, but it’s clearly not good for the United States.
“As is often the case early in a breach investigation, details on exactly how the attackers succeeded in penetrating United Airlines systems is unclear. It will likely be months before we know more, but it’s imperative that details are shared with other organizations so that we can collectively improve defenses.
“As we’ve seen with other breaches, attackers are often resident inside an organization’s network for months before being detected. It’s clear that standard detection tools are simply not performing or not implemented correctly. Large companies and government agencies need to take a critical look at how they can identify what’s changing in their environment, and assess how those changes affect their security posture and attack surface.
“The fact that this breach isn’t likely to require disclosure in most states, based on the current laws, should give the Whitehouse fuel to promote a national breach disclosure standard. There are few citizens who wouldn’t want to know if their data was included in this kind of breach.”
How much do you know about the world’s most famous hackers? Take our quiz!