Friday, January 29, 2010

Hacking dissidents just a red herring

Much has focused on hacking of Gmail accounts of Chinese dissidents, but the breaches go far beyond this which have serious repercussions for foreign firms. In its original statement Google said several companies had also been targeted. And as further revelations are revealed it seems clear someone was after more than information belonging to a few political dissidents. According to industry sources at least 34 companies, including Adobe, Symantec, Yahoo and Dow Chemical, were attacked, the Daily News reports.

The Guardian also reports that three oil companies, ExxonMobil, Marathon and ConocoPhillips, have also been targeted by hackers trying to glean information. The origins of the oil company hackers are not known, but the newspaper said that at least some of the information was sent to computers in China.

George Kurtz, McAfee's Chief Technology Officer, has described the situation brought about by Google's announcement as "a watershed moment in cyber security". International cyber espionage has now become the concern of mainstream business. Investigations have revealed that as many as 30 Fortune 500 companies have suffered cyber attacks reported as coming from China in recent days. While it is hard to prove a link to the Chinese government, it is hard to believe that a large-scale and very sophisticated campaign could be launched without official blessing from within a country that is still heavily monitored. The targets of the attacks would also be consistent with Chinese government interests.

The attacks appear to have been made possible partly from previously undiscovered vulnerabilities in Internet Explorer. This caused the German government, followed by the French government, to suggest their citizens to change to an alternative browser. While Google may may have been happy to see the blame put squarely on Microsoft, one has to remember that it was Google's system that was hacked and that security breaches occurred in that system. 

Google's Chief Legal Officer, David Drummond, said that the hackers had accessed the 'traffic data' of the hacked accounts (sender, recipient, title, etc.) rather than the body of the messages. This appears to indicate hackers used the intercept mechanisms put in place by Google to facilitate 'legal intercept' requests from western governments, including the US government. This also raises a strong possibility that the breach became possible through inside help. IT security professionals have long warned of the danger of the 'internal threat' from employees. McAfee's investigations have revealed that this attack started when the hackers attacked friends of key Google employees, and transferred malware through social networking connections between the friends and the employees into Google's infrastructure. Google had previously said that it was investigating some of its Chinese employees, and has linked any decision to withdraw from China partly to the outcome of this process.

Cyber-attacks on governments and defence contractors have been happening for years, in increasing volume. Now businesses in all regions have to defend against industrial espionage. Apart from improving cyber defences, fundamental strategies need to be re-examined relating to IT sourcing. Security needs to be considered in outsourcing decisions, particularly if the allegations are true when outsourcing to China. Similarly, security should be considered in IT software and hardware sourcing decisions. Decisions must not be made solely on the basis of cost [business world].

The hacking attempts has resulted business groups relaying their concerns to Secretary of State Hillary Clinton and other top U.S. officials. Many say they are "increasingly alarmed" by China's moves to keep out foreign high-tech companies and have urged a firm response by the United States. "For several years, the Chinese government has been implementing indigenous innovation policies aimed at carving out markets for national champions and increasing the locally owned and developed intellectual property of innovative products," business groups said, according to Washington-based newsletter, The Nelson Report. "We are increasingly alarmed by the means China is using to achieve these goals," the groups said. They urged the Obama administration to make the issue a top priority and work with the US business community and like-minded foreign governments to develop a "strong, fully coordinated response to the Chinese government." [Reuters]

China for its part has effectively denied involvement in any hacking attempts and said it is just as much a victim of such attacks itself. But there is a growing lack of trust. With memories of Rio Tinto executive Hu Stern and two colleagues arrested on what many see as trumped up charges of bribery and industrial espionage, some are beginning to see China as being an uneven playing field when it comes to doing business. In the blogosphere and twittersphere at least, there are an increasing number of comments which indicate a growing sense of unease about doing business with China. As a comment on one blog suggests, industrial espionage is key to China's goal of building its economy: "My husband's company does business with China, and from what he understands, China only allows a company to trade with them until they figure out how to rip off whatever it is you're selling so that they can produce a cheaper version. At that point, they're done with your product. It looks like they're trying to rip off Google's program."

tvnewswatch, Beijing, China

No comments: