The First Lie About the IRS Hack Gets Some Truth?

Posted on August 18, 2015August 18, 2015 by Denise Simon

Social security numbers are the basis and entry point to hack when it comes to the cyber intrusion into the IRS. Given the software platform the IRS uses, which is outdated completely, there are warnings there could be more intrusions.

IRS Hack Far Worse Than First Thought

USAToday:

SAN FRANCISCO — A hack of the Internal Revenue service first reported in May was nearly three times as large as previously stated, the agency said Monday.

Thieves have accessed as many as 334,000 taxpayer accounts, the IRS said.

In May, the IRS reported that identity thieves were able to use the agency’s Get Transcript program to get personal information about as many as 114,000 taxpayers.

On Monday, the IRS said an additional 220,000 accounts had also been hacked. In all, 334,000 accounts were accessed, though whether information was stolen from every one of them is not known.

The hackers made use of an IRS application called Get Transcript, which allows users to view their tax account transactions, line-by-line tax return information or wage and income reported to the IRS for a specific tax year.

To enter the Get Transcript system, the user must correctly answer multiple identity verification question.

The hackers took information about taxpayers acquired from other sources and used it to correctly answer the questions, allowing them to gain access to a plethora of data about individual taxpayers.

The Get Transcript service was shut down in May.

Hackers love authentication-based systems because it’s very difficult to distinguish between “the good guys and the bad guys” when someone is trying to get in, said Jeff Hill of STEALTHbits Technologies, a cyber security company.

“Here we have a case where a successful authentication-based attack was discovered in May, and yet the IRS is still unclear of the extent of the breach’s damage months later. Even now, how confident is the IRS they fully understand the extent of the attack completely, or should we expect yet another shoe to drop in the coming weeks?” Hill said.

Notification of the increased number of hacked accounts came Monday.

In a statement the agency said, “as part of the IRS’s continued efforts to protect taxpayer data, the IRS conducted a deeper analysis over a wider time period covering the 2015 filing season, analyzing more than 23 million uses of the Get Transcript system.”

That analysis revealed an additional 220,000 accounts had also potentially been accessed.

In addition to accounts the hackers were successfully able to access, the IRS disclosed hack attempts that didn’t succeed. There were 111,000 attempts on accounts disclosed in May and 170,000 disclosed on Monday, for a total of 281,000 of accounts where the hackers “failed to clear the authentication processes,” the agency said.

Taxpayers whose information was potentially breached will get letters in the mail from the IRS in the coming days.

They will also get access to free credit protection and Identity Protection PINs, the IRS said in a statement.

Taxpayers Fleeced

1/2 TRILLION spent on IT upgrades, but IRS, Feds still use DOS, old Windows

Examiner: President Obama’s team has spent more than a half trillion dollars on information technology but some departments, notably the IRS, still run on DOS and old Windows, which isn’t serviced anymore, according to House chairman.

“Since President Obama has taken office, the federal government has spent in excess of $525 billion dollars on IT. And it doesn’t work,” said Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee.

In an address to the centrist Ripon Society, Chaffetz suggested that the slow change of the federal government’s IT led to the recent and historic hack of personal data of millions of current and former federal workers, including CIA and other clandestine employees.

“The IRS still uses the DOS operating system. You have a Patent office that just got Windows 97. They don’t even service Windows 97 anymore. And yet they just got it. So the procurement process is really, really broken in this regard,” he added.

Chaffetz also offered to praise for Obama’s pick to head the Office of Personnel Management, home to the massive computer hack.

Refugee, Spy, Hacker, Thief Problems with China?

Posted on August 16, 2015August 16, 2015 by Denise Simon

Not just in the United States, but add Canada as well. Seems there could be many moving parts to this and many questions. Apparently this is a big enough issue that Barack Obama dispatched one of his pesky sternly worded letters to China.

Operation Fox Hunt

Obama Administration Warns Beijing About Covert Agents Operating in U.S.

NYT: WASHINGTON — The Obama administration has delivered a warning to Beijing about the presence of Chinese government agents operating secretly in the United States to pressure prominent expatriates — some wanted in China on charges of corruption — to return home immediately, according to American officials.

The American officials said that Chinese law enforcement agents covertly in this country are part of Beijing’s global campaign to hunt down and repatriate Chinese fugitives living abroad and, in some cases, recover allegedly ill-gotten gains. The Chinese government has officially named the effort Operation Fox Hunt.

