Home Tags Security news
Tag: security news
A researcher is set to detail how satellite tracking can be hacked, enabling misdirection of assets and theft. Satellite tracking systems are used for myriad activities, including monitoring the progress of semi-trailers and armored car bank deliveries. In a session at the Black Hat USA conference on Aug. 5 in Las Vegas, Colby Moore, manager of special activities at Synack, will detail security risks in the GlobalStar simplex satcom protocol that could potentially enable attackers to do all manner of malicious things. The GlobalStar satellite communication network is used for high-value asset tracking, including tanker cars, containers and armored car fleets, according to Moore. Unfortunately, he said, the GlobalStar system uses something called a direct sequence spread spectrum signal that can be intercepted and decoded. "The direct sequence spread spectrum signal is generated with what is known as a pseudo-noise [PN] sequence," Moore explained to eWEEK. "Essentially, you have a secret pseudo-random sequence that both the transmitter and the receiver know." The signal that a device or user transmits is mixed with the pseudo-random sequence at a fast rate, and that's what spreads the signal out over the spectrum. So to actually intercept the satellite signal, there is a need to know what the sequence is. "So I came up with a way to reverse-engineer the sequence to get the key, or the spreading code as they call it," Moore said. "With that code, I could intercept code in transit from the ground to the satellite." Going a step further, Moore explained that after receiving the data, he had to decode it, so he reverse-engineered the entire packet format, including the unique identifier, and was able to extract the actual data as well. "There is no digital signing or encryption for the data, meaning I could modify any of the different fields and generate packets and then inject that back into the satellite data stream," he said. "So we can effectively spoof data." As to why, Moore's discovery is impactful, it all has to do with where the GlobalStar tracking system is being used. It could, for example, be in an industrial control system that monitors the status of a dam to make sure it isn't overflowing, he said. If an attacker could change the status, an environment disaster could result. Also, an attacker could find an armored car and somehow disable the transmitter on the car, according to Moore. The attacker could then use the hacked transmitter to provide a false report that the armored car is on track, while the attackers drive in the opposite direction and get away with all the cash. Moore said Synack contacted GlobalStar more than 180 days ago and got some initial interest but no response on how or if the system will be patched. GlobalStar did not respond to a request for comment from eWEEK about Moore's Black Hat talk. "I think it's reasonable to expect that many of the other satellite systems out there have similar bugs," Moore said. "Few people have looked at these systems because the barrier to entry is so high, and so I hope my talk lowers the barrier so other security researchers can start looking at this issue." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
While the disclosure of Hacking Team's marketing of zero-day flaws has roiled the security community, the reaction of policy makers could have a lasting impact on legitimate security research. The sensitive documents stolen from offensive-security firm Hacking Team contain few real surprises, but the leaks resulting from the theft could have serious implications for the security industry. Security and privacy experts knew the company created tools for infecting and monitoring targeted computers using acquired exploits for previously unreported, or "zero-day," vulnerabilities and sold those tools to governments worldwide. Yet, some of the details were unexpected. Hacking Team's tools could exploit seven zero-day flaws. The firm had mobile surveillance tools more advanced than what many experts had expected. And the company worked—or had worked, as its CEO stresses—with governments that had a history of tracking, imprisoning and killing dissidents. The full list of Hacking Team's government clients surprised Adriel Desautels, CEO of security firm Netragard, which had acted as a broker, selling information on at least one of the zero-day vulnerabilities to the firm. While he stated in a leaked 2013 email to Hacking Team hosted by Wikileaks that "we do understand who your customers are both afar and in the U.S. and are comfortable working with you directly," Netragard did not know the full extent of the company's dealings, Desautels told eWEEK. "After the hack, when we saw Hacking Team's customer list was exposed and I saw who they were working with, at first I was angry, and then I realized that, despite our efforts, we could not control their ethics," he said. "There is no framework in place to control that, and we could not rely on the contracts that we