Magazine article National Defense

Defense Department Partners with Industry to Stem Staggering Cybertheft Losses

Magazine article National Defense

Defense Department Partners with Industry to Stem Staggering Cybertheft Losses

Article excerpt

* The amount of intellectual property hackers are stealing from U.S. companies and sending to China is said to be staggering. The private sector's crown jewels arc being moved off nominally secure networks and transmitted to the Asian nation every day: usually from 9 to 5--Beijing time.

Defense contractors, large and small, are prime targets. Despite owning proprietary designs for equipment and software that are vital to the U.S. military, the Defense Department has no authority to force vendors to tighten up their network security, or report losses.

One small Defense Department program is seeking to help contractors by asking them to voluntarily report network intrusions.

About 36 companies and federally funded research and development centers are participating in the Defense Industrial Base Cybersecurity and Info Assurance Program, which collects and analyzes data on attacks on individual companies, then pushes reports out to the other participants.

Steven D. Shirley, executive director of the Department of Defense Cyber Crime Center in Linthicum, Md., said he is looking to expand the program to any defense contractor willing to participate.

"For companies, the intellectual property that is at the heart of their success as a business resides not in file cabinets today, it resides in their networks," Shirley told National Defense.

Cyberspies are looking for trade secrets: "The stuff that makes Acme company Acme company and enables it to compete in the marketplace," Shirley added.

Army Gen. Keith Alexander, commander of U.S. Cyber Command, said the ex-filtration of data from U.S. companies continues on a massive scale. It is the "greatest raid on intellectual property" in history, he said at the Maneuvering in Cyberspace conference in Linthicum, Md. One company he did not name had lost $ 1 billion in technology it had taken more than 20 years to develop, he said.

Lockheed Martin and Booz Allen Hamilton announced that they were infiltrated this year, but the only reason they could do so is "because they are good." They have the ability to detect intrusions. The bad companies, of which there are hundreds of times more than those two examples, have no idea that they have been compromised, Alexander said.


Two reports released recently illustrate how far-reaching hackers have become.

Computer security firm McAfee examined the logs of an infected server to determine who the victims were, and how long the intrusions lasted before the operation was detected. It found 30 different industries on the list. Many were indeed military contractors and information technology companies, but the list revealed a U.S. real estate firm that had its data laid bare for eight months, a U.S. agricultural trade organization for three months, a U.S. natural gas wholesaler for seven months, a German accounting firm for 20 months and a U.S. insurance association for three months. "The primary lesson is ... that small, large--whatever your industry is--you're being targeted if you have something valuable, and it is something someone else in another country may be interested in," Dmitri Alperovitch, vice president of threat research at McAfee, said in an interview.

Symantec, another computer security firm, released a report, "The Nitro Attacks: Stealing Secrets from the Chemical Industry," which detailed targeted intrusions against U.S. firms. Among the victims were companies that develop advance materials primarily for military vehicles.

The investigators, Eric Chien and Gavin O'Gorman, traced the intrusions to a Chinese hacker and managed to contact him. "Covert Grove," as they called him, used a readily available Trojan horse called Poisonlvy, and composed two kinds of emails: one was an invitation appearing to be from a real business associate that asked the victim in an email to link to confirm a proposed meeting. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.