Category Archives: NSA Spying

Microsoft and Their $100 BILLION Offshore

Posted on by

While some domestic corporations do maintain headquarter offices in the United States, their money is often elsewhere to avoid the destructive tax code. But does Microsoft get an official pass or waiver from the Obama administration?

In September of 2014, Obama and Jack Lew at Treasury took decisive action.

Washington Post: The Obama administration took action Monday to discourage corporations from moving their headquarters abroad to avoid U.S. taxes, announcing new rules designed to make such transactions significantly less profitable.

The rules, which take effect immediately, will not block the practice, and Treasury Secretary Jack Lew again called on Congress to enact more far-reaching reforms. But in the meantime, he said, federal officials “cannot wait to address this problem,” which threatens to rob the U.S. Treasury of tens of billions of dollars.

“This action will significantly diminish the ability of inverted companies to escape U.S. taxation,” Lew told reporters. “For some companies considering deals, today’s action will mean that inversions no longer make economic sense.

“These transactions may be legal, but they’re wrong,” he added. “And the law should change.”

Tax analysts praised the new regulations, saying they will make it much harder for U.S. firms to bring cash earned abroad back to the United States tax-free — a major incentive in the relocations known as tax “inversions.” It was not immediately clear, however, whether the new rules would be sufficient to head off a wave of inversions expected to cascade over the American landscape in the weeks before the Nov. 4 midterm congressional elections.

Microsoft’s Offshore Profit Pile Surges Past $100 Billion Mark

Microsoft Corp.’s stockpile of offshore profits rose to $108 billion, with a 17 percent increase over the past year as the company continues reaping profits in low-tax foreign jurisdictions.

The company crossed the $100 billion mark, making it just the second U.S. corporation — after General Electric Co. — to do so, according to a securities filing July 31. Apple Inc. has more cash abroad than Microsoft, but it already has assumed for accounting purposes that it will pay tax on some of the stockpile and thus has less than $70 billion offshore that would affect earnings directly if repatriated.

What’s keeping Microsoft’s cash abroad is the U.S. tax code. The company would be required to pay the difference between its foreign taxes and the 35 percent U.S. corporate tax rate if it brought the money home.

To get its $108.3 billion back, Microsoft would have to pay the U.S. $34.5 billion in taxes. That equals a 31.9 percent rate, which suggests that the company has paid as little as 3.1 percent in taxes on its foreign income, because of operations in low-tax Ireland, Singapore and Puerto Rico.

The Internal Revenue Service and Microsoft are in the midst of an intense legal battle over the company’s transfer pricing, or intracompany transactions. The federal government is auditing the company’s returns as far back as 2004, and Microsoft has challenged the government’s hiring of outside lawyers.

Peter Wootton, a spokesman for Microsoft, declined to comment.

Repatriating Profits

Under current law, U.S. companies owe the full 35 percent rate on profits they earn around the world, but they don’t have to pay the U.S. until they repatriate the profits. That gives companies an incentive to book profits overseas and leave them there, and that’s just what they’ve done.

U.S. companies have more than $2 trillion amassed outside the U.S., according to a Bloomberg News review earlier this year of the securities filings of 304 companies.

Apple has more than $200 billion in cash stockpiled, with almost 90 percent of it overseas. As of its most recent annual report, Apple had $69.7 billion in profits on which it hasn’t assumed taxes.

U.S. lawmakers are looking for ways to get some of that cash back in the U.S. President Barack Obama supports a one-time 14 percent tax on stockpiled profits, with the proceeds going to highways and other infrastructure programs. Some Republicans favor a similar approach and are working on a detailed plan.

Putin’s Kill List and a Victim

Posted on by

Putin ‘personally ordered Litvinenko’s murder’: QC at inquest into Russian spy’s death says ‘direct and solid evidence’ ties ‘morally deranged’ President to the killing

By Steph Cockroft for MailOnline

Vladimir Putin ‘personally ordered’ the killing of Alexander Litvinenko and should be held responsible for his death, the inquiry into the former spy’s death has heard.

The lawyer for Mr Litvinenko’s family said there is ‘direct and solid evidence’ which ties the Russian state to the 43-year-old spy’s ‘assassination’.

Making his closing remarks at the end of the six-month inquiry into 2006 poisoning, Ben Emmerson QC added that it would be ‘impossible’ for the killing to have taken place without the approval of the ‘morally deranged’ Russian president.