had." Within days, Netragard decided to exit the business of brokering exploit sales—a minor part of its overall business—until better regulations and laws could guarantee sold exploits went to legitimate authorities. The decision underscores that the breach of Hacking Team's network, and the resulting leak of sensitive business information, is continuing to have major impacts in the security industry. The disclosure of seven zero-day vulnerabilities—four in Adobe Flash, two in Windows and one in Internet Explorer, according to vulnerability management firm Bugcrowd's tally—has already enabled commodity attack software sold in underground malware markets to target otherwise protected systems. "Those exploits were out there, but they were being used in a limited fashion," Kymberlee Price, senior director of researcher operations at Bugcrowd, told eWEEK. "Now, they are being used extensively." Research has shown that a dramatic spike in usage, sometimes as much as a factor of 100,000, can occur following the public release of an exploit in popular software. Yet, the ultimate impact may be on the discussion regarding vulnerability disclosure and the sale of exploits for zero-day vulnerabilities. Exploit sales had already become a controversial issue before the outing of Hacking Team's business, but the snapshot of who buys and sells exploits has ratcheted up the debate. "I think it will have little effect on the underground market, in their ability to sell or trade exploits to others," Adam McNeil, malware intelligence analyst at Malwarebytes Labs, told eWEEK. "I think where it will have an effect is security researchers; these incidents will used as catalysts in the development of new laws and regulations regarding the research and disclosure of the sales of vulnerabilities."
The Black Hat USA 2015 and DefCon 23 security conferences in Las Vegas from Aug. 4 to Aug. 9 will tackle an unmatched range of topics and some excitement—and concern—over the technologies shown to be at risk from hackers. While there are nine concurrent sessions at any given time at the Black Hat USA conference, in any given year, a few key sessions always receive more attention than others. In 2015, early hype about scheduled talks has resulted in the Fiat Chrysler Automobiles (FCA) recalling 1.4 automobiles over fears about remote car hacking. Security researchers Charles Miller and Chris Valasek will detail the specifics of their research on remote car hacking in a Black Hat USA session. Another highly anticipated session is security researcher Joshua Drake's talk about the Stagefright vulnerability in Android, which has left 950 million Android users at risk. Drake's session is at the exact same time as Miller and Valasek's car hacking talk on Aug. 5. In another session, researchers Runa A. Sandvik and Michael Auger are set to detail how they were able to hack a Linux-powered rifle remotely. Here's a look at seven highly anticipated sessions at the two conferences.
Sophia Antipolis, France, 31 July 2015. At their 18th Technical Plenary meeting held in Philadelphia, PA, on 20-24 July, oneM2M's members agreed on plans for the second release of oneM2M specifications and appointed new chairmen and vice-chairmen to advance the agenda of several key working groups. Advancing oneM2M Specifications; New Deployment Capabilities Release 1 of the oneM2M specifications was delivered in January 2015 (see www.onem2m.org/release1). This set of 10 specifications covered requirements, architecture, APIs, mappings to common industry protocols, security and management, abstraction and semantics.Work on Release 2 began immediately on delivery of Release 1. Ten new specifications have been identified for Release 2, in addition to updates of the existing Release 1 specifications, driving deployment of the following features:Enablement of Industrial Domain (“Smart Factories”) and of Home Domain (“Smart Home”)Dynamic authorization and end to end securitySemantic interoperabilityoneM2M as generic interworking framework (incl. support for OMA LWM2M, AllJoyn and OIC)Application developer APIs and guidelinesRelease 2 of oneM2M is planned for delivery in autumn 2016. In parallel with the development of Release 2, a revised set of Release 1 specifications is in preparation to take account of early implementation experience. These will be released in autumn 2015. The latest draft oneM2M specifications for Release 2 and the revised Release 1 are available at: http://www.onem2m.org/technical/latest-draftsNew Leadership Announced for Working Groups on Protocols; Management, Abstraction and Semantics; and TestingPeter Niblett of IBM was appointed as chairman of the Protocols Working Group, which develops and specifies APIs, protocols and message formats used across oneM2M interfaces, including mapping to commonly used M2M protocols. As IBM Senior Technical Staff Member responsible for the architecture and design of IBM Internet of Things and Mobile Messaging offerings, Mr. Niblett served as vice-chairman of the oneM2M Protocols Working