Does this sound like a Michael Crichton novel? We can only hope. Several news agencies are reporting on a study released by Mandiant, an American computer security firm, that has traced huge volumes of hacking activity to a building in a rundown neighborhood of Shanghai believed to be under the control of a Chinese military unit identified as the “Comment Crew” or “Shanghai Group.”
What are they after? In addition to orchestrating attacks against high level US and Canadian government interests, they are increasingly targeting the intellectual property of companies involved in critical infrastructure such as the electrical power grid, gas lines, and waterworks. Other industries targeted include information technology, aerospace, military contractors, satellite and telecommunications, financial services, and even legal services. The group is reportedly draining terabytes of data from these sources.
The study details the efforts of the Comment Crew in hacking Coca-Cola during its acquisition of a large Chinese company, presumably in an effort to uncover negotiation strategies and other information critical to the deal. The attack was traced to a “spearphising” email sent to a Coca-Cola executive. The email appears to be from a friend and includes a link that initiated the download of malicious code. The executive clicked on the link.
The group is also believed responsible for a similar attack on RSA, the computer security company owned by EMC, a large technology company. It is best known for its SecurID token, carried by employees at United States intelligence agencies, military contractors, and many major companies.
Scary stuff indeed! Cyberwarfare, or government sponsored cyberattacks, are not new and there have been many high profile incidents in the news. According to former US national security advisor Richard Clark, Israel used cyberwarefare to make their planes invisible to the Syrian air command system during a 2007 bombing raid carried out against a nuclear facility under construction in Syria. The US and Israel are believed to be responsible for the attack on an Iranian uranium enrichment facility that supposedly destroyed several pieces of key equipment using a highly sophisticated computer virus. The Chinese are also believed to have gained access to key elements of the F-35 advanced fighter jet when they hacked into the computer systems of BAE Systems, a British defense contractor.
In an attempt to head off more of these types of attacks the Obama administration last week issued a cybersecurity executive order designed to promote security through a joint government and industry self monitoring program. The order puts into place key elements of the cybersecurity legislation that was defeated last term by a Republican filibuster and was opposed by key groups like the US Chamber of Commerce for fears that it would place undue regulatory burdens on business.
Government sponsored cyberattacks on business is somewhat of a new phenomena and seriously escalates the risks of business to business dealings. I suspect we only know the tip of the iceberg when it comes to hacking, and the protection of key business intellectual assets should be at forefront of all business dealings. It would appear that you cannot really be too cautious these days.