American Airlines, Sabre join growing number of China hacking targets

The companies appear to have been hacked by the same group that stole information from health insurer Anthem and the US government's personnel office, according to a new report.

Don Reisinger
Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
5 min read

Chinese hackers are turning to the air to triangulate government employee movements, a new report says. American Airlines

As if health insurance and government information weren't enough, Chinese hackers may be targeting air travel -- again.

American Airlines and Sabre, a company that processes airline reservations, may have been hacked by China-based hackers, Bloomberg reported Friday, citing people who claim to have knowledge of the incidents. The companies are investigating the possibility of a security breach. It's believed by Bloomberg's sources that the same hackers who targeted health insurer Anthem and the US Office of Personnel Management (OPM) were behind the attacks. American Airlines, however, would not confirm that claim.

"American has worked with outside cyber security experts who checked digital signatures, IP addresses and style of attack and there's no evidence to suggest a breach similar to that experienced by the U.S. Office of Personnel Management," a company spokesman said in an e-mailed statement.

Still, the hackers' purported attempts to make off with air travel information could have been part of a broader scheme to gather sensitive intelligence information on key individuals, and the attack on American Airlines was similar to those on OPM and Anthem, Bloomberg's sources say. By attacking Anthem and the OPM, hackers could combine personal information about government employees, including medical history, with insights gleaned from air travel information, and track where those employees have been around the world and for how long. Ultimately, the hackers could use the information as a dossier to learn more about government officials and other Americans and perhaps use that to China's advantage in espionage activities, the sources say.

The longtime battle with China

China has long been under suspicion for conducting successful cyberattacks on the US. While the government has claimed innocence in each attack, the US has charged China with actively targeting both companies and government institutions. One attack blamed on China attempted to intercept information on federal employees with top-secret security clearance in March 2014.

In May 2014, the US Justice Department filed charges against five alleged Chinese military hackers, claiming they infiltrated American corporations and stole information. China has denied the allegations and refuses to give up the individuals to US law enforcement agencies.

Meanwhile, the hacks continue. In June, the federal government confirmed that the OPM, the human resources arm of the federal government, was hacked and pointed to China-based hackers as the culprits. A month later, the US government said that over 21.5 million Social Security numbers and background checks from the OPM were stolen as part of the attack. That hack followed news in February that Anthem, the second-largest health insurer in the US, was hacked and saw the personal information of approximately 80 million members and employees accessed by the hackers.

Anthem CEO Joseph Swedish said the attack gave hackers access to names, dates of birth, member IDs, Social Security numbers and other personal information. Swedish said he found no evidence that any credit card or medical records had been exposed. The hacks have been unofficially tied to China, though Chinese officials have staunchly argued that they are not behind any attacks.

In addition to claiming innocence, China has fought back at the US, charging American spies with actively hacking and targeting its own networks and data. While the US has stayed tight-lipped on the matter, most security experts agree that the governments are indeed fighting a cyberwar behind the scenes.

The US is also in battle with other governments around the world. Russia, for instance, has been charged with breaching a White House network, which would have given it access to President Barack Obama's schedule. North Korea has also reportedly attacked both government and company data and was charged last year with attacking Sony Pictures in an attempt to stop the controversial film, "The Interview," from reaching theaters. The comedic film depicted an attempt by journalists to assassinate North Korea leader Kim Jong-un.

The US responds

In response to the many threats it faces, the US in April announced changes to existing policies that will make it easier for the government to respond to attacks.

US Defense Secretary Ash Carter outlined a new protocol in April that could see the US launch cyberattacks on foreign threats to either thwart or discourage cyberattacks on US government agencies and companies. That announcement followed an executive order signed by Obama in early April that will allow his cabinet to issue sanctions on foreign hackers. Like the Defense Department's move, that tweak is aimed at stopping attacks before they happen.

"Effective incident response requires the ability to increase the costs and reduce the economic benefits from malicious cyber activity," Lisa Monaco, assistant to the president for homeland security and counterterrorism, said in a statement at the time. "And this means, in addition to our existing tools, we need a capability to deter and impose costs on those responsible for significant harmful cyber activity where it really hurts -- at their bottom line."

United was also a target

The possible breach to American Airlines and Sabre would be the second airline-related attack reported in the past few weeks. Bloomberg reported July 29 that United Airlines suffered a breach sometime this year that compromised customers' flight records. The United hack reportedly came from the same China-based hackers who targeted the OPM and Anthem.

If the combined attacks are indeed a way for the Chinese government to triangulate government employee movements, hacking American Airlines, one of the largest US carriers and Sabre, would make sense. American Airlines had 52.2 million passenger boardings during the second quarter ended June 30. Sabre, which was spun off by American Airlines in 2000, says that it provides back-end technology to handle traveling reservations for 1 billion travelers each year. Together, the companies represent a treasure trove of information for anyone seeking ways to gather a full dossier on individuals.

Still, in addition to questions over who may have targeted the airline, it appears the attack may not have gotten as far as the hackers hoped. In an e-mailed statement, the American Airlines spokesman said that while the airline has brought in security experts, they have yet to discover any customer data breach.

"There is...no evidence that customer data may have been compromised," the spokesman said. "We take cyber security very seriously and have a strong record of actively communicating with our customers and partners. We go above and beyond any notification requirements."

A Sabre spokeswoman echoed American Airlines' statement, saying that, while an investigation is ongoing, so far the company has not identified the theft of any personal information.

"Like most technology companies, Sabre experiences cyber security incidents," the spokeswoman said in an e-mailed statement. "We recently learned of a cyber security incident, and we are conducting an investigation into it now. At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing. We are committed to protecting sensitive information, and we are being assisted by experts that specialize in cyber security. We will share additional information as appropriate."

The Chinese government did not respond to a request for comment.

Update, 8:01 a.m. PT: Included Sabre's statement.