In his keynote address to the Computer and Enterprise Investigations Conference (CEIC) 2013, General Michael Hayden noted the news stories after Mandiant published its report finding the Chinese link to cyberattacks on American companies. To the rest of the world, this was breaking news, but to people like Hayden and those involved in both national security and cybersecurity, the announcement simply brought to the forefront what they had known for a long time.
Because my schedule had curtailed my chance to catch up on the news, I didn’t realize that while Hayden was speaking, the Chinese hackers were making headlines again. According to the New York Times, the hackers are back in action, this time using different techniques.
Not that I’m surprised. China is a serious threat to American business, more so than to American government. They want intellectual property, a number of people at CEIC 2013 pointed out to me. It is all about making money, and sad to say, the Chinese have been very good at stealing ideas and repurposing them into cheaper, in both price and quality, products. It is protection from these attacks that should be making cybersecurity a higher priority in enterprise. Unfortunately, that’s not the case, as Jeff Hudson, CEO of Venafi, told me in an email:
With cyber attacks that leverage certificates and cryptographic keys growing 600 percent year on year, it’s apparent that businesses and governments are woefully unprepared. Cybercriminals are proving every day that mismanaged encryption is providing a new threat vector that allows them to launch advanced attacks, breach networks and compromise corporate data. Recent research now shows that these trust-based attacks expose each and every enterprise to losses of up to $398m.
Hudson also stated that these state-sponsored cybercriminals are taking advantage of any and all exploits in order to steal intellectual property. They are searching for the weakest link in your security system and then they go on the attack.
There is an ironic twist to this story. Hacking into American enterprises costs a lot of money, both in costs relating directly to the attack as well as the loss from stolen intellectual property. But according to an article in the Washington Post, China’s “culture of hacking” is hurting the economy of that country as well. The article stated:
… less well-known are the freelance and industrial hackers operating within China, where they’re estimated to have caused $873 million in damage to Chinese economy in 2011 alone. There are criminal hackers, sure, but also corporate agents taking China’s often-cutthroat internal economic competition online.
There is a lot of money in play, no matter who is doing the hacking, apparently.