He added that Mr Putin – whom he described as an ‘increasingly isolated tinpot despot’ – targeted Mr Litvinenko because he was ‘bent on exposing him and his cronies’.

He told the inquiry: ‘Vladimir Putin stands accused of this murder on solid and direct evidence – the best evidence that is ever likely to be available in relation to secret and corrupt criminal enterprise in the Kremlin.’ The Kremlin has always denied the claims.

Mr Litvinenko died nearly three weeks after drinking tea laced with polonium-210 in London in November 2006. Police concluded that the fatal dose was probably consumed during a meeting with Dmitri Kovtun and Andrei Lugovoi at a hotel in central London.

British authorities later decided that the pair – who deny involvement – should be prosecuted for murder. But the inquiry heard how the trial is now unlikely to take place.

Speaking outside the Royal Courts of Justice, Mr Litvinenko’s widow Marina claimed that her husband’s killers had finally been ‘unmasked’

She added that her husband had ‘vowed to expose corruption’ in the Russian Federal Security but that he had ‘paid the ultimate price’.

Paying tribute to the ‘loving father and husband’ who she says was killed by ‘nuclear terrorsim’, she said: ‘It was very difficult but very important to do this.

‘I’m very, very happy for what (the inquiry) will be able to bring to the open air for all people to be able to listen and see and discuss. Even more I’m so glad that people are still interested after more than nine years.’

Asked how certain she was that Mr Putin was behind her husband’s death, she said: ‘After 15 years being in charge, of course he is responsible for this. What I want to say I did exactly by this public inquiry. What I did is my tribute to my husband.

‘Any reasonable who looks at the evidence will see my husband was killed by agents of the Russian state in the first ever act of nucelar terrorsim on the streets of london and this could not have happened without the knowledge of Mr Putin.’

The inquiry, which began at the end of January, has heard from 62 witnesses in a bid to establish how Mr Litvinenko died and, crucially, who was responsible.

Sir Robert was told about forensic evidence linking Kovtun and Lugovoi to the murder, including the discovery of polonium-210 in the pair’s hotel rooms.

The inquiry also heard how Litvinenko’s whistle-blowing about Mr Putin and his alleged links to organised crime made him an ‘enemy of the state’.

Mr Emmerson QC had described the pair as ‘henchman’ who had been ordered to ‘liquidate’ Mr Litvinenko by the Russian state with the backing of Mr Putin.

WHO POISONED SPY LITVINENKO? THE PRIME SUSPECTS 

Dmitri Kovtun and Andrei Lugovoy are suspected of murdering the Alexander Litvinenko.

Litvinenko, 43, died nearly three weeks after consuming tea laced with polonium-210 in London in November 2006.

Mr Litvinenko is thought to have been working for British secret service MI6 whilst in the UK.

Both Kovtun and Lugovoy deny any involvement and remain in Russia.

They both initially refused to take part in the inquiry.

However in March 2015, Kovtun dramatically changed his mind and offered to give evidence before pulling out today. 

He described an honour awarded to Lugovoi for services to the ‘Motherland’ by the president in March as an attempt by Russia to undermine the inquiry.

He said: ‘It was a crass and clumsy gesture from an increasingly isolated tinpot despot – a morally deranged authoritarian who was at that very moment clinging desperately on to political power in the face of international sanctions and a rising chorus of international condemnation,’ he said.

‘Putin’s award to Lugovoi should be seen for what it was – a crude attempt to intimidate an independent judicial inquiry through cowardly political bluster.’

The inquiry had been due to hear from the prime suspect in the case, Mr Kovtun, but he withdrew at the 11th hour, amid claims of interference from Moscow.

Sir Robert said of the last-minute withdrawal: ‘This unhappy sequence of events drives me to the conclusion either that Mr Kovtun never in truth intended to give evidence and that this has been a charade.

‘Alternatively, if he has at some stage been genuine in his expressed intention to give evidence, obstacles have been put in the way of his doing so.’

In a statement given to the Inquiry, Mr Kovtun claimed he had ended up in the bar at the Millennium Hotel with Mr Litvinenko and Mr Lugovoi ‘completely by chance’.

He said Mr Litvinenko had ‘flopped down’ at their table before grabbing a teapot and pouring himself some tea.

