What the United Hack Tells Us About Cyber Threats in the Travel Industry

September 17, 2015 |
What the United Hack Tells Us About Cyber Threats in the Travel Industry (Thinkstock)

When it comes to cyber security, the US travel industry hasn’t had a great summer – in the last few months alone, we’ve learned of three successful hacking attempts against major airlines and their partners.

First of all, United Airlines – the world’s second-biggest airline – was breached in either May or early June, according to the anonymous sources who brought the story to Bloomberg the following month. A subsequent forensic investigation pinned the attack on the same China-backed hackers believed to have stolen millions of records from the US Office of Personnel Management (OPM) and health insurer Anthem.

Barely a week later, it was reported that American Airlines – the world’s biggest airline – had been the target of a similar intrusion, again the work of state-sponsored actors in China. And it emerged that Sabre, a travel and hotel booking company, had suffered the same type of cyberattack.

Why is China collecting masses of data from these organizations? As I said in my previous blog, their motive may be to create an extensive database of US officials’ personal information and movements to identify US intelligence officers and their human assets in China and around the world. However, security researchers have pointed out that an adversary could just as easily have altered or deleted data to disrupt their operations and cause chaos for the millions of passengers they transport annually.

In a world where terrorists, nation-states, and sophisticated criminals are all interested in using cyber weapons to achieve their financial and strategic objectives, this isn’t the kind of data breach we can just shrug our shoulders about.

But what else do the United and American Airlines hacks tell us about cyber threats in the travel industry?

Airlines, Too, Need to Act to Improve Security

To date, only a small amount of intelligence has surfaced on the United and American Airlines hacks. We don’t know what data was targeted, how much of it was stolen, or how the hackers got into their networks in the first place. It’s safe to assume, however, that both companies could have done more to protect themselves against attacks.

This is evident from a number of insider reports. Perhaps the least shocking observation overall is that United’s hackers were apparently inside the airline’s network undetected for more than a year, with the earliest evidence of the attack dating back to April 2014. We have seen from various reports and surveys that sophisticated adversaries are breaching networks and remaining undetected for months on average.

Moreover, a source said one of the “chief tasks” of the forensic investigation has been to identify any remaining backdoors into the network – something that suggests United is still far from establishing where its vulnerabilities lie and where security needs to be improved.

The China-backed hackers understood to have carried out the three attacks have an impressive track record – 80 million records were stolen in the Anthem data breach, while 20 million were seized from the OPM. According to some experts, however, they’re not actually all that sophisticated. Speaking to Bloomberg after the American hack, Brendan Conlon – a former NSA deputy chief for integrated cyber operations – said it would have taken “five or six people tops” to pull off one of these attacks.

The travel industry – much like other organizations that have experienced cyberattacks need to accept that the threat landscape is changing quickly. Hackers have progressed from individuals looking to steal information for personal gain to Nation-states looking to steal government secrets and corporate data and intellectual property.

Everyone should be looking at their security practices and systems to ensure that that are able to keep pace with the evolving threats that exist today. Network defenders must assume that they will get breached and take steps to better manage privileged user accounts, limit third-party access, and harden their most sensitive assets to reduce the impact and footprint of a breach to limit threats to their business, reputation and, in the case of the airlines, their passengers’ well-being.

Learn more about Cryptzone’s dynamic, context aware solutions for providing secure access to network services and layered data security.

Back to Blog Home

Leo Taddeo

Leo Taddeo
Chief Security Officer

Leo Taddeo is the Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, application and content security solutions. Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI’s New York Office, is responsible for analyzing the cybersecurity market to help shape Cryptzone’s vision for security solutions. Taddeo provides deep domain insight into the techniques, tactics and procedures used by cybercriminals, to help Cryptzone continue to develop disruptive solutions that enable customers to defend against advanced threats and breaches.

Prior to Cryptzone, Taddeo led more than 400 agents and professional support staff in cyber investigations, surveillance operations, information technology support and crisis management for the FBI. He oversaw high profile cases, including Silk Road, Blackshades and JP Morgan.

Previously, Taddeo served as a Section Chief in the International Operations Division, where he managed FBI operations in Africa, Asia and the Middle East. Taddeo has held various roles of increasing responsibilities in the field, including supervising a joint FBI/New York City Police Department Joint Terrorism Task Force and serving as the Legal Attaché in Rome, Italy.

After receiving his degree in applied physics from Rensselaer Polytechnic Institute in 1987, Taddeo served as a tank officer in the U.S. Marine Corps. In 1991, he was awarded a Purple Heart and Bronze Star Medal for valor for service in the Gulf War. Taddeo then earned a Juris Doctor from St. John’s University and joined the New York law firm of Mound, Cotton & Wollan, where he practiced civil litigation until entering the FBI.

Taddeo is a graduate of the CISO Executive Program at Carnegie Mellon University. He also maintains the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler certifications.

Leave a Reply

Your email address will not be published. Required fields are marked *