group, as well as in other IoT standardization groups. Shingo Fujimoto of Fujitsu was appointed as vice-chairman of the Protocols Working Group for a second term.Mr. Niblett replaces Dr. Ray Forbes of Ericsson, who has stepped down from his position. Dr. Forbes had led this group from the creation of oneM2M and has successfully driven the production of the four core specifications of oneM2M's first release. Dr. Omar Elloumi, Chairman of the oneM2M Technical Plenary, thanked Dr. Forbes at this meeting for his dedication, service and hard work in leading this group to achieve its targets for Release 1 specifications and continuing with the development of Release 2.In addition, new vice-chairmen were appointed to other working groups. Ms. Jieun Keum of Samsung Electronics was appointed vice-chairman of the Management, Abstraction and Semantics Working Group and Mr. Mahdi Ben Alaya of the LAAS-CNRS research institute was appointed as vice-chairman of the Testing Working Group.About oneM2MoneM2M is the global standards initiative that covers requirements, architecture, API specifications, security solutions and interoperability for Machine-to-Machine and IoT technologies. oneM2M was formed in 2012 and consists of eight of the world's preeminent standards development organizations: ARIB (Japan), ATIS (U.S.), CCSA (China), ETSI (Europe), TIA (U.S.), TSDSI (India), TTA (Korea), and TTC (Japan), together with six industry fora or consortia (Broadband Forum, Continua Alliance, GlobalPlatform, HGI, Next Generation M2M Consortium and OMA) and over 200 member organizations. oneM2M specifications provide a framework to support applications and services such as the smart grid, connected car, home automation, public safety, and health. oneM2M actively encourages industry associations and forums with specific application requirements to participate in oneM2M, in order to ensure that the solutions developed support their specific needs. For more information, including how to join and participate in oneM2M, see: www.onem2m.org.If you have any press enquiries, or would like to set up a briefing with a oneM2M representative, please contact Michelle Mahoney on firstname.lastname@example.orgSource: RealWire
Corsham, Wiltshire - 31 July 2015 - BT has selected Ark Data Centres Limited as a new UK data centre supplier and is adding Ark’s sites in the south of England to its BT Compute portfolio to meet the growing demand for sustainable and compliant cloud-based services. Under the multi-year contract, BT will use Ark’s state-of-the-art data centres to develop new managed cloud services for organisations where enhanced security is paramount; such as central and local government, defence and security, police and health.Following a detailed and full analysis of the UK data centre market, BT chose Ark Data Centres’ campuses for their high security, outstanding efficiency and low total cost of ownership, and for Ark’s extensive industry and public sector experience. Thanks to unique cooling technology, Ark’s data centres are the most environmentally efficient in the UK. They save Ark’s customers on average around £1.1 million per megawatt and 6,000 tonnes of taxable carbon annually compared with an average data centre facility.“We were, quite simply, looking for the best data centre site in the UK and Ark stood out with its unique data centre design,” said Neil Lock, Vice President, BT Compute, BT Global Services. “Ark’s commitment to delivering secure and sustainable services with the lowest possible environmental impact complements our efforts to help our cloud customers reduce their carbon emissions too. Ark also impressed us with their ability to work as a partner in delivering current and future innovative cloud and hosting products to our customers.”Ark’s flexible data centre design uses highly energy efficient modular data centre systems, allowing BT to deploy new services quickly, and expand the data centres at the rapid rate their business growth demands. The IT ready solution allows new racks to be added as needed, with a go-live of just 48 hours - saving weeks compared to standard data centre deployments.As well as providing best-in-class data centre facilities, Ark also adheres to strict facilities management and operations practices to maintain the highest service levels. In May, Ark Data Centres received Uptime Institute’s Management & Operations (M&O) Stamp of Approval for operational excellence for both its sites.