‘He gulped down two cups and then had a coughing fit. In the course of the conversation he coughed constantly and wiped his mouth with a napkin.’

Mr Kovtun added that he had the impression that Mr Litvinenko had ‘mental health problems’ and was ‘driven to despair’, adding: ‘He was prepared to do anything to achieve his financial goals.’

The hearing had also heard from Mr Litvinenko’s father Walter, who claimed that his son’s final words on his deathbed were: ‘Daddy, Putin has poisoned me’. He said that his son also claimed the Russian president was ‘perverted’ and ‘very dangerous’, warning him to be ‘careful’ himself.

The Russian Embassy in London said it did not trust the public inquiry, which it claimed it had been ‘politicised’, and disregarded international law.

Both Mr Emmerson and inquiry chairman Sir Robert Owen praised the meticulous detective work of the Metropolitan Police.

Mr Emmerson described the investigation as one of the most extensive murder inquiries ever carried out in the UK and the post mortem on Mr Litvinenko as “the most dangerous” in British history.

Inquiry chairman Sir Robert Owen said he expected to return his conclusion by the end of the year.

Every U.S. Corporation Hacked by China

Posted on by

From the Former NSA Director McConnell via CNN:

“The Chinese have penetrated every major corporation of any consequence in the United States and taken information,” he said. “We’ve never, ever not found Chinese malware.”
He said the malware lets Chinese spies extract information whenever they want. McConnell, who also led the NSA from 1992 until 1996, continues to investigate hacks as a high-ranking adviser to Booz Allen Hamilton (BAH).
He listed victims he has come across during his investigations: U.S. Congress, Department of Defense, State Department (which is currently dealing with Russian hackers) and major corporations.
The U.S. government has said it has caught Chinese spies stealing blueprints and business plans. Last year, federal prosecutors took the unprecedented step of filing formal criminal charges against five Chinese government spies for breaking into Alcoa (AA), U.S. Steel Corp. (X), Westinghouse and others.

Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets

A secret NSA map obtained exclusively by NBC News shows the Chinese government‘s massive cyber assault on all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military.

The map uses red dots to mark more than 600 corporate, private or government “Victims of Chinese Cyber Espionage” that were attacked over a five-year period, with clusters in America’s industrial centers. The entire Northeast Corridor from Washington to Boston is blanketed in red, as is California’s Silicon Valley, with other concentrations in Dallas, Miami, Chicago, Seattle, L.A. and Detroit. The highest number of attacks was in California, which had almost 50.

Each dot represents a successful Chinese attempt to steal corporate and military secrets and data about America’s critical infrastructure, particularly the electrical power and telecommunications and internet backbone. And the prizes that China pilfered during its “intrusions” included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems, according to intelligence sources.

The map was part of an NSA briefing prepared by the NSA Threat Operations Center (NTOC) in February 2014, an intelligence source told NBC News. The briefing highlighted China’s interest in Google and defense contractors like Lockheed Martin, and in air traffic control systems. It catalogued the documents and data Chinese government hackers have “exfiltrated” — stolen — from U.S. corporate, government and military networks, and also listed the number and origin of China’s “exploitations and attacks.”

The map suggests that NSA has been able to monitor and assess the Chinese cyber espionage operations, and knows which specific companies, government agencies and computer networks are being targeted.

The NSA did not immediately respond to repeated requests for comment.

 

 

Selected Israeli Intelligence Items Revealed on Iran Talks

Posted on by
The deal is just too dangerous, even some Democrats are expressing that dynamic.
On Nov. 26, 2013, three days after the signing of the interim agreement (JPOA) between the powers and Iran, the Iranian delegation returned home to report to their government. According to information obtained by Israeli intelligence, there was a sense of great satisfaction in Tehran then over the agreement and confidence that ultimately Iran would be able to persuade the West to accede to a final deal favorable to Iran. That final deal, signed in Vienna last week, seems to justify that confidence. The intelligence—a swath of which I was given access to in the past month—reveals that the Iranian delegates told their superiors, including one from the office of the Supreme Leader Ayatollah Khamenei, that “our most significant achievement” in the negotiations was America’s consent to the continued enrichment of uranium on Iranian territory.

