World's Most Dangerous Hackers Want to Steal How You Make Money

Black hat hackers that penetrate your organization and steal sensitive information like customers' credit card data are a serious threat. But nation-state-sponsored hackers after the intellectual property that makes your business competitive could be an even larger threat.

By
Tue, April 24, 2012

CIO — It's been a little more than three weeks since the revelation of the Global Payments data breach that led to the exposure of about 1.5 million credit card numbers. However, while that high-profile attack generated lots of media attention, some of the most dangerous hackers in the world aren't after your money; they want to steal the way your business makes money.

"What we're actually getting now is that people try to steal intellectual property rights [IPR]," says Sarah Loyd, a director at consulting firm Navigant with deep experience in attack and penetration testing, IT forensics, technical security architecture and information warfare. "The real threat is people trying to steal anything that's got IPR in it. They want to steal how you as a corporation make money."

"They don't want to steal accounting money," she adds. "They want to steal formulas for new drugs. Anything they can use commercially. Organized crime is interested in stealing individuals' credit card details. Nation-states are interested in stealing the things that allow them to progress economically."

Attacks Coming from Chinese and North Korean Internet Space

While data breaches like the one suffered by Global Payments can be costly, breaches that involve intellectual property can potentially destroy a company. They are widely believed to be sponsored by nation-states like China and North Korea. However, Loyd notes that while security experts are certain such attacks come out of China's and North Korea's Internet space, it is difficult to prove the attacks are originating there. And with international politics in the mix, western governments either cant or wont stop it, she says.

"The attacks out of China and North Korea have been going on for 10 or 15 years," Loyd says. "We've seen a total failure of response from western governments. They're playing extremely nice as to how they're responding. Much of the boldness of a lot of the attacks has come out of the lack of response. We've got a joined world electronically, but we've got laws that are 30 years behind the electronic reality, so it's very difficult for governments to respond."

One Chinese company that often winds up in the center of conversations about these issues is networking giant Huawei Technologies, which has long been a lightning rod for controversy. Founded by Communist Party member Ren Zhengfei in 1988—and still run by him—Huawei Technologies was accused by Cisco Systems in 2003 of allegedly stealing source code for its routers and switches. The resulting lawsuit was withdrawn by Cisco in 2004, but some security experts still wonder whether Cisco's technology played a role in Huawei's rise to dominance in networking.

Continue Reading

Our Commenting Policies