Black Swans throughout cyber space. Caveat Emptor
The big question: Who’s behind them?
Not to long ago, computer hacking was mainly the handiwork of individuals with overactive imaginations and good programming skills, and they often broke into computers for sport. More recently, people with more sinister motives – including organized criminal gangs – have made an industry out of stealing credit-card information and personal identities for quick cash.
Skip to next paragraph
But lurking in the cybershadows is a far more insidious and sophisticated form of computer espionage that, until the recent exposure by search-engine titan Google, was little publicized and often went undetected. Such attackers represent the elite – a dark army of cyberspies targeting the heart of corporations around the world where trade secrets, proprietary data, and cutting-edge technologies lie locked away in digital fortresses.
Some of these attacks are believed to be carried out by foreign governments or their surrogates. “Any country that wants to support and develop an indigenous industry may very well use cyberespionage to help do that,” says Greg Garcia, assistant secretary for cybersecurity at the Department of Homeland Security under the Bush administration.
While most major nations, including the United States, are conducting Internet espionage, experts say two traditional US adversaries, China and Russia, are among the most aggressive and adept at carrying out such attacks. Both countries are known to have large communities of hackers and a deep base of computer security expertise.
“China, more so than Russia, has a large number of hacker clubs watched closely by the government,” says O. Sami Saydjari, a former Department of Defense employee who runs Cyber Defense Agency, a Wisconsin-based security firm. “These talent pools are all potential recruits for China’s professional cyberwarfare units. We strongly suspect they encourage their hacker groups to go out and attack foreign entities and get practice.”
Spying on other countries’ defense agencies and diplomatic corps undoubtedly remains a focus of Internet espionage. But cyberspies are increasingly targeting strategically important businesses, both because of the information to be gleaned and because their defenses are often easier to penetrate.
Google has said it found evidence of at least 20 companies in an array of US industries that had been infiltrated by attacks from China. Was the Chinese government involved? China adamantly says “no.” Whether it was or not, the Google breach reveals how pervasive the new espionage war is becoming and how sophisticated the tools are with which it is being waged.
But before Google there was Marathon.
On Nov. 13, 2008, a senior executive at Marathon Oil in Houston looked at a strange e-mail on her screen. It appeared to be a response to a message she had sent a corporate colleague overseas. The only problem was, according to a source familiar with the incident who asked for anonymity, she hadn’t sent the original e-mail.
Yet there, on her screen, was a “reply” to what looked like her request for a comment on the “Emergency Economic Stabilization Act” – the federal bailout of US banks. And the original e-mail contained something else: an embedded Internet link. Recognizing the danger, the executive alertly sent out an internal warning that the e-mail was fake and may contain a computer virus.