Associated Press: Cyberespionage Threatens Everyone

By Matthew Harwood

As the news spreads that Chinese and Russian cyberspies have dropped malicious software inside the networks that run the U.S. electric grid, the Associated Press has an article that reads like a threat assessment for cyberespionage.

Its conclusion: cyberespionage is "as nefarious as anything from the Cold War — and far more difficult to stop."

The Pentagon this week said it spent more than $100 million in the last six months in response to damage from cyber attacks and other computer network problems. And the White House is wrapping up a 60-day review of how the government can better use technology to protect everything from the nation's electrical grid and stock markets to tax data, airline flight systems and nuclear launch codes.

In 2008, there were 5,499 known breaches of U.S. government computers with malicious software, according to the Department of Homeland Security. That's up from 3,928 the previous year, and just 2,172 in 2006.

A disconcerting characteristic of these attacks is that they are largely blamed on "unknown foreign entities" because the cybertrail usually ends before the U.S. government can identify the attacker. Many attacks are traced to China and Russia but that does not necessarily mean there was state support behind any particular attack. The United States, however, also does not deny that is working on its cyberoffensive capabilities as well as its cyberdefenses. 

Chen Wenguang, assistant director of the computer science department at Beijing's Tsinghua University, called U.S. outrage over Chinese cyberespionage hypocritical.

"I believe that it is the Americans that steal the most secrets," he told the AP.

And while states, businesses, and individuals need to worry about information security, the AP shows the clear and present danger cyberespionage has for dissident organizations such as the Dalai Lama's, the exiled leader of Tibet, which is currently under Chinese control.

Hackers broke into the Dalai Lama's email system and planted malicious software that allowed them to view sensitive information such as activist documents and protest plans.

The consequences have been immediate and possibly deadly, according to researchers.

The information was used to warn foreign officials against meeting with the Dalai Lama, and to stop at least one Tibetan activist at the airport, according to researchers from the Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.

"People in Tibet may have died as a result," concluded a bleak assessment by computer engineers at Cambridge University in Britain also involved in the case. The Cambridge security experts recommended that the exiles keep any sensitive information on computers that are never used to connect to a network, or better yet, use pen and paper.

Ross Anderson, lead author of the Cambridge report, told the AP a simple fact: there are just some things too sensitive to computerize.




View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.