“We are delighted to support BT as its new data centre partners. We not only provide world leading data centres, we also pride ourselves in running and managing all our data centres to the highest standards,” said Huw Owen, CEO, Ark. “Our customers know they can rely on maximum data centre performance and uptime, as well as the highest security levels and the highest efficiency in the industry. We are looking forward to delivering those benefits to BT and its customers.”About Ark Data CentresArk Data Centres designs, constructs and operates the UK's most efficient data centres. It has pioneered the use of free air-cooling, a unique monitoring system, real time dynamic cooling and load matching technology that gives its clients the lowest TCO along with the greatest operational flexibility. Dedicated to innovation, Ark’s modular, state-of-the-art sites in Hampshire and Wiltshire will be the largest in Europe and were the first to contractually guarantee power usage efficiency (PUE) for clients. An independent company that prides itself on being easy to do business with, Ark Data Centres boasts the lowest total cost of ownership in the world and has saved both millions of pounds and millions of tonnes of carbon for organisations in the defence, telecommunications, government and financial services sectors. Capable of operating at the highest levels of security, Ark’s incremental approach to building out its data centre campuses means it is constantly innovating, building to the latest operational requirements of its clients and minimising the operational legacy. Through an optimised logistics support chain it has and will continue to deliver operational data centres in just 3-4 months.www.arkdatacentres.co.uk, Tel: 0845 389 3355, Twitter.com/arkdatacentres Press contacts:Natalie Sutton/Silja InghamProud PR07768 026197 / ark[at]proudpr.comSource: RealWire
A Bugcrowd report that examines 30 months of bug bounty submissions across 166 programs finds crowdsourced bug discovery is gaining adoption across the industry. Casey Ellis started Bugcrowd in 2012 with the idea that crowdsourced bug discovery is a better way to improve security. It's an idea that is working, according to Bugcrowd's inaugural State of Bug Bounty Report issued July 30, which looks at bug bounties from January 2013 to June 2015. Ellis is both surprised and pleased at how the Bugcrowd model for crowdsourcing bug reporting is working out and gaining adoption across the industry. Bugcrowd runs bug bounty programs on behalf of vendors, providing a mature back-end infrastructure and community of researchers to help improve security. "When I first started the company, I spent most of my time explaining to people what a bug bounty was all about," Ellis told eWEEK. "Now I do that a whole lot less." Big technology vendors understand the need for bug bounties, but the challenge remains for those outside of the big vendors who are worried about inviting hackers to find bugs, according to Ellis. Over the 30-month period covered in the State of Bug Bounty Report, Bugcrowd received 37,227 submissions from security researchers across 166 bug bounty programs that it operates. Of those, only 7,958 submissions actually included valid vulnerabilities. Drilling down a level deeper, of the valid submissions, 729 were deemed high-priority and 175 were identified by security professionals as being critical flaws. Ellis runs Bugcrowd as a business and not a charity or an altruistic effort—researchers are paid for their valid bug reports. For the 30-month period that the report covered, Bugcrowd's clients paid out a total of $724,014.02 to 566 different researchers. Researchers who participate in Bugcrowd's program had an average of $1,279.18 paid to them annually. That said, there are some outliers in the data, as the top single reward paid by Bugcrowd over the last 30 months was a $10,000 bounty, paid to a researcher for a cross-site request forgery (CSRF) flaw found in an e-commerce platform. Bugcrowd runs multiple types of programs, including public bug bounties where anyone can submit reports and invitation-only programs. Jonathan Cran, vice president of operations at Bugcrowd, said that what surprised him was the success of invitation-only bounty programs. There was a higher percentage of valid submissions on invitation-only bounties versus public programs, he said. "It stands to reason since there are highly qualified researchers in the invite-only program," Cran told eWEEK. "In the public bounty programs, 18 percent of submissions were valid, while 36 percent of submissions were valid in the invitation-only bounty programs." Looking across both public and invitation-only bounty programs, the most common vulnerability found over the 30-month report period was cross-site scripting (XSS) flaws, which represented 17.8 percent of submissions. CSRF flaws came in second, representing 8.6 percent of submissions. Moving forward, both Ellis and Cran expect that even more bugs and rewards will be paid out to Bugcrowd's community of researchers. "We've been really good at this point to make sure that researchers get paid for things that are valuable and that our customers aren't paying for things that they shouldn't be paying for," Ellis said. "Over time, the general consensus and understanding of what a vulnerability is worth will grow." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
By infecting a computer and a phone, researchers were able to transmit data between the two systems without any sort of network connection. Disconnecting a computer from all networks is no longer a foolproof w...
