Data espionage: a new age of spying
The recent revelations about cyber espionage – such as the spear phishing attack on Japanese defense contractor Mitsubishi Heavy Industries and the uncovering of Operation Shady RAT – show that spying isn't what it used to be.
Secret rendezvous, dead letter boxes, microdots and encrypted codes were all part of the spy's repertoire. Passwords still remain but they are not so jealously guarded, which is why the modern spy does not need to loiter under lampposts in dank alleyways. Armed with a PC and an internet connection, the modern spy functions remotely, with much less threat of being caught.
When Cold War spies were exposed, they would be deported or sent to a gulag, in an attempt to shame their country of origin.
When cyber spies’ hacking activity does come to light, finding the perpetrator is next to impossible. Even when the originating IP addresses for attacks are found in a particular country, the country still enjoys plausible deniability. Who could prove an IP address from which an attack was launched was not itself compromised by another party, in another country?
And yet, even as the possibility of attribution decreases, the amount of data being stolen is skyrocketing.
Stealing nuclear secrets
During the Cold War, most of the information being stolen by spies was state-level data designed to provide more intelligence about large threats to national security, such as nuclear weapons programs. Markus Hess, the German national who was employed by the KGB to hack US systems in the mid-1980s, was caught while hacking Lawrence Berkeley National Laboratory to find information about the Strategic Defense Initiative (SDI), which was a key part of the US nuclear program.
These days, the information being sought is far more commercial. Billions of dollars of sensitive corporate information are being leaked from corporate systems. We have seen various attacks, including Operation Aurora in 2009, in which tens of companies in the tech industry were targeted by an organized hacker. More recently, Night Dragon specifically targeted oil and gas companies. Attackers stole sensitive information about contract negotiations, and the victims of the attack lost crucial contracts.
Analysts such as Dmitri Alperovitch, vice president of threat research at McAfee, argue that this intellectual property consists not just of research and development material, but also of entire go-to-market asset portfolios, including product development strategies, customer lists, and manufacturing information.
With this level of intellectual property being leaked from corporate networks in the developed world, it is up to companies to protect themselves against orchestrated attacks designed to deliberately get at their crown jewels. A defense in depth strategy, combining internal systems protection along with external firewalls, and incorporating employee education, is crucial if companies of a certain stature are to avoid being compromised by external players.
Are you ready to withstand the onslaught of organized hackers harvesting corporate secrets for private and public sector organizations in other locales?
October 25, 2011