Nation-State Espionage in ‘The Flight Attendant’

If you are familiar with “The Flight Attendant,” you know it is a quirky murder mystery shown on HBOMax. Yet, hidden within the murder mystery is a subplot of espionage and intrigue reminiscent of any number of today’s real-life espionage cases involving corporations and nation-states. Teaching moments abound, and it’s worthy of approbation; the series has something for every corporate insider threat team to use in their awareness training.

Let’s set the stage.

Megan Briscoe is a colleague of the main protagonist Cassie Bowden (the flight attendant) who is suspected of murder – the primary plot. We learn, mid-second episode, that Megan is on a “make money” spree, looking for any angle to increase her bankroll, which she squirrels away in figurines in her home.

I don’t want to spoil the entire sub-plot, so I’ll be a bit obtuse in the narrative.

How she acquires money isn’t immediately revealed. But what we do know is that she has a side gig, which she knows is illegal. We also learn that it pays well – very well. As the murder investigation proceeds, Megan, knowing she’s up to her chin in skullduggery, is particularly keen to determine whether the FBI investigation into the murder has bled over to her moonlighting.

The Espionage

We learn of Megan’s clandestine activities when she meets with an individual with whom she admits to engaging in “corporate espionage.”

Keep an eye out for the hints indicating the potential for false flags and nation-state involvement. In addition, watch for the character to get cold feet and the manipulation by the hostile intelligence officer in assuaging those fears, while keeping the source on target to steal secrets.

Megan is tasked with stealing corporate secrets from a company to which she has indirect access. Using social engineering techniques on her spouse, she gains the desired access and successfully steals his firm’s blueprints for a new technology – facial recognition.

You should be asking yourself, at this point in the series, does my company have a policy regarding employees’ family members using corporate devices?

Next, we see Megan hand over the goods (the stolen secrets) in exchange for cash. The exchange isn’t all too subtle, and uses the most basic level of clandestine tradecraft. Her reward for delivering secrets purloined from her husband’s laptop?  A bag of cash.

Predictably, said laptop suffers from severe degradation, and the husband suggests Megan no longer use it to purchase goods from eBay. Instead of asking for forgiveness, we once again see Megan engage in a bit of social engineering to deflect and reorient the blame for the laptop becoming  “ridiculously slow and probably [infected with] a virus.”

Corporate InfoSec Does Forensics

So, the laptop’s not working as expected; malware has found its way on board, and the company is looking at her husband with suspicion. This is where we learn that Megan has been party to a false flag operation being run by a nation-state. The nation-state is conducting a cyberespionage operation targeting the company, because the company’s technology is used by the U.S. government.

We won’t spoil the fun by sharing what happens next. Let’s just say there are more wrinkles, and the foundation is laid for a spy-versus-spy plot line involving rival nation-state intelligence organizations.

Takeaway From ‘The Flight Attendant’

Insider threat teams, no doubt, will view the series and think of their bring-your-own-device (BYOD) and corporate asset access protocols. It’s also worth considering the need to improve education and training to bolster employees against tangential approaches to family members or  any others with whom they live. In this era of COVID-19 and remote work environments, corporate secrets are being accessed from locales – and on devices – which may not have the same level of protection found in corporate campuses. Organizations should consider how this risk can be mitigated.

The series has been renewed for a second season. Let’s collectively look forward to the writers weaving in more teaching moments regarding social engineering, infosec and data protection.

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 186 posts and counting.See all posts by burgesschristopher

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)