OPM Hackers Allegedly Penetrated United Airlines Computers Too

Government Contractor // Transportation

Investigators have tied an attack against the airliner to a China-backed team they say is behind recently-disclosed hacks into U.S. security-clearance systems and federal insurance provider Anthem.

In May 2015, Office of Personnel investigators began drawing up a list of additional possible victims in the private sector and provided those firms with digital signatures that might indicate breaches of their systems. United Airlines was on that list.

"The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised," according to Bloomberg. 

The filched data includes manifests -- which lists information on flights’ passengers, origins and destinations. 

United is one of the biggest airline service providers to the federal government, making it a rich depository of data on the travel of American officials, military personnel and contractors. 

“You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies, tells Bloomberg “If you’re China, you’re looking for those things that will give you a better picture of what the other side is up to.”

The China-backed hackers often insert the name of their target in web domains, phishing e-mails and other attack infrastructure.

One web domain apparently set up for the United attack -- UNITED-AIRLINES.NET -- was established in April 2014. The domain was registered by a James Rhodes. That name is the alias of the character War Machine in Marvel Comics’ Iron Man. Security companies tracking the OPM hackers say they often use Marvel comic book references as a way to “sign” their attack.

Besides flight-related data, the hackers may also have taken business-sensitive information related to United’s mergers and acquisitions plans.