That makes sense. The West’s recognition of Iran’s right to perform the full nuclear fuel cycle—or enrichment of uranium—was a complete about-face from America’s declared position prior to and during the talks. Senior U.S. and European officials who visited Israel immediately after the negotiations with Iran began in mid 2013 declared, according to the protocols of these meetings, that because of Iran’s repeated violations of the Nuclear Non-Proliferation Treaty, “Our aim is that in the final agreement [with Iran] there will be no enrichment at all” on Iranian territory. Later on, in a speech at the Saban Forum in December 2013, President Barack Obama reiterated that in view of Iran’s behavior, the United States did not acknowledge that Iran had any right to enrich fissile material on its soil.

In February 2014, the first crumbling of this commitment was evident, when the head of the U.S. delegation to the talks with Iran, Wendy Sherman, told Israeli officials that while the United States would like Iran to stop enriching uranium altogether, this was “not a realistic” expectation. Iranian foreign ministry officials, during meetings the Tehran following the JPOA, reckoned that from the moment the principle of an Iranian right to enrich uranium was established, it would serve as the basis for the final agreement. And indeed, the final agreement, signed earlier this month, confirmed that assessment.

The sources who granted me access to the information collected by Israel about the Iran talks stressed that it was not obtained through espionage against the United States. It comes, they said, through Israeli spying on Iran, or routine contacts between Israeli officials and representatives of the P5+1 in the talks. The sources showed me only what they wanted me to see, and in these cases there’s always a danger of fraud and fabrication. This said, these sources have proved reliable in the past, and based on my experience with this type of material it appears to be quite credible. No less important, what emerges from the classified material obtained by Israel in the course of the negotiations is largely corroborated by details that have become public since.

In early 2013, the material indicates, Israel learned from its intelligence sources in Iran that the United States held a secret dialogue with senior Iranian representatives in Muscat, Oman. Only toward the end of these talks, in which the Americans persuaded Iran to enter into diplomatic negotiations regarding its nuclear program, did Israel receive an official report about them from the U.S. government. Shortly afterward, the CIA and NSA drastically curtailed its cooperation with Israel on operations aimed at disrupting the Iranian nuclear project, operations that had racked up significant successes over the past decade.

On Nov. 8, 2013, Secretary of State John Kerry visited Israel. Israeli Prime Minister Benjamin Netanyahu saw him off at Ben Gurion Airport and told him that Israel had received intelligence that indicated the United States was ready to sign “a very bad deal” and that the West’s representatives were gradually retreating from the same lines in the sand that they had drawn themselves.

Perusal of the material Netanyahu was basing himself on, and more that has come in since that angry exchange on the tarmac, makes two conclusions fairly clear: The Western delegates gave up on almost every one of the critical issues they had themselves resolved not to give in on, and also that they had distinctly promised Israel they would not do so.

One of the promises made to Israel was that Iran would not be permitted to stockpile uranium. Later it was said that only a small amount would be left in Iran and that anything in excess of that amount would be transferred to Russia for processing that would render it unusable for military purposes. In the final agreement, Iran was permitted to keep 300kgs of enriched uranium; the conversion process would take place in an Iranian plant (nicknamed “The Junk Factory” by Israel intelligence). Iran would also be responsible for processing or selling the huge amount of enriched uranium that is has stockpiled up until today, some 8 tons.

The case of the secret enrichment facility at Qom (known in Israel as the Fordo Facility) is another example of concessions to Iran. The facility was erected in blatant violation of the Non Proliferation Treaty, and P5+1 delegates solemnly promised Israel at a series of meetings in late 2013 that it was to be dismantled and its contents destroyed. In the final agreement, the Iranians were allowed to leave 1,044 centrifuges in place (there are 3,000 now) and to engage in research and in enrichment of radioisotopes.

At the main enrichment facility at Natanz (or Kashan, the name used by the Mossad in its reports) the Iranians are to continue operating 5,060 centrifuges of the 19,000 there at present. Early in the negotiations, the Western representatives demanded that the remaining centrifuges be destroyed. Later on they retreated from this demand, and now the Iranians have had to commit only to mothball them. This way, they will be able to reinstall them at very short notice.

Israeli intelligence points to two plants in Iran’s military industry that are currently engaged in the development of two new types of centrifuge: the Teba and Tesa plants, which are working on the IR6 and the IR8 respectively. The new centrifuges will allow the Iranians to set up smaller enrichment facilities that are much more difficult to detect and that shorten the break-out time to a bomb if and when they decide to dump the agreement.

