Cyber Espionage – Of Course China is Behind This and We Need to Respond

Cyberattacks are leading the headlines today as China has naturally denied the accusations that these attacks came from them.  This is hardly a surprise as these attacks are persistent and the getting right now is just so good for them.  The outrage emerged with a confluence of events that transpired this week.  First there were the incredible details made public by Mandiant on the investigation of China’s Cyberwarfare operations.   We then got hit with the hack stories of U.S. bluechip technology giants, Facebook, Apple, and Twitter – and of course this has gotten massive attention.  Today the Obama administration is delivering a plan designed to protect business secrets of American companies.  The plan includes increasing diplomatic pressure and studying whether new tougher laws can help stem the tide of cyberespionage and cyberattacks on both the military and corporations.

The Stunning Cost of Cyber Espionage – Coca-Cola: $2.4 Billion

While these latest attacks were reportedly caught before any damage was done, the high profile of the incidents are undeniable.  According to research done by the Ponemon Institute, the cost per year to organizations of a cybercrime incident is close to 9 million dollars.   That’s peanuts compared to the story that emerged late last year where Coca-Cola was hacked prior to an attempted $2.4 billion dollar takeover of China Huiyuan Juice Group.   That deal fell apart three days after the breach when sensitive files about the company’s negotiation strategy were compromised.  At stake was the largest takeover of a Chinese company by an foreign company – the Chinese company walked away from the deal.  The attack was an email spearphishing effort, successful in targeting one of the few executives that had access to the sensitive files.  The attack went unnoticed for weeks, grabbing information and files at will back to Shanghai.

Truthers Unite

Yet, there are rumblings that somehow we can’t really prove any of this comes from China, according to some.  I say it’s pretty clear, but just maybe somebody’s just setting them up, they’ve been framed.  Maybe it was somebody from a James Bond movie a supervillain that plans to extort companies or the whole country.  Sure, I suppose we should allow for the ‘patriotic hacker’ possibility that was posed by Graham Cluley on the Sophos Naked Security blog site: 

As we’ve discussed before, attribution is the key problem in these stories. How can you prove that country X was behind an internet attack, rather than – say – a patriotic hacker working from his back bedroom, or a hijacked PC controlled by a hacker in a different country?

I guess we’ll never know.  My retort – how much proof do we really need to take this seriously? To be frank, the notion that serially detected rogue servers are running on a network that is as tightly controlled and monitored as China’s oppressive government runs is so completely improbable that I won’t even spend the time thinking of an analogy, so I’ll just use the one that goes – ‘A snowball’s chance in Hell’.
(Update: BI’s Adam Taylor seems to also be a China apologist:

Sorry, But That ‘Chinese’ Hacking Report Proves Nothing

Nice headline and even better researching, no not really.)

Anyone looking for proof that this is going on every day, go to the dark web, and while you’re at it check out a piece I wrote about back on Monday describes this 99% of the internet most people never even see.  In the research for that story, One World Labs described the incredible troves of sensitive corporate and technical data that are exchanged all over the world, and yes, a good concentration comes from China.  Take some time, if you have the know-how and poke around on Pastebin or a foreign irc channel and see what kind of information you can find in twenty minute’s time.  It’s a serious problem and part of the issue is as I have stated, many companies feel safe that they have done their homework and their security is good, yet we see time and time again that it takes weeks and even months for the truth to come out that they’ve been p0wned.  For Coca-Cola that was a $2.4 Billion dollar mistake.

Does finding the definitive, undeniable trail back to China absolve us from securing ourselves?  Does it matter if all China is going to do is deny it?

Companies are surely asking what they can do about this.  Well, to start there’s a bunch of new rapidly evolving best security practices, which thankfully have started to make great strides in closing down these vectors that go way beyond the perimeter as we knew it not so many months ago.  You could assume a proactive posture and seek out what information hackers are sharing about your company, as OWL’s Enterprise Counter Intelligence service provides.  There are new ways of controlling threats, analyzing logs, and applying security in industry-standard layer strategies that can help an organization prevent, discover and respond to incidents.  RSA’s new security analytics platform is one such product.  Some businesses have turned to cybersecurity insurance, an industry that is seeing tremendous growth in light of all these threat situations.  The cybersecurity insurance industry was estimated to be a $1 Billion dollar market last year and is absolutely exploding in light of all these threats and the costs associated with recovering from these breaches.

With the cost of cybercrime to U.S. consumers approaching $21 Billion dollars in 2012, that figure is projected to rise this year as these attacks get more sophisticated and bolder.  I welcome significant and effective government actions that can help curtail the attacks that we know about and that seem to be coming forward almost daily.  However, I also maintain that significant security investments must be made by the companies themselves because after all, we have known about these threats for years and nothing effective has been done about it thus far.  In this way, it’s a lot like the gun debate in that what good are a bunch of reprimands and investigations if your company’s prize intellectual possessions and reputation have been taken?

About John Casaretto

SiliconANGLE's CyberSecurity Editor - Have a story tip or feedback? Please reach out to me! Security is as critical as ever and our mission is to uncover those stories that will help our industry be more secure.