Hackers Eye American Airlines Travelers, Con Ubiquiti C-Suite, and Vandalize Trump’s Place Online

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

OPM Attackers Nabbed Data from American Airlines and Global Travel Booker Sabre

A crew of Chinese cyberspies connected to the hack of federal personnel records also allegedly infiltrated computers at American Airlines and Sabre Corp., a flight, car and hotel reservation processor.

Researchers also have said this same group is responsible for data breaches at health insurer Anthem and United Airlines detected over the past year.  

Sabre, a former American Airlines subsidiary, has said its central data bank holds records on more than a billion travelers per year across the world.

"American is investigating whether hackers moved from Sabre’s systems into its own computers," Bloomberg reports. "The carrier shares some network infrastructure with Sabre. 

Networking Manufacturer Ubiquiti Lost $46.7M after Falling for Elaborate Impersonation Scam

Digital bandits faked communications from executives at the firm by studying the company, and then tricked personnel through these communications into initiating unauthorized international wire transfers.

This gambit is known as “CEO fraud,” or the “business email compromise,” and is increasingly common among companies working with foreign suppliers and/or businesses that regularly wire payments.  

The attack against Ubiquiti, a maker of networking technology for service providers and enterprises, involved fraudulent requests from an outside entity targeting the company’s finance department.

Ubiquiti didn’t disclose the mechanics of the scheme, but “CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name,” KrebsOnSecurity.com reports.

Hackers Deface a Trump Website in Tribute to Jon Stewart

A Canadian group of activists is taking credit for a digital smackdown of GOP presidential contender Donald Trump.

The hacktivist organization, a collective called Telecomix, apparently compromised the content management system of Trump.com, according to the Register: “The CMS looks to be pretty basic and, to be perfectly honest, pretty awful. A cursory look at the source code for trump.com's main page reveals a number of attack points and directories that have been ‘cleverly’ obfuscated from standardized penetration toolkits by adding an underscore in front.”

The stunt occurred the week that comedian Jon Stewart was scheduled to retire from hosting the "Daily Show" on Comedy Central.

A statement that Telecomix posted to an online bulletin board explains the billionaire’s website was not damaged beyond the display of the ode to Stewart, but the hack should wake up Trump, who had lambasted the Obama administration for spending billions of dollars on the botched HealthCare.gov website.

The defacement was up for most of the workday Aug. 3. 

Chinese-Originated Hack Potentially Compromised UConn Research and Personal Data

University of Connecticut’s School of Engineering was the victim of a network intrusion that could have been going on for almost a year and a half.

In March, UConn's information technology department first detected malware on a number of servers part of the school's technical infrastructure.

According to UConn Today, the malware “potentially compromised data residing on these servers, including sensitive information pertaining to research and individual communications.”

The school is notifying about 200 research sponsors in government and industry, as well as determining how many other individuals need to be notified about a potential compromise of personal information, like credit card data and Social Security numbers, according to UConn Today.