The American warning, which was delivered to Chinese officials in recent weeks and demanded a halt to the activities, reflects escalating anger in Washington about intimidation tactics used by the agents. And it comes at a time of growing tension between Washington and Beijing on a number of issues: from the computer theft of millions of government personnel files that American officials suspect was directed by China, to China’s crackdown on civil liberties, to the devaluation of its currency.

Those tensions are expected to complicate the state visit to Washington next month by Xi Jinping, the Chinese president.

The work of the agents is a departure from the routine practice of secret government intelligence gathering that the United States and China have carried out on each other’s soil for decades. The Central Intelligence Agency has a cadre of spies in China, just as China has long deployed its own intelligence operatives into the United States to steal American political, economic, military and industrial secrets.

In this case, American officials said, the Chinese agents are undercover operatives with the Ministry of Public Security, China’s law enforcement branch charged with carrying out Operation Fox Hunt.

The campaign, a central element of Mr. Xi’s wider battle against corruption, has proved popular with the Chinese public. Since 2014, according to the Ministry of Public Security, more than 930 suspects have been repatriated, including more than 70 who have returned this year voluntarily, the ministry’s website reported in June. According to Chinese media accounts, teams of agents have been dispatched around the globe.

American officials said they had solid evidence that the Chinese agents — who are not in the United States on acknowledged government business, and most likely are entering on tourist or trade visas — use various strong-arm tactics to get fugitives to return. The harassment, which has included threats against family members in China, has intensified in recent months, officials said.

The United States has its own history of sending operatives undercover to other nations — sometimes under orders to kidnap or kill. In the years after the Sept. 11 terrorist attacks, the C.I.A. dispatched teams abroad to snatch Qaeda suspects and spirit them either to secret C.I.A prisons or hand them over to other governments for interrogation.

Both China’s Ministry of Public Security and the Ministry of Foreign Affairs did not respond to faxes requesting comment. But Chinese officials have often boasted about their global efforts to hunt economic fugitives, and the state media has featured reports detailing the aims and successes of Operation Fox Hunt. Many more details here.

Add in Canada

Chinese police run secret operations in B.C. to hunt allegedly corrupt officials and laundered money

Chinese police agents have been conducting secret operations in Canada — a top destination for allegedly corrupt officials — seeking to “repatriate” suspects and money laundered in real estate.

Vancouver city officials will not comment on co-operation with Chinese agents in “Operation Fox Hunt,” or on suspects pointed to by Chinese news services.

Xinhua news agency reported that while China does not have extradition treaties with Canada, the United States and Australia — the three top destinations for corruption suspects — in 2013 Canada and China signed an agreement to share assets connected to corruption.

Starting in 2014, Chinese agents came to Canada and other countries, Xinhua reported.

The Province found indications in various data sources of large wealth allegedly misappropriated in China and invested in condo and commercial developments and private residences in and around Vancouver.

Also, according to The Province’s review of data posted by the International Consortium of Investigative Journalists, there are a number of offshore shell companies linked to addresses in Vancouver, West Vancouver and Richmond, with connections to Mainland China.

City Manager Penny Ballem was asked if Vancouver officials are taking any actions against money laundering.

“In terms of corruption and money laundering, I can tell you in my conversations with (Vancouver Police Chief) Jim Chu, and the provincial solicitor general, these things are always a challenge for all levels of government,“ Ballem said. “If you want any hard information, you need to talk to Jim Chu.” Many more details of course are here.

France is helping as well?

France offers to help China catch fugitives in Operation Fox Hunt

China to send French authorities a list of suspects wanted for economic crimes

***

Why could they also be hackers?

In part: Aliya Sternstein, writing in the August 13, 2015 edition of NextGov.com, notes that the “malicious code the Russians reportedly used to jimmy open a White House network, was also reportedly used by Chinese hackers to rupture Anthem’s network, — and, the malware was free.” Ms. Sternstein adds that “the [malicious ] worms were delivered the same way, via phishing emails that looked legitimate; but, actually baited recipients into opening a malicious file.”

“The hackers’ success in each case — underscores how conventional hacking techniques still work against skilled professionals at high-security organizations,” said Patrick Belcher, a Director at the cyber security firm, Invincea. Mr. Belcher co-wrote a paper detailing the initial penetrations at the White House and Anthem,” Ms. Sternstein noted. “These aren’t just any dumb users,” Belcher said. “The top-notch security professionals failed in their jobs not to open suspicious email links.”

