back to article Chinese hackers behind OPM megabreach also pwned United Airlines

United Airlines was hacked by same Chinese group that also breached health insurer Anthem and the US government’s Office of Personnel Management (OPM). Hackers stole flight manifests from United Airlines in May or early June, exposing the names of people on many different flights in the process, after earlier making off with …

  1. Anonymous Coward
    Anonymous Coward

    United Airlines was hacked by same Chinese group that also breached health insurer Anthem and the US government’s Office of Personnel Management (OPM).

    [Citation needed]

    “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks,”

    [Citation definitely needed]

    1. as2003

      What are your sources? This is worse than the time The Times published that piece claiming Russia and China had obtained and decrypted the files Snowden stole. At least The Times attributed the story to anonymous "senior government sources".

  2. Anonymous Coward
    Anonymous Coward

    No surprise here

    When is the world going to wake up to the crims in China?

    1. Anonymous Coward
      Anonymous Coward

      Or, rather, ...

      when is the world going to wake up ...... and secure sensitive data properly?

      1. Daggerchild Silver badge

        Re: Or, rather, ...

        What, and deny workers their ability to view cat videos in Flash on the same tardily updated Windows machine that can access all of the company's fileservers, while sending binary objects needing massively overcomplex readers to any and all other employees without restriction?

    2. Daggerchild Silver badge
      Windows

      Re: No surprise here

      Fun as blaming China is, who did it isn't really relevant. The problem is that you can do it. That a person on the internet can get all of your secrets, maybe destroy you, by rattling on a keyboard while sitting at home eating pizza and scratching their arse.

      I have watched airgapped systems get wired together. I've watched private links become internet tunnels and vpns. Now I see commercial projects co-ordinated by Dropbox and internet messaging, and core operations go entirely, irrevocably into the Cloud.

      There are simply not enough hackers for the number of targets available, that's all protecting most people now. Machine learning should help solve that however. Popcorn anyone?

    3. The little voice inside my head

      Re: No surprise here

      Whatever happened to that "any cyberattack is an act of war?" Can't really prove the did it or don't want to, yet?

  3. Jim O'Reilly

    Hilary Clinton has the answer!

    Hilary may have decided to keep her email on her own server so she could "edit" her legacy, or perhaps it was just laziness or typical arrogance, but the real question is whether it was secure.

    If she applied all the safeguards big governrment secure operations use it was probably safe, but if, as is more likely, hilary.r@gmail.com had a password like "Chelsea" or "I8Monica" that never got changed, the Chinese probably read her email before she did.

    That's the real extent of what she did - not just being a bit naughty, but exposing America's privates to the world!

    1. Derpity
      Facepalm

      Re: Hilary Clinton has the answer!

      What does this article have to do with Clinton?

      1. Michael Wojcik Silver badge

        Re: Hilary Clinton has the answer!

        What does this article have to do with Clinton?

        Axe-grinding troll has axe to grind. That's sufficient motivation in itself.

    2. Daggerchild Silver badge

      Re: Hilary Clinton has the answer!

      Bless you. You assumed the US Government email network is more secure than a home email server and gmail ;-)

  4. Pascal Monett Silver badge

    Wait a minute

    "The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks"

    How can you combat something as technical as cyberattacks if you never engage in it ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Wait a minute

      Let's see, what's cheaper than sending them the mushroom or worldwide cyberwar? I know, use that undersea cable cutting sub and just disconnect China from the web!

  5. Mark 85

    I can understand only part of this...

    They* hacked United and OPM... that gives them or may give them an idea of who in the government is flying where. But Anthem is an odd choice unless they run the government's health insurance program.

    *Allegedly Chinese

    1. Anonymous Coward
      Anonymous Coward

      Re: I can understand only part of this...

      They do. Federal healthcare plans are contracted out to Anthem and others (Kaiser Permanente, etc.) You can see them all on OPM's website, by state.

      IIRC United are also one of the approved carriers for the US State Department, i.e. they have a contract to fly foreign service officers to and from their postings abroad.

      Now do you see why the (alleged) Chinese have completely owned us? The NSA spend their days tracking your cat pictures whilst the People's Army blow the doors off every member of the US intelligence community on the planet.

      1. Mpeler
        Coat

        Re: I can understand only part of this...

        Maybe they wanted to hack the

        .

        .

        .

        National Anthem....

      2. Mark 85

        Re: I can understand only part of this...

        Thanks for that info. I guess we should expect the other insurance companies to get tagged also.

        Oh yeah... I'm well aware they own us. Along with everyone else. I'm also suspecting that Chinese may have actually been behind the supposed Nork attacks since their Internet goes through China.

  6. The little voice inside my head

    Those scumbags are really clever

    It might just be a Chinese mafia doing the dirty work for the Chinese government. Or if the government was not involved at all, they might later "buy" the information from a "secret" source. Does it mean the Chinese gov was involved? No.

    “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks,” They just buy the outcome or confiscate for future analysis.

    1. Anonymous Coward
      Anonymous Coward

      Re: Those scumbags are really clever

      Or the Chinese government may have absolutely no involvement whatsoever. I see as many attacks against my servers from US IPs as I do Chinese/Russian. I've seen no evidence that the Chinese government was involved in 90% of the hacks attributed to them.

      Just because an attack comes from a Chinese/Russian address range, that doesn't automatically impy the government is involved anymore than attacks from US IPs imply the US government is involved.

  7. Gordon 10
    FAIL

    Correlation - Me Arse!

    I would think someone clever enough to pull off these attacks would be a little bit better at coming up with targets that overlap enough to make correlation worthwhile.

    Given the size of the Anthem attack there may be a good overlap with the OPM data - but UA flight manifests? Puleeassse. There have got to be better targets.

    This was either a separate attack for separate purposes or a different team altogether.

  8. Michael Wojcik Silver badge

    That adverb does not mean what you think it means

    “Identifying individuals with security clearances and linking that data to travel information is one example of how the combination of this type of data can be exponentially more damaging than individual data sets alone,” he added.

    Sure, you can draw an exponential curve through two points. You can draw any fucking curve1 you want through two points.

    People who use "exponentially" to mean "woah, dude, like, a lot more" are sloppy speakers, and likely sloppy thinkers as well.

    1Of at least two dimensions.

    1. Mpeler
      Gimp

      Re: That adverb does not mean what you think it means

      These are not the adverbs you are looking for...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like