Series of Attacks: Travel Firms Hacked

Monday, August 10, 2015 @ 12:08 PM gHale

Sabre Corp., which processes reservations for airlines and hotels, said its systems suffered a breach, while American Airlines Group Inc., the world’s biggest carrier, said it is investigating whether hackers entered its computers.

Both companies ended up hacked as part of a series of attacks that targeted insurer Anthem Inc. and the U.S. government’s personnel office, according to three people with knowledge of the cyber security probes, according to a report with Bloomberg.

United Hack Connects to Attack Group
Attack Group Called Out
Cyber Arrest Frequency on Rise
FBI Takes Down Cyber Crime Forum

The latest incidents are the broadest yet on the U.S. travel industry, emerging a week after security experts attributed an attack on United Airlines, the world’s second-largest carrier, to the same group.

United detected an incursion into its computer systems in May or early June, said several people familiar with the probe. Three of those people said investigators working with the carrier linked the attack to a group of China-backed hackers they said are behind the theft of security-clearance records from the U.S. Office of Personnel Management (OPM) and medical data from health insurer Anthem Inc.

ISSSource reported Symantec called out a cyber espionage group called Black Vine, which is targeting multiple industries including energy, aerospace and healthcare, which included the Anthem attack.

The information would add to that already believed to include personal and employment details from background checks on millions of government employees and contractors, as well as medical histories. A foreign government could use the data to build profiles of U.S. officials and contractors, establishing information that could end up used to blackmail them into providing intelligence. A government could also track the travel of U.S. officials and workers to detect military or intelligence operations, or compare their movements with those of its own citizens.

Sabre, one of the largest clearinghouses for travel reservations, is a big target for state-sponsored hacks because of the company’s role as a central repository for records on more than a billion travelers per year across the globe.

American is investigating whether hackers moved from Sabre’s systems into its own computers, two of the people familiar with the examination said. The carrier shares some network infrastructure with Sabre, a onetime subsidiary that it spun off as a separate company in 2000. American and Sabre began contracting with outside experts to conduct the probe within the last month, said the people with knowledge of the inquiry.

The American and Sabre incidents are consistent with the hacks of the U.S. Office of Personnel Management, the people familiar with the probe said in the Bloomberg report. American learned the Internet Protocol addresses used by the OPM hackers, which matched activity found in the carrier’s computer logs, one person said.

American spokesman Casey Norton said the Fort Worth, Texas-based airline is looking into the possibility that hackers entered its systems but hasn’t confirmed an intrusion. “Based on our deep and extensive investigations with the help of outside cyber security experts, American has found no evidence that our systems or network have experienced a breach like those at OPM or Anthem,” he said.

Before the disclosures about United, American and Sabre, cyber security firm FireEye Inc. said the same China-tied group responsible for the OPM breach had hit about 10 victims since 2013.