Twitter Facebook Google RSS
 
Homeland Security News 

Cyber-Espionage Against U.S. Firms More Widespread than Previously Thought 

2,011 

By Stew Magnuson 

That foreign adversaries are using computer network vulnerabilities to steal military data from the U.S. government and its contractors is well known and hardly surprising.

Nations for centuries have long sought to steal such secrets from one another and spy-craft has simply moved into cyberspace.

However, the unveiling of a massive cyber-espionage network in August goes well beyond the unwritten rules that informally govern nations when it comes to the theft of technical data or insights into the minds of leaders and their intentions, said Dmitri Alperovitch, vice president of threat research at network security firm, McAfee.

Alperovitch analyzed one command-and-control server that had been used to spread malware for five years before McAfee exposed it.  

“Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” he wrote in a blog.

Examining the logs to determine who the victims were, and how long the intrusion lasted before it was detected, Alperovitch found 30 different industries on the list.

Many were, indeed military contractors and information technology companies, but the list revealed a U.S. real estate firm that had its data laid bare for 8 months, a U.S. agricultural trade organization for three months, a U.S. natural gas wholesaler for seven months, a German accounting firm for 20 months and a U.S. insurance association for three months.

A U.S. news organization’s Hong Kong bureau was infiltrated for a whopping 21 months and a U.S. satellite company for 25 months. Other entities that had been penetrated included think tanks, nonprofits involved in democracy building programs overseas, U.S., Canadian and Indian local governments, several U.S. and South Korean construction companies and Olympic committees.

Such organizations rarely tell the public when they have been hacked, which is why the analysis of the server is so telling, he said.

“The primary lesson is … that small, large — whatever your industry is — you’re being targeted if you have something valuable, and it is something someone else in another country may be interested in,” Alperovitch told National Defense.

Cyberspies will continue to attack a target relentlessly if they want to penetrate a business or organization, he said. “We’re in this dilemma where we have to be right 100 percent of the time to defend against it; they only have to be right one percent of the time to get in.”

The successful organizations are those that are adept at identifying breaches once they occur and are able to shut them down before data is exfiltrated, he said.

There is no department in the government currently overseeing the private sector’s security. The military is responsible for its own networks, and has little leverage over its contractors, he said. The Department of Homeland Security is responsible for protecting all .gov domains.

How widespread is the problem? This report included just one server, he said. McAfee knows of hundreds of other servers used by this hacker, but it does not have access to the logs that would help it identify the victims.

“If you extrapolate the activity from this one server, to hundreds — perhaps even thousands — you can get an appreciation for the true magnitude and scale of the activity,” he said.

Submit Your Reader's Comment Below
*Name
 
*eMail
 
The content of this field is kept private and will not be shown publicly.
*Comments
 
 
Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.
*Characters
  
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 
 
  Bookmark and Share