In one of the most widespread cyber-attacks ever discovered, computer-security company McAfee reports that ongoing intrusions into computers run by governments, businesses and other organizations has meant big losses of military secrets, industrial designs and other records.
McAfee vice-president Dmitri Alperovich said the pattern of the attacks “strongly suggested backing by a national government, since there would be no obvious economic benefit for crime groups,” from many of the intrusions, according to an article in The Financial Times. “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact,” Alperovich wrote in a just-released report.
The FT article notes that a pattern of attacks over some five years affected 72 organizations, mostly in the U.S., including “six U.S. government agencies and 13 defense contractors.” Among the pilfered data was classified military secrets and information from the U.N., the International Olympic Committee, the Olympic committees of several countries and also some U.S.-based news organizations.
Over the years, many U.S. government intelligence authorities have said that China is likely behind a great deal of the cyber-espionage conducted against U.S. organizations.
And in the recent Knowledge at Wharton article, Can Anyone Create a Hacker-proof Cyberspace?, Wharton legal studies and business ethics professor Andrea Matwyshyn said that large-scale hacking against Google and other Silicon Valley companies in 2009 were widely believed to have been the handiwork of the Chinese government.
China has always denied accusations about hacking and there has never been any direct proof of its involvement. At the same time, it is extremely difficult to get hard evidence against attackers.
The FT also reported that “People briefed on McAfee’s research said the most logical suspect was China, which was not among the Asian countries that were home to any of the victim institutions. Two South Korean companies and a government agency, as well as companies in Taiwan and Vietnam, were compromised.”
Whether China is guilty or not, a lot of evidence points to involvement by a government. Wade Baker, director of risk intelligence at Verizon, notes in the Knowledge at Wharton article that over the past year or two, security officials have been detecting government-sponsored attacks. Baker says that criminals looking for financial gain find new targets whenever they are at risk of being caught. But “nation states are different. They have the resources of nations behind them and a lot of time on their hands.” Another straw in the wind: Computer analysts have said that an unnamed government was behind a June attack on the International Monetary Fund designed to steal secret economic data that could be used to destabilize currencies or trade.
Given the huge threat involved, it might come as a surprise to some that the security industry has the tools to combat many of today’s hacking threats, yet faulty management structures seem to be holding them back, according to Baker. “The bad guys aren’t successful because organizations don’t have the technology,” he argues. “It’s really about using, deploying and configuring the basic things we’ve been doing for years.” Security analysts should devote more time to following up on their efforts in order to get a better sense of what actually works, he adds. “We don’t have real science and study and testing to make sure the things we are recommending are really effective.”
Meanwhile, the Obama administration unveiled a legislative proposal in May to address cyber security after more than 50 separate cyber-related bills were introduced in the last Congress.
Given the latest revelations about a cyber-espionage onslaught of huge proportions, it’s likely just a matter of time before Hollywood creates a new blockbuster movie on the topic. But if the movie stays true to life, don’t expect a quick, happy Hollywood ending to this thorny problem.