A Chinese Hacking Group Is Stealing Airline Passenger Details

An anonymous reader quotes a report from ZDNet: A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera. Believed to be operating in the interests of the Chinese state, the group's activities were first described in a report [PDF] and Black Hat presentation [PDF] from CyCraft in 2020. The initial report mentioned a series of coordinated attacks against the Taiwanese superconductor industry.

But in a new report published last week by NCC Group and its subsidiary Fox-IT, the two companies said the group's intrusions are broader than initially thought, having also targeted the airline industry. These attacks targeted semiconductor and airline companies in different geographical areas, and not just Asia, NCC and Fox-IT said. In the case of some victims, the hackers stayed hidden inside networks for up to three years before being discovered. "The goal of targeting some victims appears to be to obtain Passenger Name Records (PNR)," the two companies said. While the NCC and Fox-IT report didn't speculate why the hackers targeted the airline industry and why they stole passenger data, this is pretty obvious. In fact, it is very common for state-sponsored hacking groups to target airline companies, hotel chains, and telcos to obtain data they could use to track the movements and communications of persons of interest.

We suck at this

[Tablizer]

We hear about all these disturbing hacks, but NOBODY is ever caught and punished. Even a success rate of 20% is better than zero. Imagine if zero percent of bank robberies were punished. Hack back to find them, dammit. WTF!?

Re:We suck at this

[Richard_at_work]

The issue is the "state-sponsored" part - thats a PR term for "government employee" when you don't like the other government, so you de-legitimise them.

State-sponsored Chinese hackers are stealing data - thats not exactly a unique situation, right? The UK has GCHQ which intercepts all manner of telephone and internet data, the US has the NSA and NRO, which launch huge spy satellites specifically to sit behind geo-stationary communications satellites so they can slurp up all those comms (even if they cant break the encryption now, they might in a year from now, and in the meantime traffic analysis still yields results worth collecting the data for).

The NSA has intercepted routers and other hardware and installed backdoors on them. They've carried out hacking. They've actively worked to introduce backdoors in encryption algorithms etc.

You wouldn't say "state-sponsored" when referring to activities of the NSA etc, you would just say the NSA because people think of it as legitimate. "State-sponsored" is a trigger term used to make you instantly think "bad government".

Re:

[Tablizer]

The issue is the "state-sponsored" part - thats a PR term for "government employee" when you don't like the other government, so you de-legitimise them.

They could be contractors hired by the gov't, not necessarily employees.

But I don't care about good-vs-bad labels here. We are not catching them, or even ID'ing them, regardless of who or what they work for. We cannot trace it to the individuals doing it for some odd reason. We got spies in every major country, but they are ineffective with hackers so far.

Re:

[raymorris]

We say state sponsored because very often they are not direct employees of the government. Very often we don't know if they are employed by the government, and it doesn't matter. What matters if they have the resources, goals, and protections of a significant government.

If they:
Can spend $240,000 on GPU time to crack a key password
Engage in espionage
Can't be arrested because the government responsible for arresting them is instead protecting them

That's state-sponsored. I don't care what it says on their W

Re:

[sabbede]

Well, the reason we use "state-sponsored" in this context is to clarify that it wasn't some random person or group based out of some nation, but a person/group covertly acting on behalf and under direction of the national government. There's no reason to say the NSA engages in state-sponsored clandestine activity, as an official agency they are always operating under the authority and direction of the Federal government.

If these hacks were carried out by say the People's Liberation Army (what a BS name)

Re:

[AmiMoJo]

"State sponsored" makes people think of times when the US and Russia supported various para-military groups, basically running proxy wars. As you say it sounds less legitimate than "Chinese security services" or even "Chinese spies", because we all know and understand that nations spy on each other.

Re:

[Tokolosh]

EVERY time you give out personal information, you can assume it will land in the public domain. So when the government requires you to pre-check, or the lady with the clipboard at the doctor's office wants you SSN, or the bank wants to Know Your Customer (you know, for laundering), or when your child's school wants to know your Twitter handle... pause.

Re:

[rtb61]

One can not help but see it as, it was cheaper to hack the data than buy it because it was all collected and sold to all and sundry and you pretend like it is some invasion of privacy. That has already happened BIG TIME, this is more like pilfering the data rather than paying for it. Like sheep you carry around you mobile tags where ever you go, listens in when ever they want, this is a mountain out of an mole hill. It does not even sound genuine, it is so cheap to buy. Probably just a bunch of criminals af

Of course nobody is caught!

[BAReFO0t]

If you got a scare in the closet, to take out and distract people every time it's not going so great ar home ... *You don't empty the fucking closet!*
W. Bush just didn't get that. Emptied the closet. And now we had to go back to Russia again. Thank fuck, China came along! ;)

Re:

[sabbede]

I often wonder if we are, but quietly. Though I'd really prefer to hear that we have a policy of harsh and aggressive retaliation. Like, they hack our airlines, and somehow their air traffic control systems get mysteriously bricked. Though it might make more sense to respond openly - by banning all flights to and from China.

Re:

[Tablizer]

Welcome to Slashdot, Mr. Xi. Donnie is gone, you're next!

Airlines passengers?

[zmollusc]

What airlines passengers? All the airlines instantly went bankrupt when the first round of lockdown happened last spring. I remember them bitching about it.

Losers.

[BAReFO0t]

They could just gotten it all from the NSA.
Why make such an effort? Just find a disgruntled employee and ask nicely.

Proof that China is still ... number two.

Editors?

[PPH]

Taiwanese superconductor industry

Please.

Biased, much?

[dwater]

The title: "A Chinese Hacking Group Is Stealing Airline Passenger Details"

but the article says "suspected" and "believed".

There's a jump in logic there that is so typical of Western journalism.

Are those bastards why I can't get chips?

[sabbede]

"Coordinated attacks against the Taiwanese superconductor industry"? Is that why supplies of AMD and Nvidia chips are so limited? Thanks for fucking up my Christmas, assholes.