Chinese Cyber Spying Hits Chemical and Defense Firms
"Until there is pain," says one former US counterintelligence agent, "corporate espionage will continue."
According to Technical Director for Security Response Eric Chien and Security Response Manager Gavin O'Gorman, the attacks were traced to a US-based computer network, owned and controlled by a "20-something male located in the Hebei region in China."
Chien and O'Gorman write [PDF]:
The attackers have changed their targets over time. From late April to early May, the attackers focused on human rights related NGOs. They then moved on to the motor industry in late May. From June until mid-July no activity was detected. At this point, the current attack campaign against the chemical industry began. This particular attack has lasted much longer than previous attacks, spanning two and a half months.
Companies affected include:
While Symantec did not identify the companies targeted, Reuters contacted a DuPont (DD) spokesman, who said simply, "We don't comment on cyber security issues." However, Dow Chemical (DOW) has confirmed to the BBC that "it had been the target of 'unusual emails' received during the summer."
Employees at the targeted companies typically received bogus emails warning of security issues in Adobe (ADBE) Reader, along with an attached file containing a "fix." After clicking on one of the two attachments, control of the user's computer would then be turned over to the intruders through the use of a virus known as "Poison Ivy."
"This is unfortunately becoming a new normal behavior," Greg Day, Symantec's chief technology officer, told the BBC.
This "new normal" has, by one estimate, 50,000 individual cyber espionage attacks occurring every 24 hours.
Former US counterintelligence agent Jarrett Kolthoff, now president and CEO of strategic security firm SpearTip, concurs.
"Cyber espionage occurs on a daily basis," Kolthoff tells me. "And there is no way to stop it."
Kolthoff also cautions against dismissing the Poison Ivy attacks as the work of an Anonymous-style band of hackers with an axe to grind.
"We've worked similar cases, where the nature of the attacks revolved around workday hours," he says. "So, there were particular signatures that indicated that this was more of a job, these are employed hackers. A lot of these collection efforts are not rogue individuals sitting in their basement, trying to prove a point."
The solution may lie in shifting the approach companies take in fighting it, Kolthoff explains.
"Organizations have invested a lot of capital in proactive measures," he says. "But I believe the key is in being reactive."
Network intrusions will happen as surely as the sun rises. This is why, rather than being on the offensive, Kolthoff advises his clients to, somewhat counter intuitively, focus on defense.
"When I was working for the government, I never got to the office and said, 'Hmm, I wonder if foreign intelligence agencies are collecting against us," Kolthoff says. "Of course they were. So, my thinking was always, 'I hope we get a report in today that will help us identify who is behind this.'"
Those behind corporate espionage campaigns aren't always on the other side of a computer network. In fact, Kolthoff says the use of HUMINT, or human intelligence, is "even more prevalent than using programs like Poison Ivy."
"It's easier to penetrate an organization via HUMINT than it is hacking in using a computer," says Kolthoff. "People think the Cold War days of spies sneaking around are over, but it is still very much a problem and cannot be downplayed."
Developing technology by stealing secrets is, obviously, far easier than developing it oneself. And the Poison Ivy case is just the latest in a string of corporate espionage attacks, with Dow at the center of two notable ones.
Last month, former Dow employee Kexue Huang, a Chinese national with permanent resident status in the US, pleaded guilty to the theft of trade secrets allegedly worth up to $100 million.
In February, former Dow research scientist Wen Chyu Liu was convicted of selling trade secrets regarding proprietary elastomer technology to a Chinese rival.
Other companies that have been on the receiving end of recent instances of trade secret theft include Motorola (MMI), General Motors (GM), and Ford (F). In each case, charges were filed against former engineers who, as noted last year by the New York Times, "had business ties to China."
"Most companies -- and countries -- are too willing to turn a blind eye to this and just not acknowledge it; it's too politically fraught," Jarrett Kolthoff says. "But civilian entities are finally waking up to the fact that businesses don't play nice. Whether that's an insider that didn't receive the promotion or bonus they wanted, or a competitor overseas, there are no rules of engagement."
Kolthoff stresses that intellectual property theft will cause companies to "fail economically and cease to exist unless they take this problem head on."
"Until there is pain," he concludes, "corporate espionage will continue."
Editor's Note: Additional reporting by Matthew Dimmling.
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.