“At Anthem, a bogus message in December 2014, tricked the recipient to install what appeared to be an authentic Citrix software update that was really an infected file,” according to past research, Ms. Sternstein wrote. And, last fall, “at the White House, a video of a 2007 Super Bowl ad for CareerBuilder.com ad floated around that showed chimpanzees running a corporation and tormenting their human employee,” according to F-Secure. A State Department email account reportedly was the source of the phishing email that landed at the White House,” NextGov.com noted.

Why could they be spies?

Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”

Emissary Panda group penetrated the networks of industrial espionage targets.

In part from Arstechnica LAS VEGAS—Today at the Black Hat information security conference, Dell SecureWorks researchers unveiled a report on a newly detected hacking group that has targeted companies around the world while stealing massive amounts of industrial data. The majority of the targets of the hacking group were in the automotive, electronic, aerospace, energy, and pharmaceutical industries. The group, believed to be based in China, has also targeted defense contractors, colleges and universities, law firms, and political organizations—including organizations related to Chinese minority ethnic groups.

Designated as Threat Group 3390 and nicknamed “Emissary Panda” by researchers, the hacking group has compromised victims’ networks largely through “watering hole” attacks launched from over 100 compromised legitimate websites, sites picked because they were known to be frequented by those targeted in the attack.

At least 50 organizations in those industries in the US and the United Kingdom had data stolen by members of Emissary Panda. Sites targeted included the website of the Embassy of the Russian Federation in the US (as well as those of other embassies and non-governmental organizations); government agency websites around the world; manufacturing companies, many of whom were suppliers to defense contractors; and the Spanish defense manufacturer Amper. A cultural site for the Chinese Uyghur ethnic group was also used, apparently to target members of the Muslim minority for surveillance.

No zero-day vulnerabilities were used to breach targeted networks, instead “the group relied on old vulnerabilities such as CVE-2011-3544“—a near-year-old Java security hole—”and CVE-2010-0738 to compromise their targets,” Dell SecureWorks’ researchers reported. The group used a number of tools common to other Chinese hacking groups, but they had a few unique tools of their own with interfaces developed for Standard (Simplified) Chinese. One of these is the PlugX remote access tool, “a notorious piece of malware linked to a number of attacks and to another Threat Group, which researchers believe is also likely based out of China,” according to Dell SecureWorks researchers. It also appears the group used China’s Baidu search engine to perform reconnaissance on targets.

POTUS Far From Lame Duck, Progressive ‘To-Do’ Items

Posted on August 1, 2015August 1, 2015 by Denise Simon

The arrogance of Barack Obama continues. Just a week ago, he declared he could win a third term if he ran again.

“I actually think I’m a pretty good President. I think if I ran, I could win. But I can’t,” Obama ad-libbed during a speech in Ethiopia. “There’s a lot that I’d like to do to keep America moving. But the law is the law, and no person is above the law, not even the president.”

So imagine how blindsided America is about to be from now until January 2017. What more is planned? Normalizing relations with Bashir al Assad? Normalizing relations with North Korea? Suspending Border Patrol operations completely? Federalizing all national banks? Imposing more agency regulations on Americans and business? Making all interstate roads toll roads?

Lack of imagination now could prevent you from being prepared. Consider other countries that don’t impose government tyrannical policies and have a better competing edge. Cutting military personnel to roving 4 day work weeks? Replacing Ruth Bader Gingsberg on the Supreme Court with Cass Sunstein? Bailing out the City of Chicago to the tune of $7 billion?

Let us start with what is coming almost immediately.

Obama’s big climate rule ready for Monday launch

Politico: Supporters say they plan to be at the White House for the announcement of an EPA rule that will take on power plants’ pollution.

President Barack Obama is poised to push ahead with the nation’s most ambitious environmental regulation in decades — a crackdown on power plants’ greenhouse gas emissions that the administration hopes will put the U.S. in striking distance of achieving a global agreement to combat climate change.

Environmentalists supporting the rule say they plan to be at the White House for a Monday afternoon announcement that they hope will feature the president himself, as part of what’s shaping up to be a major sales pitch both within and outside the administration. Allies including Virginia environmental groups, elected officials and green-minded business groups have also scheduled media calls for 3 p.m. Monday to react to the news.

The White House has not confirmed the timing of the announcement.

The regulation is expected to ease up on a few of the most controversial provisions that the Environmental Protection Agency included in its draft proposals in the past two years. But it will still set up a years-long legal and political battle with congressional Republicans and other opponents, who call it the major weapon in Obama’s “War on Coal,” and it promises to become a major point of contention for the 2016 presidential race.