Adding to its security arsenal, Facebook launched Security Checkup, which provides account login status, login alerts and password safety features. Facebook, continuing its efforts to help keep users safe and secure on the social networking site, is launching its Security Checkup tool today. The new tool includes account login status, login alerts and password safety features. Login status is an important part of account security at Facebook. Users can log in to the site from multiple locations and devices, but they can also forget that they are logged in. The Security Checkup tool shows users where they are logged in so that they can see devices they have forgotten about—or potentially notice a login that is unauthorized. Unlike some online services, Facebook does not currently have a default timeout feature that will log a user out of the site after a period of inactivity. Facebook credentials can also be used to gain access to third-party sites and applications, but this component is not part of the Security Checkup tool. "This [login] section of Security Checkup only includes Facebook apps," Melissa Luu-Van, product manager at Facebook, told eWEEK. "Login permissions for third-party apps that use OAuth can still be managed in App Settings and/or reviewed in Facebook's Privacy Checkup." Facebook Privacy Checkup is a separate tool that was launched in September 2014 as a way to help users with the configuration of privacy settings. The new Security Checkup tool has an additional login capability, called login alerts. With login alerts, Facebook users can choose to be notified if an account login is attempted from a browser or device that has not been used to log in to the specific Facebook user account before. The third element of the security checkup tool concerns password protection. "It includes tips and the option to change your password if you want," Luu-Van explained. Facebook also supports two-factor authentication with a feature it calls Login Approvals, which has been part of the platform since 2011. With Login Approvals, users receive a text message with a unique code that needs to be entered into the Facebook login screen in order to get access. Luu-Van noted that the Security Checkup tool does not currently include an integrated option to enable two-factor authentication. "People can still turn that on in Security Settings," Luu-Van said. Another capability in Facebook's platform that the Security Checkup tool is not currently addressing is malware scanning on user systems. Facebook has multiple partnerships with security vendors, including ESET, F-Secure and Trend Micro, for malware scanning. "Based on feedback from people who used Privacy Checkup and those who participated in the Security Checkup test, we know an easy, lightweight experience is critical for engaging with people who aren't already security-minded," Luu-Van said. "So the controls in this iteration of Security Checkup were chosen because they require minimal effort from people and still have high impact for enhancing security. "We encourage people to share their feedback for what we can improve or add to future iterations," Luu-Van added. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
The company’s data-centric platform protects sensitive data residing on or traveling to and from mobile devices within and outside of the firewall. IONU announced the launch of its data-centric Security Platform, which is designed to protect data at all times while allowing it to flow freely and securely anywhere, without the need for plug-ins, proxies, gateways or changes in user behavior. The company’s data isolation platform creates a separate and secure zone where data is insulated from the outside world. A suite of secure applications allow users to communicate, share and store protected data, and the platform secures any third-party cloud applications such as Dropbox, Box, Google Drive and Microsoft OneDrive. "With the explosion of BYOD devices and the large amounts of data being shared across different partner and supply chain networks, it became obvious that perimeter based security solutions were no longer adequate," Clay Johnson, CEO of IONU, told eWEEK. "In order to provide the combination of security and ease-of-use necessary for broad-based deployment we knew that a new security platform had to be developed from the ground up. We also saw that threat-based solutions were far too reactive." Johnson said what was needed was a proactive approach to persistent security that didn’t determine where data can go but protected it no matter where it went. The company’s data-centric platform protects sensitive data residing on or traveling