Cyber espionage: the stakes are raised

According to security watchers, we have entered a new era of cyber attacks – one in which businesses are caught in the crosshairs.

Those perpetrating the attacks go to extraordinary lengths to stalk their prey, before attempting to make off with the corporate crown jewels.
This is industrial espionage, 21st century-style.

Security vendor McAfee has been at the vanguard of those warning of this new danger. In early February, it revealed the details of a series of cyber attacks, starting in 2009, aimed squarely at oil, energy and petrochemical global giants.

The attacks, nicknamed Night Dragon, had highly specific targets: the proprietary operations and project-financing information on oil and gas field bids and operations. Such information is the key to multi-billion-dollar deals in the industry; it is, unsurprisingly, tightly guarded.

But the attackers were willing to play the long game when carrying out their assault. They tricked company employees into visiting corrupted web sites, which installed malware on their computers. This was then used to wheedle out log-in credentials for more systems, eventually reaching into highly restricted areas, where corporate secrets were then siphoned off.

“Well-coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise,” said McAfee’s chief technology officer, George Kurtz.

Where once cyber crooks were content with random attacks, they are now highly
focused, targeted at specific entities. “These targets have now moved beyond the defence industrial base, government and military computers to include global corporate and commercial targets,” said Kurtz.

Night Dragon, along with the notorious Stuxnet worm, which was designed to attack industrial systems not usually connected to the internet, are the prototypes for a new breed of attacks targeting the enterprise, said John Pescatore, a research fellow at analyst firm Gartner.

“There are many, many more that don’t get named and press attention,” he warned.

“For example, during the Christmas 2010 online shopping season, there was a huge increase in extortion attempts against online electronic retailers via targeted denial-of-service attacks.”

The curtain of corporate secrecy prevents much of this detail leaking out into the public arena. But one recent breach adds weight to the notion that corporate secrets are actively being targeted.

The case in point was that of HBGary, after it tangled with hacktivist group Anonymous, resulting in its systems being attacked and compromised. The group then dumped thousands of company emails online. That trove of emails provides an eye-opening insight into the threats faced by big companies.

Dozens of the emails detail the firm’s seemingly fruitless attempt in early 2010 to sell its digital forensic tool Digital DNA to global manufacturing titan DuPont. So far, so routine: after all, every large enterprise has security vendors lining up to sell them their products.

But the leaked HBGary emails also detailed why the vendor’s sales team thought they might win some business. An email dated 15 January 2010 from Bill Fletcher, the co-founder of data protection vendor Verdasys, to Phil Wallisch, a security consultant with HBGary, describes a meeting the two vendors had with Eric Meyers, a data protection specialist at DuPont, where the potential infection with malware of DuPont’s computers had been discussed.

Fletcher told Wallisch that Meyers, along with DuPont chief information officer Larry Brock, were convinced the company had been targeted. “The attacks are real, not imagined,” he said.

In a follow-up email dated 17 January 2010, Fletcher wrote: “Right now Eric is [looking at] the 220 machines that have been to China.”

A later email, again from Verdasys’s Fletcher to HBGary’s Wallisch, describes the nature of the suspected threat – as well as highlighting the fact that the sales pitch was not progressing smoothly. “It appears the webex with DuPont did not fully achieve its objectives… demo Digital DNA in action with Aurora,” Fletcher told Willisch.

No one from either DuPont or Verdasys responded to requests for comment at the time of writing.

The malware Aurora gained notoriety after search giant Google published details of attacks on its staff, which led to Chinese dissidents having their Gmail accounts broken into.

However, as the HBGary emails confirm, they were not the only target, even if other victims of the attack kept a lower profile.

“Other high-tech firms were hit by Aurora,” said Gartner’s Pescatore. “There have also been many other very sophisticated targeted attacks looking to steal intellectual property from high-tech firms that have not seen press coverage.”

Such attacks are often financed by organised crime in China, the US, Russia and Latin America – but it speaks to a long-established feature of the business landscape: industrial espionage. And “targeted malware is a rapidly growing tool for it”, said Pescatore.