The Iranians see continued work on advanced centrifuges as very important. On the other hand they doubt their ability to do so covertly, without risking exposure and being accused of breaching the agreement. Thus, Iran’s delegates were instructed to insist on this point. President Obama said at the Saban Forum that Iran has no need for advanced centrifuges and his representatives promised Israel several times that further R&D on them would not be permitted. In the final agreement Iran is permitted to continue developing the advanced centrifuges, albeit with certain restrictions which experts of the Israeli Atomic Energy Committee believe to have only marginal efficacy.

As for the break-out time for the bomb, at the outset of the negotiations, the Western delegates decided that it would be “at least a number of years.” Under the final agreement this has been cut down to one year according to the Americans, and even less than that according to Israeli nuclear experts.

As the signing of the agreement drew nearer, sets of discussions took place in Iran, following which its delegates were instructed to insist on not revealing how far the country had advanced on the military aspects of its nuclear project. Over the past 15 years, a great deal of material has been amassed by the International Atomic Energy Agency—some filed by its own inspectors and some submitted by intelligence agencies—about Iran’s secret effort to develop the military aspects of its nuclear program (which the Iranians call by the codenames PHRC, AMAD, and SPND). The IAEA divides this activity into 12 different areas (metallurgy, timers, fuses, neutron source, hydrodynamic testing, warhead adaptation for the Shihab 3 missile, high explosives, and others) all of which deal with the R&D work that must be done in order to be able to convert enriched material into an actual atom bomb.

The IAEA demanded concrete answers to a number of questions regarding Iran’s activities in these spheres. The agency also asked Iran to allow it to interview 15 Iranian scientists, a list headed by Prof. Mohsen Fakhrizadeh, whom Mossad nicknamed “The Brain” behind the military nuclear program. This list has become shorter because six of the 15 have died as a result of assassinations that the Iranians attribute to Israel, but access to the other nine has not been given. Neither have the IAEA’s inspectors been allowed to visit the facilities where the suspected activities take place. The West originally insisted on these points, only to retreat and leave them unsolved in the agreement.

 

In mid-2015 a new idea was brought up in one of the discussions in Tehran: Iran would agree not to import missiles as long as its own development and production is not limited. This idea is reflected in the final agreement as well, in which Iran is allowed to develop and produce missiles, the means of delivery for nuclear weapons. The longer the negotiations went on, the longer the list of concession made by the United States to Iran kept growing, including the right to leave the heavy water reactor and the heavy water plant at Arak in place and accepting Iran’s refusal of access to the suspect site.

It is possible to argue about the manner in which Netanyahu chose to conduct the dispute about the nuclear agreement with Iran, by clashing head-on and bluntly with the American president. That said, the intelligence material that he was relying on gives rise to fairly unambiguous conclusions: that the Western delegates crossed all of the red lines that they drew themselves and conceded most of what was termed critical at the outset; and that the Iranians have achieved almost all of their goals.

 

The China Hack of United Airlines, Electronic Insurgency

Posted on by

Warning corporations, industry and government entities is one thing, action and protection and or declaration of a cyber war is yet another.

July 2015:

Aspen Institute: Cyber warfare is one of the most potent security threats the United States faces, National Security Agency Director and Commander of the US Cyber Command General Keith Alexander told the crowd at the Aspen Security Forum in Aspen, discussing in conversation with NBC News Correspondent Pete Williams the nature of the threat and how his department is working to address it.
With the Stuxnet, Duqu, and Flame viruses in the fore of the public consciousness, Alexander took pains to point out that nation-states were not the only potential cyber actors. Citing power and water grids as his chief concerns, he said, “Somebody who finds vulnerability in our infrastructure could cause tremendous problems. They could erase the Input/output of a system so it can’t boot, and would have to be replaced. And these capabilities are not only nation-state-only capabilities.”

Alexander assessed the US’ readiness to confront such an attack as a three on a scale of ten, calling lack of adequately trained cyber defense forces the critical impediment to greater preparedness. “Our issue isn’t [having the tools] to address the threat,” he said. “It’s having the capacity, and building and training cyber forces. We have a big requirement, and a small force that is growing steadily.”

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

Bloomberg:

The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.

United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.

 

It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.

That data could be cross-referenced with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances. In all, the China-backed team has hacked at least 10 companies and organizations, which include other travel providers and health insurers, says security firm FireEye Inc.