The regulation also puts a capstone on Obama’s efforts to secure a legacy as the president who made a serious assault on global warming, without waiting for action from Congress — though he will have to depend on his successors to carry it through. States will also play a big role, with six governors so far indicating they won’t comply with EPA’s mandates.

Environmentalists, who have been pressing for Obama to announce the rule personally, call it a crucial first step in cutting the pollution that scientists blame for boosting the Earth’s temperatures and lifting sea levels. But they say far steeper cuts will still be needed if the world is to avoid the worst effects of climate change.

“This is a huge part of the president’s commitment to reducing greenhouse gases,” said Carol Browner, Obama’s first-term climate czar, who left the White House several months after the administration’s attempt at comprehensive climate legislation failed in 2010. “He has viewed the issue of climate change as something he has responsibility for under the law — the moral and ethical responsibility domestically, but also globally.”

Opponents vow that the rule will not stand. “We believe it’s legally deficient on a number of fronts and believe it’s going to have a terrible impact on citizens across the country,” said West Virginia Attorney General Patrick Morrisey, one of several plaintiffs who won a Supreme Court victory this summer over an EPA mercury rule.

Future legal challenges against the climate rule are also likely to end up in front of the Supreme Court.

The broad strokes of the rule are expected to match the drafts that EPA has issued over the past two years: By 2030, existing power plants will have to put out an average of 30 percent less carbon dioxide than they did in 2005 — a goal the U.S. is about halfway to meeting. And the rule effectively bars the construction of new coal-fired power plants, the biggest source of carbon pollution in the U.S.

Together, the requirements would change the way the U.S. produces and uses electricity, continuing an ongoing wave of coal-plant shutdowns while offering legs up to natural gas, solar, wind and maybe nuclear.

For people closely following the rule, the major questions concern how much the final rule will differ from what EPA originally proposed in September 2013 and last June. Sources have said EPA will roll back an interim pollution-cutting deadline that states and power companies attacked as unworkable, to 2022 from 2020. The agency is also expected to abandon its proposal to require future coal-burning plants to capture and store their carbon pollution, an expensive mandate that opponents said would be vulnerable in court because it violates a 2005 energy law.

States are also expected to get an extra year to submit their compliance plans to EPA — 2018 instead of 2017.

Other potential changes could include making it easier for nuclear power plants and their carbon-free emissions to count toward meeting states’ cleanup targets, changing the way that energy-efficiency initiatives are included in calculating states’ reduction goals, and altering the way that EPA’s formulas treat green energy that is produced in one state but sold in another.

And EPA could tweak the complicated formulas that set widely varying cleanup targets for each state, which in last year’s draft ranged from cuts of 11 percent for North Dakota to 72 percent for Washington state. The raw numbers don’t necessarily reflect the degree of difficulty: Washington, for instance, could meet most of its goal by closing one coal plant that’s already scheduled for retirement, EPA has said.

The costs of the rule will be big — but so will the benefits, the administration contends. Last summer, EPA estimated that the portion dealing with existing power plants would bring $55 billion to $93 billion in economic benefits, compared with $7.3 billion to $8.8 billion in costs to the economy.

But EPA’s critics note that the rule comes amid troubling financial times for the coal industry, and might even arrive on the same day that a major coal producer — Virginia-based Alpha Natural Resources — is expected to file for bankruptcy protection. That follows several other high-profile coal company bankruptcy filings.

Environmental regulations like the carbon rule and a forthcoming Interior Department rule meant to protect Appalachian streams are only part of the reason coal has dropped from nearly 50 percent of the nation’s electricity in 2005 to 39 percent last year. Inexpensive natural gas, which burns more cleanly than coal does, has taken a greater share of the market. And in some regions, coal deposits are becoming increasingly more difficult and less economical to mine.

Meanwhile, Obama’s earlier attempts to tackle climate change have struggled too. The House passed a cap-and-trade bill in 2009, but it died in the Senate the following year despite the Democrats holding a large majority. The president also stumbled with an anticlimactic 2009 climate summit in Copenhagen, Denmark. But he revived climate change as a theme late in his 2012 reelection campaign, declaring that “climate change is not a hoax,” and in his second inaugural address, in which he said failing to take on the threat “would betray our children and future generations.”

The credibility of those promises will be at stake in December, when negotiators the U.S. and other nations gather in Paris to try to reach a global climate agreement.

