Sorry!! The article you are trying to read is not available now.
Thank you very much;
you're only a step away from
downloading your reports.

Chinese Cyber Spying Hits Chemical and Defense Firms


"Until there is pain," says one former US counterintelligence agent, "corporate espionage will continue."

A new report from cyber security firm Symantec (SYMC) reveals that 29 chemical companies and "another 19 in various other sectors, primarily the defense sector" were the victims of a two-and-a-half-month cyber espionage campaign.

According to Technical Director for Security Response Eric Chien and Security Response Manager Gavin O'Gorman, the attacks were traced to a US-based computer network, owned and controlled by a "20-something male located in the Hebei region in China."

Chien and O'Gorman write [PDF]:

The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes. In addition, the same attackers appear to have a lengthy operation history including attacks on other industries and organizations. At-tacks on the chemical industry are merely their latest attack wave.

The attackers have changed their targets over time. From late April to early May, the attackers focused on human rights related NGOs. They then moved on to the motor industry in late May. From June until mid-July no activity was detected. At this point, the current attack campaign against the chemical industry began. This particular attack has lasted much longer than previous attacks, spanning two and a half months.

Companies affected include:
• Multiple Fortune 100 companies involved in research and development of chemical compounds and advanced materials.
• Companies that develop advanced materials primarily for military vehicles.
• Companies involved in developing manufacturing infrastructure for the chemical and advanced materials industry.

While Symantec did not identify the companies targeted, Reuters contacted a DuPont (DD) spokesman, who said simply, "We don't comment on cyber security issues." However, Dow Chemical (DOW) has confirmed to the BBC that "it had been the target of 'unusual emails' received during the summer."

Employees at the targeted companies typically received bogus emails warning of security issues in Adobe (ADBE) Reader, along with an attached file containing a "fix." After clicking on one of the two attachments, control of the user's computer would then be turned over to the intruders through the use of a virus known as "Poison Ivy."

"This is unfortunately becoming a new normal behavior," Greg Day, Symantec's chief technology officer, told the BBC.

This "new normal" has, by one estimate, 50,000 individual cyber espionage attacks occurring every 24 hours.

Former US counterintelligence agent Jarrett Kolthoff, now president and CEO of strategic security firm SpearTip, concurs.

"Cyber espionage occurs on a daily basis," Kolthoff tells me. "And there is no way to stop it."

Kolthoff also cautions against dismissing the Poison Ivy attacks as the work of an Anonymous-style band of hackers with an axe to grind.

"We've worked similar cases, where the nature of the attacks revolved around workday hours," he says. "So, there were particular signatures that indicated that this was more of a job, these are employed hackers. A lot of these collection efforts are not rogue individuals sitting in their basement, trying to prove a point."

The solution may lie in shifting the approach companies take in fighting it, Kolthoff explains.

"Organizations have invested a lot of capital in proactive measures," he says. "But I believe the key is in being reactive."

Network intrusions will happen as surely as the sun rises. This is why, rather than being on the offensive, Kolthoff advises his clients to, somewhat counter intuitively, focus on defense.

"When I was working for the government, I never got to the office and said, 'Hmm, I wonder if foreign intelligence agencies are collecting against us," Kolthoff says. "Of course they were. So, my thinking was always, 'I hope we get a report in today that will help us identify who is behind this.'"

Those behind corporate espionage campaigns aren't always on the other side of a computer network. In fact, Kolthoff says the use of HUMINT, or human intelligence, is "even more prevalent than using programs like Poison Ivy."

"It's easier to penetrate an organization via HUMINT than it is hacking in using a computer," says Kolthoff. "People think the Cold War days of spies sneaking around are over, but it is still very much a problem and cannot be downplayed."

Developing technology by stealing secrets is, obviously, far easier than developing it oneself. And the Poison Ivy case is just the latest in a string of corporate espionage attacks, with Dow at the center of two notable ones.

Last month, former Dow employee Kexue Huang, a Chinese national with permanent resident status in the US, pleaded guilty to the theft of trade secrets allegedly worth up to $100 million.

In February, former Dow research scientist Wen Chyu Liu was convicted of selling trade secrets regarding proprietary elastomer technology to a Chinese rival.

Other companies that have been on the receiving end of recent instances of trade secret theft include Motorola (MMI), General Motors (GM), and Ford (F). In each case, charges were filed against former engineers who, as noted last year by the New York Times, "had business ties to China."

"Most companies -- and countries -- are too willing to turn a blind eye to this and just not acknowledge it; it's too politically fraught," Jarrett Kolthoff says. "But civilian entities are finally waking up to the fact that businesses don't play nice. Whether that's an insider that didn't receive the promotion or bonus they wanted, or a competitor overseas, there are no rules of engagement."

Kolthoff stresses that intellectual property theft will cause companies to "fail economically and cease to exist unless they take this problem head on."

"Until there is pain," he concludes, "corporate espionage will continue."

Editor's Note: Additional reporting by Matthew Dimmling.

< Previous
  • 1
Next >
No positions in stocks mentioned.
The information on this website solely reflects the analysis of or opinion about the performance of securities and financial markets by the writers whose articles appear on the site. The views expressed by the writers are not necessarily the views of Minyanville Media, Inc. or members of its management. Nothing contained on the website is intended to constitute a recommendation or advice addressed to an individual investor or category of investors to purchase, sell or hold any security, or to take any action with respect to the prospective movement of the securities markets or to solicit the purchase or sale of any security. Any investment decisions must be made by the reader either individually or in consultation with his or her investment professional. Minyanville writers and staff may trade or hold positions in securities that are discussed in articles appearing on the website. Writers of articles are required to disclose whether they have a position in any stock or fund discussed in an article, but are not permitted to disclose the size or direction of the position. Nothing on this website is intended to solicit business of any kind for a writer's business or fund. Minyanville management and staff as well as contributing writers will not respond to emails or other communications requesting investment advice.

Copyright 2011 Minyanville Media, Inc. All Rights Reserved.
Featured Videos