Tracking Travelers

The theft of airline records potentially offers another layer of information that would allow China to chart the travel patterns of specific government or military officials.

United is one of the biggest contractors with the U.S. government among the airlines, making it a rich depository of data on the travel of American officials, military personnel and contractors. The hackers could match international flights by Chinese officials or industrialists with trips taken by U.S. personnel to the same cities at the same time, said James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington.

“You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” Lewis said. “If you’re China, you’re looking for those things that will give you a better picture of what the other side is up to.”

Computer Glitches

The timing of the United breach also raises questions about whether it’s linked to computer faults that stranded thousands of the airline’s passengers in two incidents over the past couple of months. Two additional people close to the probe, who like the others asked not to be identified when discussing the investigation, say the carrier has found no connection between the hack and a July 8 systems failure that halted flights for two hours. They didn’t rule out a possible, tangential connection to an outage on June 2.

Luke Punzenberger, a spokesman for Chicago-based United, a unit of United Continental Holdings Inc., declined to comment on the breach investigation.

Zhu Haiquan, a spokesman for the Chinese embassy in Washington, said in a statement: “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks.”

Embedded Names

United may have gotten help identifying the breach from U.S. investigators working on the OPM hack. The China-backed hackers that cybersecurity experts have linked to that attack have embedded the name of targets in web domains, phishing e-mails and other attack infrastructure, according to one of the people familiar with the investigation.

In May, the OPM investigators began drawing up a list of possible victims in the private sector and provided the companies with digital signatures that would indicate their systems had been breached. United Airlines was on that list.

Safety Concerns

In contrast to the theft of health records or financial data, the breach of airlines raises concerns of schedule disruptions or transportation gridlock. Mistakes by hackers or defenders could bring down sensitive systems that control the movement of millions of passengers annually in the U.S. and internationally.

Even if their main goal was data theft, state-sponsored hackers might seek to preserve access to airline computers for later use in more disruptive attacks, according to security experts. One of the chief tasks of the investigators in the United breach is ensuring that the hackers have no hidden backdoors that could be used to re-enter the carrier’s computer systems later, one of the people familiar with the probe said.

United spokesman Punzenberger said the company remains “vigilant in protecting against unauthorized access” and is focused on protecting its customers’ personal information.

There is evidence the hackers were in the carrier’s network for months. One web domain apparently set up for the attack — UNITED-AIRLINES.NET — was established in April 2014. The domain was registered by a James Rhodes, who provided an address in American Samoa.

James Rhodes is also the alias of the character War Machine in Marvel Comics’ Iron Man. Security companies tracking the OPM hackers say they often use Marvel comic book references as a way to “sign” their attack.

Targeting Pentagon

This isn’t the first time such an attack has been documented. Chinese military hackers have repeatedly targeted the U.S. Transportation Command, the Pentagon agency that coordinates defense logistics and travel.

A report last year from the Senate Armed Services Committee documented at least 50 successful hacks of the command’s contractors from June 2012 through May 2013. Hacks against the agency’s contractors have led to the theft of flight plans, shipping routes and other data from organizations working with the military, according to the report.

“The Chinese have been trying to get flight information from the government; now it looks as if they’re trying to do the same in the commercial sector,” said Tony Lawrence, a former Army sergeant and founder and chief executive officer of VOR Technology, a Columbia, Maryland-based cybersecurity firm.

It’s unclear whether United is considering notifying customers that data may have been compromised. Punzenberger said United “would abide by notification requirements if a situation warranted” it.

The airline is still trying to determine exactly which data was removed from the network, said two of the people familiar with the probe. That assessment took months in the OPM case, which was discovered in April and made public in June.

M&A Strategy

Besides passenger lists and other flight-related data, the hackers may also have taken information related to United’s mergers and acquisitions strategy, one of the people familiar with the investigation said.

Flight manifests usually contain the names and birthdates of passengers, but even if those files were taken, experts say that would be unlikely to trigger disclosure requirements in any of the 47 states with breach-notification laws.

Those disclosure laws are widely seen as outdated. The theft by hackers of corporate secrets usually goes unreported, while the stealing of customer records such as Social Security numbers and credit cards is required in most states.

“In most states, this is not going to trigger a notification,” said Srini Subramanian, state government leader for Deloitte cyber risk services.