Twitter Facebook Google RSS
Homeland Security News 

Cyberspies Can Destroy, Corrupt Data as Easily as They Snoop 


By Yasmin Tadjdeh 

If hackers can steal a company’s top-secret data, they can just as easily destroy a company’s network, experts said recently.

Instances of cyber-espionage have been well documented throughout the world — hackers sneaking behind network barriers have stolen huge amounts of intellectual property from the private and public sectors alike. However, these intruders also have the capability to permanently erase data, said Richard Bejtlich, chief security officer for Mandiant, a Washington, D.C.-based cybersecurity company.

“Whenever you hear someone say, ‘Don’t worry, it’s just espionage.’ [It’s important to realize that] espionage easily can escalate to destruction. It’s just the prerogative of the intruder,” Bejtlich said at the Center for National Policy, a Washington, D.C.-based think tank.

Once a hacker has breached a network, he has the ability to steal, spy or destroy data, he said.

“If we were to break into the network here and I just snooped around, I would have the same ability … to destroy everything that’s there.  So it’s just a question of intent at that point,” said Bejtlich.

Another issue Bejtlich highlighted was the corruption or manipulation of data, which he called a “middle ground” between espionage and destruction.

“In some ways, it’s the toughest one to identify because most companies don’t necessarily know what the data should be,” he said.

In February, Mandiant released a report that blamed Unit 61398 of China’s People’s Liberation Army for numerous cyber-intrusions. The unit, which is based in Shanghai, curtailed its activities after the report’s initial release, but it recently picked up where it left off, said Bejtlich.

Unit 61398 has stolen hundreds of terabytes of data from at least 141 organizations, the majority of which are based in English-speaking countries. It is possible that the unit employs hundreds of operators, the report said. In total, Mandiant is tracking 24 separate known hacking groups.

There is already evidence of cyber-attacks causing damage, said Emilian Papadopoulos, chief of staff at Good Harbor, a Washington, D.C.-based cybersecurity risk management company.

“I think we’re hitting on a trend that we’re starting to observe across the board, particularly from espionage or theft of information to disruption or damage,” said Papadopoulos. “We saw the Shamoon virus attack against Saudi Aramco, which wiped out data of 30,000 computer terminals. … Thankfully, that didn’t jump from the corporate network over to the actual … oil production and operation network.  If it had, that would have been potentially devastating.”

Shamoon was a 2012 cyber-attack on Saudi Aramco, the state-run Saudi Arabian oil company. It is widely believed Iran launched the attack.

Photo Credit: Thinkstock
Submit Your Reader's Comment Below
The content of this field is kept private and will not be shown publicly.
Please enter the text displayed in the image.
The picture contains 6 characters.
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

  Bookmark and Share