United Airlines may be the latest victims of the Chinese hackers suspected to be behind breaches of major health insurers and government agencies. The world's second-largest airline detected an intrusion into its computer systems early this summer, Bloomberg reported in a story citing unnamed officials familiar with the investigation.
Asked about the Bloomberg story, a United Airlines spokesperson did not directly address whether the company had suffered a breach, but dismissed the story as "based on pure speculation" and said that customers' personal information is secure. "We remain vigilant in protecting against unauthorized access and use top advisors and best practices on cyber-security to maintain our effectiveness,” the company said in an e-mailed statement.
But if accurate, the Bloomberg report suggests that the airline's manifests were compromised -- meaning that the hackers would have their hands on information about passengers and their origins and destinations. Since United is a major contractor for U.S. government travel, experts say that could mean that a vast cache of information about the movements of specific government or military officials are now in the attackers' hands.
Some security experts and government officials believe the recent breaches at the Office of Personnel Management are linked to the Chinese government. While the United States has declined to point fingers at China, Director of National Intelligence James Clapper has called China the "leading suspect" in the OPM hacks. China has dismissed questions about its involvement.
Some researchers have linked the OPM intrusion to the same cyber espionage group that hacked health insurance giant Anthem, which is also thought to be the work of hackers associated with the Chinese government. The hackers appear to be targeting large caches of personal information to build a massive database of Americans' personal information, according to some experts.
If a group closely connected to the Chinese government was behind a breach at United, there are a number of ways that they could use that data, said Paul Tiao, a partner at law firm Hunton & Williams and former senior counselor for cybersecurity and technology to the FBI director.
First, there's the value of knowing how specific people in government and industry are moving around the world, he said. But there's also the possibility that information from United could be used to craft very targeted spear-phishing attacks -- personalized e-mails that appear legitimate and could trick a person into opening an e-mail or attachment that could compromise their systems so the attacker can gain additional information.
And if this is the same group thought to be responsible for other attacks, Tiao says, travel information could be a valuable addition to their data trove.
"Given the sort of immense data analytics now widely available, they can integrate that information -- synthesizing it to put together dossiers on key individuals featuring information from their personal lives, professional lives, medical lives, and their movements," he explained. That sort of information could also be potentially very damaging and be used to blackmail or target someone for more specific espionage, Tiao said.
United's role as a critical piece of the transportation sector may also raise additional concerns, Tiao said. Chinese hacking groups are thought to be particularly effective at moving from one network to another once they've found a way into a target's systems. And if hackers compromised United and were able to move from systems that handle things like flight records to networks that actually help keep planes up and running, that may put them in a position to be very disruptive, Tiao said.
Bloomberg quoted unnamed people familiar with the investigation that said the carrier had not found a connection between the breach and a July 8 glitch that grounded flights for two hours, but didn't rule out a possible "tangential connection" to a similar issue in June.