|Who is at risk?
Common targets for electronic espionage are:
• Intellectual property (IP) like inventions and new design concepts;
• Production techniques, processes and formulas, R&D;
• Customer and prospect databases kept by sales people;
• Data on pricing, prospective bids, sales, product or marketing plans/ideas.
Organizations most likely to be targeted include:
• Organizations in technology industries like IT, biotechnology, aerospace, automotive, telecoms, energy and transportation;
• Financial organizations and those who trade online with high transaction volumes;
• Government bodies in defense or intelligence activities, and
• Those that hold highly confidential data of commercial value or of value to other countries.
There are positive signs that government and industry are joining forces in the battle: late in 2010 at the launch of Cyber Storm III, a simulation to test public and private sector security, Australian Attorney General Robert McClelland said: ‘With the rapid escalation in the intensity and sophistication of data protection threats, it is imperative that government, business and the community are aware of the severity of cyber security risks, and commit to work together to protect what has become a vital component of our economy and society.
Why these attacks are smarter
Google described the attack on its operations in China as a ‘highly sophisticated and coordinated attack on its corporate network’. The attackers penetrated ‘secure’ networks by using newly-identified vulnerabilities: they avoided detection by making normal outbound connections via common network ports and services, then used these normal connections to remotely access critical infrastructure controls and sensitive information. This kind of stealth attack is often only detected long after the fact, if at all.
For example, Marathon Oil, Exxon Mobil, and ConocoPhillips were not aware that they’d become victims of Espionage in 2008, until the FBI alerted them in 2009 that proprietary information had been flowing out to computers overseas. The espionage was focused on valuable ‘bid data’ with details of oil discoveries worldwide. Events like these mostly go unreported because the victims of e-espionage want to avoid the negative publicity and maintain the confidence of shareholders and consumers.