to and from mobile devices within and outside of the firewall. With IONU’s key management technology, no single entity carries sufficient information to access encrypted data. A combination of proprietary technologies ensures only registered and authenticated users can securely access and edit files across the entire business ecosystem. For example, superior authentication technologies such as hashing and salting, combined with user- and device-specific controls, safeguard against authentication attacks such as "brute force" and "man in the middle.” "In the future it will become more and more essential that security travels with data versus being tied to a platform or store in which data resides," Johnson explained. "We’re just beginning to see the onslaught of viruses targeting mobile devices – once these become more prevalent, the threat landscape will increase dramatically and become more difficult to secure and protect. This makes it more essential that persistent security measures to travel with files are put in place versus measures that tried to prevent or detect existing threats." According to a report released earlier this year by analyst and accounting firm PricewaterhouseCoopers (PwC), the number of reported information security incidents around the world rose 48 percent to 42.8 million in 2014--the equivalent of 117,339 attacks per day. Detected security incidents have increased 66 percent year-over-year since 2009, the survey found.
FireEye claims Russian hackers are using Twitter to steal data in almost 'undetectable' attacks
Enterprises making security improvements, but without integrated threat defenses, the hackers are still two jumps ahead. While the enterprise and personal data security vendor communities are making significant headway in toughening up their products against relentless attacks from shadowy bad actors around the globe, those bad guys are also evolving into more sophistication. Cisco Systems came out with its biannual security whitepaper report July 28, and the key message from it is this: Enterprise can make a jump ahead, but the hackers are still two jumps ahead -- and getting nastier in their fraudulent behavior. "At a high level, we're seeing big changes in attack behavior," Craig Williams, Security Outreach Manager at Cisco Systems and one of the authors of the report, told eWEEK. "Our adversaries are becoming more agile and are adapting faster to the security industry than ever before. We're seeing this with exploit kits, ransomeware and others. The reason for this, we think, is that it's so much easier to monetize malware these days. "In years previous, bad guys would sell the accounts, a couple at a time, and now that we have things like crypto-currencies, such as Bitcoin, it's significantly easier for adversaries to monetize directly from their victims." Hackers Getting More Money Per Victim Bad actors also are generally getting more money per victim, Williams said. "At a minimum, ransomware is now a couple hundred dollars (to pay the ransom and get the data back). Instead of a couple hundred dollars per 1,000 users, it's a couple hundred per user," Williams said. The main problem with enterprise and personal data security now is that users have a plethora of security products that don't interact well and that leave holes open for hackers to walk through. "The users are left with what we call this 'sprawl of security,' meaning devices that don't communicate well and don't share intelligence," Williams said. "These allow the bad guys blind spots to hide in. Does anybody have a IPS (intrusion prevention system) or anti-malware solution that can talk to their firewall? Until we have an integrated threat defense, those problems are going to allow adversaries easier access to networks." Current Troubling Trends Some of the top troubling trends in the Cisco mid-year update include: --Expanding use of ransomware, which is making a successful business out of holding data hostage until targeted users pay up. --Highly-effective exploit kits such as Angler, using vulnerabilities in Flash to compromise systems. An exploit kit is an off-the-shelf software package containing easy-to-use packaged attacks on known and unknown (zero-day) vulnerabilities. These toolkits exploit client-side vulnerabilities, typically targeting the web browser and applications that can be accessed by the web browser. Angler continues to lead the exploit kit market in terms of overall sophistication and effectiveness. --Increasing creativity by malware authors, who are even going so far as to include text excerpts from classic literature like Jane Austen's novel "Sense and Sensibility" in their