The final rule is also timed for maximum momentum to take advantage of the final year and a half of Obama’s time in office. Litigation over the rule is likely to last through this decade and potentially into the 2020s, making the winner of the 2016 presidential race a key figure in Obama’s climate legacy.

While it remains unclear just how far a Republican president could roll back the regulation, all sides agree a GOP White House would spell significant trouble for the carbon rule. The GOP field of 2016 candidates opposes the rule: Wisconsin Gov. Scott Walker said it is “unworkable,” while former Florida Gov. Jeb Bush has called it “irresponsible and ineffective.”

Meanwhile, Democratic front-runner Hillary Clinton has pledged to protect the rule, while it garnered praise from rival Martin O’Malley and Bernie Sanders has called for even further climate action.

Every U.S. Corporation Hacked by China

Posted on July 30, 2015July 30, 2015 by Denise Simon

From the Former NSA Director McConnell via CNN:

“The Chinese have penetrated every major corporation of any consequence in the United States and taken information,” he said. “We’ve never, ever not found Chinese malware.”
He said the malware lets Chinese spies extract information whenever they want. McConnell, who also led the NSA from 1992 until 1996, continues to investigate hacks as a high-ranking adviser to Booz Allen Hamilton (BAH).
He listed victims he has come across during his investigations: U.S. Congress, Department of Defense, State Department (which is currently dealing with Russian hackers) and major corporations.
The U.S. government has said it has caught Chinese spies stealing blueprints and business plans. Last year, federal prosecutors took the unprecedented step of filing formal criminal charges against five Chinese government spies for breaking into Alcoa (AA), U.S. Steel Corp. (X), Westinghouse and others.

Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets

A secret NSA map obtained exclusively by NBC News shows the Chinese government‘s massive cyber assault on all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military.

The map uses red dots to mark more than 600 corporate, private or government “Victims of Chinese Cyber Espionage” that were attacked over a five-year period, with clusters in America’s industrial centers. The entire Northeast Corridor from Washington to Boston is blanketed in red, as is California’s Silicon Valley, with other concentrations in Dallas, Miami, Chicago, Seattle, L.A. and Detroit. The highest number of attacks was in California, which had almost 50.

Each dot represents a successful Chinese attempt to steal corporate and military secrets and data about America’s critical infrastructure, particularly the electrical power and telecommunications and internet backbone. And the prizes that China pilfered during its “intrusions” included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems, according to intelligence sources.

The map was part of an NSA briefing prepared by the NSA Threat Operations Center (NTOC) in February 2014, an intelligence source told NBC News. The briefing highlighted China’s interest in Google and defense contractors like Lockheed Martin, and in air traffic control systems. It catalogued the documents and data Chinese government hackers have “exfiltrated” — stolen — from U.S. corporate, government and military networks, and also listed the number and origin of China’s “exploitations and attacks.”

The map suggests that NSA has been able to monitor and assess the Chinese cyber espionage operations, and knows which specific companies, government agencies and computer networks are being targeted.

The NSA did not immediately respond to repeated requests for comment.

The China Hack of United Airlines, Electronic Insurgency

Posted on July 29, 2015July 29, 2015 by Denise Simon

Warning corporations, industry and government entities is one thing, action and protection and or declaration of a cyber war is yet another.

July 2015:

Aspen Institute: Cyber warfare is one of the most potent security threats the United States faces, National Security Agency Director and Commander of the US Cyber Command General Keith Alexander told the crowd at the Aspen Security Forum in Aspen, discussing in conversation with NBC News Correspondent Pete Williams the nature of the threat and how his department is working to address it.
With the Stuxnet, Duqu, and Flame viruses in the fore of the public consciousness, Alexander took pains to point out that nation-states were not the only potential cyber actors. Citing power and water grids as his chief concerns, he said, “Somebody who finds vulnerability in our infrastructure could cause tremendous problems. They could erase the Input/output of a system so it can’t boot, and would have to be replaced. And these capabilities are not only nation-state-only capabilities.”

Alexander assessed the US’ readiness to confront such an attack as a three on a scale of ten, calling lack of adequately trained cyber defense forces the critical impediment to greater preparedness. “Our issue isn’t [having the tools] to address the threat,” he said. “It’s having the capacity, and building and training cyber forces. We have a big requirement, and a small force that is growing steadily.”

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

Bloomberg:

The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.

United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.

It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.

