Tech: Clinton wants to kick ISIS off Twitter; Chinese hackers hit United Airlines

30 Jul 2015 | Author: | No comments yet »

Chinese Hackers Undetected Inside United For A Year. Is World’s 2nd Biggest Airline Out of Control?.

Hillary Rodham Clinton is drawing a line in the sand when it comes to the Islamic State: She wants to kick them off Twitter. “We have got to shut down their Internet presence, which is posing the principal threat to us,” Clinton said during a campaign stop in Nashua, N.H., according to the Wall Street Journal. “Clinton was unequivocal that access to social media should be blocked,” the Journal wrote. “’You’ve got to look carefully at terrorist groups and criminal cartels and other illegal actors to figure out whether they can use the Internet to cause crimes, to cause harm, to wage terrorist attacks and we can’t just let that go on unabated,’ she said.” SPOT THE PATTERN: Investigators working with United Airlines to understand a cyberattack on the company earlier this year said the China-backed hackers behind the breach appear to be responsible for hacks at the Office of Personnel Management and Anthem, the health insurance company. “The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised,” Bloomberg News reports. “Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.” IN THE CLOUD: The White House has endorsed a petition to upgrade a law protecting consumer data in the cloud. On Tuesday the company reported a record quarterly profit that, nevertheless, was partially overshadowed by its own admission that unit revenues are so soft that it will have to rein in its planned second half capacity growth.United Airlines, the world’s second-largest airline by seat capacity, was the target of a group of Chinese hackers who were behind one of the largest breaches of government data in U.S. history. The Electronic Communications Privacy Act (ECPA) was written in 1986, before the cloud existed, Venture Beat reports. “The issue of cloud data ownership, and government access to data, has been heating up in the corridors of power over the past few months,” the outlet wrote. “As things stand now, the ECPA could allow law enforcement access to email or other data that is more than 180 days old without a warrant.

It’s also used by law enforcement to justify forcing U.S. companies to hand over data stored in overseas data centers, again, without a warrant.” It included flight manifests, which would have given the hackers access to information about what passengers were on which planes and where they were coming from and going to, Bloomberg reported. “These reports are based on pure speculation, and we can assure our customers that their personal information is secure. We remain vigilant in protecting against unauthorized access and use top advisors and best practices on cyber-security to maintain our effectiveness,” spokesman Luke Punzenberger said in an email. If it proves accurate, the amount of data amassed by the same group of hackers is staggering, and the potential for cross-referencing across different databases is endless.

After all, being hacked by the Chinese these days is becoming something of a badge of honor; sorta like “you ain’t nuthin’ ‘til the Chinese think you’re important enough to hack.” But there are bigger problems here for United. The airline in May announced a bug bounty program, rewarding security researchers who discover and disclose vulnerabilities in its websites, apps, and online portals. To be sure, there’s much to be concerned about in terms of what the Chinese potentially can do with the mountains of data they’re accumulating from their United hack, plus that from their growing number of hacks into U.S. government agencies and other commercial computer systems. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defence and intelligence, including those on the payrolls of contractors. The theft of airline information could be used to cross-check travel patterns for government and military officials, providing more clarity on the dealings of top American government staff members.

That data could be cross-referenced with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances. The program—”the first of its kind within the airline industry,” United boasted—specifically excludes bugs with onboard Wi-Fi, entertainment systems, or avionics. For United specifically, news of the Chinese hack follows by three weeks the second of two major disruptions of its passenger data and flight management computer system since June 1. In all, the China-backed team has hacked at least 10 companies and organisations, which include other travel providers and health insurers, says security firm FireEye.

Taken together, the three events (and other widely-publicized negative events in the past 12 months) paint a picture of a house in disorder at United. It doesn’t help that United officials keep offering up implausible and/or weak explanations for their problems and continue to ignore (at least publicly) the mounting evidence of a company that’s not in full control of itself.

The hackers could match international flights by Chinese officials or industrialists with trips taken by US personnel to the same cities at the same time, said James Lewis, a senior fellow in cybersecurity at the Centre for Strategic and International Studies in Washington. “You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” Lewis said. For example, the second disruption, they said, was the result of a “router failure.” Apparently they were hoping that we all would think “Oh yeah, I know how cranky my little plastic router at home can be” and give them a pass. Two additional people close to the probe, who like the others asked not to be identified when discussing the investigation, say the carrier has found no connection between the hack and a July 8 systems failure that halted flights for two hours. But a company the size of United ($39 billion in revenues in 2014), which has been 100 percent dependent upon technology to transact its business for more than 40 years, doesn’t use routers like those cheap units most of us use at home. Zhu Haiquan, a spokesman for the Chinese embassy in Washington, said in a statement: “The Chinese government and the personnel in its institutions never engage in any form of cyberattack.

We firmly oppose and combat any forms of cyberattacks.” United may have gotten help identifying the breach from US investigators working on the OPM hack. Rather, it was, no doubt, a very significant failure of software and/or hardware – precisely the kind of failure companies of the size and sophistication of United should NEVER experience. In May, the OPM investigators began drawing up a list of possible victims in the private sector and provided the companies with digital signatures that would indicate their systems had been breached. Analysts immediately blamed both recent outages on United Continental’s very rough, and unusually protracted merger integration following the 2010 marriage of the formerly bankrupt United to Continental Airlines (management of the smaller, but more successful Continental’s effetively took control of the combined enterprise).

Fair or not, those system outages make it seem as though United Continental’s management still doesn’t have its act entirely together five years after the merger was completed. Even if their main goal was data theft, state-sponsored hackers might seek to preserve access to airline computers for later use in more disruptive attacks, according to security experts. Worse, its unit revenue is expected to drop 5 percent to 7 percent in the third-quarter, typically the biggest and most important quarter of the year for airlines. The biggest culprit: an expected 9 percent to 11 percent drop in unit revenues on international routes, where economic weakness in Asia, by far United’s most important foreign market, is becoming a big drag.

United’s hub in energy industry-centric Houston also is feeling the impact of the big slowdown in the oil industry, offsetting some of the fuel price savings from which it, like all airlines, is benefitting. And the company’s announcement Tuesday of a $3 billion stock buy-back program that follows on the heels of a previous $1 billion buy-back, has upset labor leaders further.

A report last year from the Senate Armed Services Committee documented at least 50 successful hacks of the command’s contractors from June 2012 through May 2013. Additionally, in April the Federal Aviation Administration called out United for what it labeled “systemic” problems in the system the airline uses to qualify and schedule its pilots. Flight manifests usually contain the names and birth dates of passengers, but even if those files were taken, experts say that would be unlikely to trigger disclosure requirements in any of the 47 states with breach-notification laws. The theft by hackers of corporate secrets usually goes unreported, while the stealing of customer records such as Social Security numbers and credit cards is required in most states.

Here you can write a commentary on the recording "Tech: Clinton wants to kick ISIS off Twitter; Chinese hackers hit United Airlines".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site