While most of the IT world was fretting over the break-in at Epsilon that probably netted some organized crime group a few million pre-confirmed email addresses, U.S. IT espionage specialists were finishing up a report showing the Epsilon hack is small potatoes compared to China.
U.S. investigators told Reuters that attackers working for the Chinese government have stolen terabytes of sensitive data ranging from usernames and passwords for State Department computers to the designs of major weapons systems.
Secret State Dept. cables held by WikiLeaks and given to Reuters by someone else, traced a series of attacks back to the Chinese government - one trace even identifying the specific unit of the Chinese military that launched it.
Code-named "Byzantine Hades," the breaches represent attacks that have been going on since at least 2006 and are accelerating.
The months-long attack on Google in late 2009 and early 2010, which compromised the emails of Chinese dissidents and accessed Google source code, also came from China, according to Joel Brenner, former counterintelligence chief for the Office of the Director of National Intelligence.
Thousands of U.S. companies were part of the same series of attacks - code-named "Aurora" - though only 34 were publicly identified, Brenner told Reuters.
Companies ranging from IT developers to defense companies to Formula One teams also complain of attacks that go after proprietary information.
Brenner called the Aurora attacks "heavy handed use of state espionage" to steal information of military political or industrial value.
A March 28 study from McAfee and government consulting company DAIC called corporate intellectual property "the latest cybercrime currency."
"Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer, endpoint security at McAfee in the report.
The change in target means corporate security has to change, too according to Scott Aken, vice president for cyber operations at SAIC.
Rather than assuming a good perimeter means tight security, end-user companies have to assume attackers will get through the first layer of defense, he said. Real protection means having security that can slow down or wall out attackers who already look like legitimate users.
"Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely - just as an insider would," Aken said in the report. "Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks based on human behavior."
The most common method of attack is spear-phishing - directing phony email requests at people with legitimate access to get entry credentials for a specific network.