That data could be cross-referenced with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances. In all, the China-backed team has hacked at least 10 companies and organizations, which include other travel providers and health insurers, says security firm FireEye Inc.

Tracking Travelers

The theft of airline records potentially offers another layer of information that would allow China to chart the travel patterns of specific government or military officials.

United is one of the biggest contractors with the U.S. government among the airlines, making it a rich depository of data on the travel of American officials, military personnel and contractors. The hackers could match international flights by Chinese officials or industrialists with trips taken by U.S. personnel to the same cities at the same time, said James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington.

“You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” Lewis said. “If you’re China, you’re looking for those things that will give you a better picture of what the other side is up to.”

Computer Glitches

The timing of the United breach also raises questions about whether it’s linked to computer faults that stranded thousands of the airline’s passengers in two incidents over the past couple of months. Two additional people close to the probe, who like the others asked not to be identified when discussing the investigation, say the carrier has found no connection between the hack and a July 8 systems failure that halted flights for two hours. They didn’t rule out a possible, tangential connection to an outage on June 2.

Luke Punzenberger, a spokesman for Chicago-based United, a unit of United Continental Holdings Inc., declined to comment on the breach investigation.

Zhu Haiquan, a spokesman for the Chinese embassy in Washington, said in a statement: “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks.”

Embedded Names

United may have gotten help identifying the breach from U.S. investigators working on the OPM hack. The China-backed hackers that cybersecurity experts have linked to that attack have embedded the name of targets in web domains, phishing e-mails and other attack infrastructure, according to one of the people familiar with the investigation.

In May, the OPM investigators began drawing up a list of possible victims in the private sector and provided the companies with digital signatures that would indicate their systems had been breached. United Airlines was on that list.

Safety Concerns

In contrast to the theft of health records or financial data, the breach of airlines raises concerns of schedule disruptions or transportation gridlock. Mistakes by hackers or defenders could bring down sensitive systems that control the movement of millions of passengers annually in the U.S. and internationally.

Even if their main goal was data theft, state-sponsored hackers might seek to preserve access to airline computers for later use in more disruptive attacks, according to security experts. One of the chief tasks of the investigators in the United breach is ensuring that the hackers have no hidden backdoors that could be used to re-enter the carrier’s computer systems later, one of the people familiar with the probe said.

United spokesman Punzenberger said the company remains “vigilant in protecting against unauthorized access” and is focused on protecting its customers’ personal information.

There is evidence the hackers were in the carrier’s network for months. One web domain apparently set up for the attack — UNITED-AIRLINES.NET — was established in April 2014. The domain was registered by a James Rhodes, who provided an address in American Samoa.

James Rhodes is also the alias of the character War Machine in Marvel Comics’ Iron Man. Security companies tracking the OPM hackers say they often use Marvel comic book references as a way to “sign” their attack.

Targeting Pentagon

This isn’t the first time such an attack has been documented. Chinese military hackers have repeatedly targeted the U.S. Transportation Command, the Pentagon agency that coordinates defense logistics and travel.

A report last year from the Senate Armed Services Committee documented at least 50 successful hacks of the command’s contractors from June 2012 through May 2013. Hacks against the agency’s contractors have led to the theft of flight plans, shipping routes and other data from organizations working with the military, according to the report.

“The Chinese have been trying to get flight information from the government; now it looks as if they’re trying to do the same in the commercial sector,” said Tony Lawrence, a former Army sergeant and founder and chief executive officer of VOR Technology, a Columbia, Maryland-based cybersecurity firm.

It’s unclear whether United is considering notifying customers that data may have been compromised. Punzenberger said United “would abide by notification requirements if a situation warranted” it.

The airline is still trying to determine exactly which data was removed from the network, said two of the people familiar with the probe. That assessment took months in the OPM case, which was discovered in April and made public in June.

M&A Strategy

Besides passenger lists and other flight-related data, the hackers may also have taken information related to United’s mergers and acquisitions strategy, one of the people familiar with the investigation said.

Flight manifests usually contain the names and birthdates of passengers, but even if those files were taken, experts say that would be unlikely to trigger disclosure requirements in any of the 47 states with breach-notification laws.

Those disclosure laws are widely seen as outdated. The theft by hackers of corporate secrets usually goes unreported, while the stealing of customer records such as Social Security numbers and credit cards is required in most states.

“In most states, this is not going to trigger a notification,” said Srini Subramanian, state government leader for Deloitte cyber risk services.