United Airlines: Chinese Hackers Breach Security Systems – Undetected For A Year

In the wake of United Airlines permanent IT issues, it was reported this week by Bloomberg (access their article here) that hackers with suspected ties to mainland China allegedly gained access to United’s ‘secure’ IT systems for illicit purposes.

UA737WPThe hack supposedly went undetected for about a year and was just recently discovered when U.S. investigators followed leads of another prominent breach concerning U.S. government personel.

United Airlines suffered an hour long computer outage early July (see CNN article here) that impacted almost 5,000 flights worldwide. No ties between the hack and this outage have so far been established.

Bloomberg reports that the stolen data includes passenger data, flight information and sensitive corporate information. The article goes on to assert that this hack is likely tied to Chinese intelligence which could be used to cross reference information obtained from other sources such as the aforementioned U.S. Office of Personnel Management. A spokesperson from the Chinese embassy in Washington D.C. denied these allegations.

United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists …

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation. …

Luke Punzenberger, a spokesman for Chicago-based United, a unit of United Continental Holdings Inc., declined to comment on the breach investigation. He said the company remains “vigilant in protecting against unauthorized access” and is focused on protecting its customers’ personal information.

There was another interesting and rather obscure information in the article that (despite the seriousness of the incident) made me smile.

There is evidence the hackers were in the carrier’s network for months. One web domain apparently set up for the attack — UNITED-AIRLINES.NET — was established in April 2014. The domain was registered by a James Rhodes, who provided an address in American Samoa.

James Rhodes is also the alias of the character War Machine in Marvel Comics’ Iron Man. Security companies tracking the OPM hackers say they often use Marvel comic book references as a way to “sign” their attack.


United Airlines’ operations and their IT are a disaster in and for itself but this could have likely hit any other airline as well. LoyaltyLobby has reported about various cases of hacks concerning airlines and loyalty programs in the recent months and these incidents seem to increase rather than decrease.

There is really no way a consumer can protect himself against such breaches other than using a secure passwords for their individual online accounts that can not be cross referenced. However, as soon as there is a sophisticated intrusion into the companies systems, all bets are off.