In one of the most widespread cyber-attacks ever discovered, computer-security company McAfee reports that ongoing intrusions into computers run by governments, businesses and other organizations has meant big losses of military secrets, industrial designs and other records.

McAfee vice-president Dmitri Alperovich said the pattern of the attacks “strongly suggested backing by a national government, since there would be no obvious economic benefit for crime groups,” from many of the intrusions, according to an article in The Financial Times. “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact,” Alperovich wrote in a just-released report.

The FT article notes that a pattern of attacks over some five years affected 72 organizations, mostly in the U.S., including “six U.S. government agencies and 13 defense contractors.” Among the pilfered data was classified military secrets and information from the U.N., the International Olympic Committee, the Olympic committees of several countries and also some U.S.-based news organizations.

Over the years, many U.S. government intelligence authorities have said that China is likely behind a great deal of the cyber-espionage conducted against U.S. organizations.

And in the recent Knowledge at Wharton article, Can Anyone Create a Hacker-proof Cyberspace?, Wharton legal studies and business ethics professor Andrea Matwyshyn said that large-scale hacking against Google and other Silicon Valley companies in 2009 were widely believed to have been the handiwork of the Chinese government.

China has always denied accusations about hacking and there has never been any direct proof of its involvement. At the same time, it is extremely difficult to get hard evidence against attackers.

The FT also reported that “People briefed on McAfee’s research said the most logical suspect was China, which was not among the Asian countries that were home to any of the victim institutions. Two South Korean companies and a government agency, as well as companies in Taiwan and Vietnam, were compromised.”

Whether China is guilty or not, a lot of evidence points to involvement by a government. Wade Baker, director of risk intelligence at Verizon, notes in the Knowledge at Wharton article that over the past year or two, security officials have been detecting government-sponsored attacks. Baker says that criminals looking for financial gain find new targets whenever they are at risk of being caught. But “nation states are different. They have the resources of nations behind them and a lot of time on their hands.” Another straw in the wind: Computer analysts have said that an unnamed government was behind a June attack on the International Monetary Fund designed to steal secret economic data that could be used to destabilize currencies or trade.

Given the huge threat involved, it might come as a surprise to some that the security industry has the tools to combat many of today’s hacking threats, yet faulty management structures seem to be holding them back, according to Baker. “The bad guys aren’t successful because organizations don’t have the technology,” he argues. “It’s really about using, deploying and configuring the basic things we’ve been doing for years.” Security analysts should devote more time to following up on their efforts in order to get a better sense of what actually works, he adds. “We don’t have real science and study and testing to make sure the things we are recommending are really effective.”

Meanwhile, the Obama administration unveiled a legislative proposal in May to address cyber security after more than 50 separate cyber-related bills were introduced in the last Congress.

Given the latest revelations about a cyber-espionage onslaught of huge proportions, it’s likely just a matter of time before Hollywood creates a new blockbuster movie on the topic. But if the movie stays true to life, don’t expect a quick, happy Hollywood ending to this thorny problem.

Additional reading:

Clear and Present Danger: Cyberattacks, Hackers and the Increasing Threat to Information Security

Information Security: Why Cybercriminals Are Smiling

Leaving ‘Friendprints’: How Online Social Networks Are Redefining Privacy and Personal Security

Comments

New This Week

Several credit cards are fanned out with the text "This Week in Business" and a city skyline icon overlaid at the bottom.
Podcast

How Credit Scores Shape Homeowners Insurance Costs Nationwide

April 10, 202612 min listen
Finance & Accounting

Wharton real estate professor explains how credit scores significantly influence homeowners insurance pricing and financial burden.

Headshot of a person set against a blue background with graphic elements. Text reads: "Walmart," "Donna Morris," and "WHERE AI WORKS in collaboration with Accenture."
Podcast

People-Led, Tech-Powered: Walmart’s AI Job Shift

April 9, 202626 min listen
AI

Wharton’s Matthew Bidwell speaks with Donna Morris, the chief people officer at Walmart, about what it means to introduce AI across one of the largest workforces on the planet.

The image features a graphic with a red speech bubble containing a bar chart and a magnifying glass. In the background, there is a faint blue dollar sign. The text reads "Wharton University of Pennsylvania" at the top and "Marketing Matters"
Podcast

Google’s Vice President of AI and Marketing Strategy, Joshua Spanier

April 9, 202633 min listen
Marketing

Google marketing executive explains how AI is reshaping customer value, creativity, and marketing strategy.