business newsChinese Cyber Warfare: Has the US Found a Smoking Gun?
By
Justin Rohrlich
Nov 08, 2012 11:00 am
Like most such issues, it all depends upon whom you ask.
PRINT
No Rules of Engagement
A report out last year from cyber security firm Symantec (NASDAQ:SYMC) revealed that 29 chemical companies and “another 19 in various other sectors, primarily the defense sector” were the victims of a two-and-a-half-month cyber espionage campaign.
According to Technical Director for Security Response Eric Chien and Security Response Manager Gavin O’Gorman, the attacks were traced to a US-based computer network, owned and controlled by a “20-something male located in the Hebei region in China.”
From Chien and O’Gorman [PDF]:
While Symantec did not identify the companies targeted, Reuters contacted a DuPont (NYSE:DD) spokesman, who said simply, "We don't comment on cyber security issues." However, Dow Chemical (NYSE:DOW) confirmed to the BBC that “it had been the target of ‘unusual emails’ received during the summer."
Employees at the targeted companies typically received bogus emails warning of security issues in Adobe (NASDAQ:ADBE) Reader, along with an attached file containing a “fix.” After clicking on one of the two attachments, control of the user’s computer would then be turned over to the intruders through the use of a virus known as “Poison Ivy.”
"This is unfortunately becoming a new normal behavior,” Greg Day, Symantec's chief technology officer, told the BBC.
This “new normal” has, by one estimate, 50,000 individual cyber espionage attacks occurring every 24 hours. The solution, if there is one, may lie in shifting the approach companies take in fighting it, Kolthoff explained to me after the Symantec report was released.
“Organizations have invested a lot of capital in proactive measures,” he said. “But I believe the key is in being reactive.”
“When I was working for the government, I never got to the office and said, ‘Hmm, I wonder if foreign intelligence agencies are collecting against us,” Kolthoff told me. “Of course they were. So, my thinking was always, ‘I hope we get a report in today that will help us identify who is behind this.’”
“Most companies -- and countries -- are too willing to turn a blind eye to this and just not acknowledge it; it’s too politically fraught,” Kolthoff continued. “But civilian entities are finally waking up to the fact that businesses don’t play nice. Whether that’s an insider that didn’t receive the promotion or bonus they wanted, or a competitor overseas, there are no rules of engagement.”
A Delicate Balance
When national security, online privacy, and China come together, the possibility of an outsized response is a very real one. For Collin Anderson, the context in which this matters revolves around one thing: freedom of expression.
“These same security mechanisms and policies can interfere with anonymous communications and be used for malicious purposes -- a valid fear, a common fear," Anderson says. "But the Commission is talking about infrastructure and economic interests, and when you start framing the conversation like that, it often runs contrary to freedom of expression issues, which butts up against people like me.”
The final version of the US-China Economic and Security Review Commission's 2012 Report to Congress will be released on Wednesday, November 14.
Follow Justin Rohrlich on Twitter: @chickenalaking
A report out last year from cyber security firm Symantec (NASDAQ:SYMC) revealed that 29 chemical companies and “another 19 in various other sectors, primarily the defense sector” were the victims of a two-and-a-half-month cyber espionage campaign.
According to Technical Director for Security Response Eric Chien and Security Response Manager Gavin O’Gorman, the attacks were traced to a US-based computer network, owned and controlled by a “20-something male located in the Hebei region in China.”
From Chien and O’Gorman [PDF]:
The goal of the attackers appears to be to collect intellectual property such as design documents, formulas, and manufacturing processes. In addition, the same attackers appear to have a lengthy operation history including attacks on other industries and organizations. Attacks on the chemical industry are merely their latest attack wave.
The attackers have changed their targets over time. From late April to early May, the attackers focused on human rights related NGOs. They then moved on to the motor industry in late May. From June until mid-July no activity was detected. At this point, the current attack campaign against the chemical industry began. This particular attack has lasted much longer than previous attacks, spanning two and a half months.
While Symantec did not identify the companies targeted, Reuters contacted a DuPont (NYSE:DD) spokesman, who said simply, "We don't comment on cyber security issues." However, Dow Chemical (NYSE:DOW) confirmed to the BBC that “it had been the target of ‘unusual emails’ received during the summer."
Employees at the targeted companies typically received bogus emails warning of security issues in Adobe (NASDAQ:ADBE) Reader, along with an attached file containing a “fix.” After clicking on one of the two attachments, control of the user’s computer would then be turned over to the intruders through the use of a virus known as “Poison Ivy.”
"This is unfortunately becoming a new normal behavior,” Greg Day, Symantec's chief technology officer, told the BBC.
This “new normal” has, by one estimate, 50,000 individual cyber espionage attacks occurring every 24 hours. The solution, if there is one, may lie in shifting the approach companies take in fighting it, Kolthoff explained to me after the Symantec report was released.
“Organizations have invested a lot of capital in proactive measures,” he said. “But I believe the key is in being reactive.”
“When I was working for the government, I never got to the office and said, ‘Hmm, I wonder if foreign intelligence agencies are collecting against us,” Kolthoff told me. “Of course they were. So, my thinking was always, ‘I hope we get a report in today that will help us identify who is behind this.’”
“Most companies -- and countries -- are too willing to turn a blind eye to this and just not acknowledge it; it’s too politically fraught,” Kolthoff continued. “But civilian entities are finally waking up to the fact that businesses don’t play nice. Whether that’s an insider that didn’t receive the promotion or bonus they wanted, or a competitor overseas, there are no rules of engagement.”
A Delicate Balance
When national security, online privacy, and China come together, the possibility of an outsized response is a very real one. For Collin Anderson, the context in which this matters revolves around one thing: freedom of expression.
“These same security mechanisms and policies can interfere with anonymous communications and be used for malicious purposes -- a valid fear, a common fear," Anderson says. "But the Commission is talking about infrastructure and economic interests, and when you start framing the conversation like that, it often runs contrary to freedom of expression issues, which butts up against people like me.”
The final version of the US-China Economic and Security Review Commission's 2012 Report to Congress will be released on Wednesday, November 14.
Follow Justin Rohrlich on Twitter: @chickenalaking
No positions in stocks mentioned.
The information on this website solely reflects the analysis of or opinion about the performance of securities and financial markets by the writers whose articles appear on the site. The views expressed by the writers are not necessarily the views of Minyanville Media, Inc. or members of its management. Nothing contained on the website is intended to constitute a recommendation or advice addressed to an individual investor or category of investors to purchase, sell or hold any security, or to take any action with respect to the prospective movement of the securities markets or to solicit the purchase or sale of any security. Any investment decisions must be made by the reader either individually or in consultation with his or her investment professional. Minyanville writers and staff may trade or hold positions in securities that are discussed in articles appearing on the website. Writers of articles are required to disclose whether they have a position in any stock or fund discussed in an article, but are not permitted to disclose the size or direction of the position. Nothing on this website is intended to solicit business of any kind for a writer's business or fund. Minyanville management and staff as well as contributing writers will not respond to emails or other communications requesting investment advice.
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.
Daily Recap
Everything you need to know for the next trading day.
Trading Radar (weekly)
Your road map to all the events that will effect financial markets in the week ahead.
Name
Email
*
Phone
* required field
