Hackers Pilfer Trade Secrets In ThyssenKrupp Cyber Attack

The very real risks to businesses posed by cyber attacks has been starkly illustrated with the news that German conglomerate ThyssenKrupp had its trade secrets stolen by hackers.

The firm admitted in a statement that technical trade secrets were stolen from the steel production and manufacturing plant design divisions.

And it said the cyber attack was ‘professional’ and the hackers are likely from the Southeast Asian region.

Industrial Espionage

ThyssenKrupp said it was cooperating closely with the German organisation for cyber security DCSO, after it discovered the breach, and has also notified state authorities and the police.

“According to our analyses, the aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions (espionage),” said the firm in a statement. “Systems of Business Area Steel Europe were also affected. Specially secured IT systems for especially critical have not been concerned (e.g IT of Business Unit Marine Systems or production IT of blast furnaces and power plants in Duisburg).”

In 2014 for example, a blast furnace at a steelworks in Germany was badly damaged by a cyber attack. That attack resulted in “massive damage to machinery” at the unnamed German steel mill.

“There have been no signs of sabotage and no signs of manipulation of data and applications or other sabotage,” said ThyssenKrupp. “The attack was discovered, continuously observed and analysed by thyssenkrupp´s CERT.”

It said the attacked IT systems are now under 24/7 monitoring to detect any new attempted attacks.

“At present there is no reliable estimation as to the damage (e.g. loss of intellectual property) caused by the attack,” said ThyssenKrupp. “It has been noted that fragments of data have been stolen in the areas involved in the attack. Content of this loss of data is not clear yet, with the exception of certain project data in an operative engineering company.”

And the firm was keen to stress that the attack was not a result of security deficiencies at Thyssenkrupp, and human error has also be ruled out.

“Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks,” it said. “Early detection and timely countermeasures are crucial in such situations. Thyssenkrupp has been successful in both respects.”

Critical Infrastructure

While Thyssenkrupp has denied that any critical systems had been compromised, this attack highlights the need to protect industrial systems to safeguard critical national infrastructure.

Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

The United States has for example already passed legislation that would protect its electricity grid from cyber attacks.

The GRID Act directs the FERC (Federal Energy Regulatory Commission) to take measures to protect the electricity grid from telecommunications intrusions.

Quiz: Are you a security pro?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

2 days ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

3 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

3 days ago