By Ondrej Krehel
The days of spies in fedoras and trench coats are long gone. The more recent history of governments' planting moles in other governments also is fading. Espionage in the 21st century is anonymous, digital and running rampant.
The world is divided into superpowers and would-be superpowers. In the 1970s and 1980s, manufacturing ruled the day. Now these supereconomies and the global market have an appetite for invention and profit. Intellectual property has never been more at risk.
This year alone, hackers have attacked the International Monetary Fund and a number of U.S. government agencies, including the Pentagon, the CIA, the FBI, and NASA. When Lockheed Martin announced that it was hit, the company wouldn’t say what information was stolen, but the possibilities are mind-boggling. As one of the nation’s largest defense contractors, its computer system holds information on current and future military weapons systems.
The Lockheed attack was made possible through the March breach of RSA, makers of the ubiquitous SecurID key fob. These electronic keys identify employees and regularly update credentials, providing, until now, powerful network security. Attacking RSA was like targeting the locksmith. Own the guy who makes the keys and you own all the locks in town. Lockheed was simply the first lock to get picked.
The hottest liquid-gold commodity, oil, has been targeted multiple times. Classified data related to oil exploration, financial bids, and other confidential matters have been exploited by elite hackers and sold on international markets several times in the last few years. Even the biggest players, Exxon, Shell, and BP, have been breached through Chinese servers.
Governments themselves are at risk. Before the RSA breach this year, Australia and New Zealand made the news. Both government email systems were breached: Although they didn't blame China outright, both governments insinuated that it was the source of the breach. Intelligence experts in the West have said the Red Dragon previously targeted the U.S., Canada, Germany and Japan.
The pace and frequency of these attacks is only quickening. And there are no international regulations that require breached governments or companies to disclose the loss, so assessing the scale of this new kind of espionage is problematic at best, impossible at worst. Even law firms that hold and patent intellectual property are often targets.
Still, we know enough through media sources to say that a hidden war is being waged across fiber-optic lines. Corporate assets are at stake. Intellectual property is the new commerce for our developing digital economies. Never before has information security been so vital to protecting corporate and government secrets.
Ondrej Krehel, Chief Information Security Officer, CyberScout
© CyberScout, LLC. All Rights Reserved.
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.