News

Chinese hackers attack United Airlines' security

The same group that attacked the US Office of Personnel Management (OPM) is thought to be responsible

31 Jul 2015

The group of Chinese hackers that attacked the US Office of Personnel Management (OPM) and medical insurer Anthem has now breached United Airlines' security, it is reported.

The hack happened in either May or early June according to Bloomberg, which spoke to people familiar with the matter, and involved infiltrating the airline's systems, possibly accessing information about the movements and personal details of passengers, including where they were flying from and destination.

If the hacks were all carried out by the same hacking group as investigators suspect, information could be compared to the details stolen from the government's personnel department and Anthem to create detailed profiles of citizens.

Additionally, United Airlines is the service used most by the US government, making it even more likely hackers could put two and two together with the banks of data they now hold.

"You're suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23," James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington. "If you're China, you're looking for those things that will give you a better picture of what the other side is up to."

A couple of weeks ago, United Airlines became the first US airline to offer a bug bounty programme, offering security researchers air miles if they uncover bugs or hacks in the company's systems. At the time, it has paid out twice, awarding those who discovered the security holes a million airmiles each.

It's not just security flaws and hacks that can cause great disruption to an airline like United. Earlier in July, flights were grounded by a computer glitch and in June, "automation issues" meant flights were unable to take off.