code efforts to throw off antivirus detection software. Antivirus and other security solutions are more likely to categorize these pages as legitimate after “reading” such text. --Exploits of Adobe Flash vulnerabilities are increasing. They are regularly integrated into widely used exploit kits such as Angler and Nuclear. Mozilla.org, for one example, has disallowed its popular browser, Firefox, from downloading new versions of Flash for these security reasons. --Operators of crimeware, like ransomware, are hiring and funding professional development teams to help them make sure their tactics remain profitable. --Criminals are turning to the anonymous web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection. --Adversaries are once again using Microsoft Office macros to deliver malware. It's an old tactic that fell out of favor, but it's being taken up again as malicious actors seek new ways to thwart security protections. --Malware authors are increasing their use of techniques such as sandbox detection to conceal their presence on networks. --Spam volume is increasing in the United States, China, and the Russian Federation, but remained relatively stable in other regions in the first five months of 2015. --The security industry is paying more attention to mitigating vulnerabilities in open-source solutions. --Continuing a trend covered in the Cisco 2015 Annual Security Report, exploits involving Java have been on the decline in the first half of 2015.
One report alleges that United Airlines was recently breached by hackers who are also tied to the U.S. Office of Personnel Management and Anthem breaches. The risk of any breach is that personally identifiable information ends up in the wrong hands, which could lead to identity theft or other crimes. In the case of the recent U.S. Office of Personnel Management (OPM) and Anthem health insurance breaches, there could well be another risk, that of a nation-state attempting to spy on or gain some advantage over the United. A Bloomberg report published today alleges that United Airlines was recently breached by a group of hackers that are also tied to the OPM and Anthem breaches. United Airlines has not publicly confirmed or denied the report at this time. The OPM breach affects 25.7 million Americans, while the Anthem breach exposed 80 million Americans' information. China has been implicated as the alleged attacker in both incidents. United Airlines has been in the news multiple times in recent months concerning potential security incidents. In early July, United attributed a two-hour failure the airline experienced to a network connectivity issue. United Airlines was also the target of a security researcher that publicly tweeted about in-flight security in April; he claimed he could control the aircraft. There is no indication at this time that either incident is in any way related to the breach alleged by the Bloomberg report. The report does allege that China-linked hackers are somehow involved as part of a larger effort to collect information on Americans employed by the U.S. government. Multiple U.S. government agencies have publicly reported breaches in recent months. Last week, the U.S. Census Bureau reported that it was the victim of a breach, though no confidential information was stolen. The U.S. Post Office admitted that it was breached in November 2014. In October 2014, the White House email system was hacked, though the latest reports in that incident have alleged that Russia, and not China, was behind the incident. The fact that United might have been attacked by the same group of hackers that hit OPM and Anthem is not surprising to Paul Kurtz, CEO of TruSTAR Technologies and a former White House cyber-security advisor. "We know that adversaries typically use a common command-and-control infrastructure to attack multiple companies across many sectors of the economy," Kurtz told eWEEK. "Given what we've seen, it's not too shocking to learn about other breaches involving the same adversaries." What's also not surprising to Kurtz is the apparent lack of information sharing, which Kurtz said is deja vu all over again regarding the U.S. government's failure to effectively share information—except this time, it includes cyber-infrastructure, not physical attacks against infrastructure or people. "In the case of 9/11, U.S. government agencies were not sharing critical data, which left us exposed to the plot by Al Qaeda against the U.S," Kurtz said. "In this case, we have an adversary who is plotting attacks against multiple infrastructures, and we're not sharing data regarding these incidents." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.