Who’s Hacking Who In Cyber Wars Is Not The Real Concern

Every major US company has been hacked by China. So said Richard Clarke in an interview with the Smithsonian. This may or may not be true. Who can say?

The comments are given a degree of credibility because Clarke is the former cybersecurity czar who served under four US presidents for 30 consecutive years from 1973. I interviewed him several times during his tenure and found him to be a pretty conservative man not given to hyperbole. Now he is a managing partner at security consultancy Good Harbor, Clarke is less guarded in what he says.

Beyond a doubt?

It is hard to dispute what Clarke is saying – the Chinese vehemently deny any accusations and any compromised company is loath to admit anything in public. What does give his comments some strength is UK Foreign Secretary William Hague’s warning to countries like China and Russia to halt hostile cyber attacks on other states and the revelation that the Foreign Office had been hit by data-stealing viruses.

Clarke (pictured) is constantly claiming that we are subject to attacks from China but to be honest who, outside of government circles, really cares? Where the attacks come from is not really the issue because it could be China, Russia, Iran, Israel, or even the US or British governments themselves behind the hacks.

That the US is indulging in cyber warfare is beyond doubt. In the Smithsonian interview Clarke said that he believes the US made the major contribution to Stuxnet and not the Israelis.

Equally, all evidence points to China for the Operation Aurora attack which Google and others suffered in 2010.

Last week, at a dinner held for journalists at 30 St Mary Ax (better known as the Gherkin) in London,  FireEye’s CEO Ashar Aziz made an interesting speculation.

“The US government did a classified study of the feasibility of attacks on the national electrical grid … the project had an interesting name – it was called Project Aurora. What is interesting about that is the Operation Aurora tag. The reason it was named that is because that was the name under which the malware used was compiled. Many think this was a Chinese originated malware – which is probably a reasonable inference – but it’s clearly not a common Chinese name so somebody in their offensive organisation used the name of a major study by the US government into cyber warfare for some reason.”

Biting the bullet

With defences rapidly appearing to take on the appearance of a Swiss cheese, the natural conclusion is that everything important and all communications should be encrypted. This would strengthen data security even if it does nothing for the overall protection of the network. The downside is that it costs money to maintain the systems and manage all the keys but this is not the main fear.

FireEye research gives a clue. “The statistical distribution of successful attacks across FireEye’s customer base – on the low end we see a small number of attacks successful, which means their policies are pretty tight but there’s still seepage. At the other end there are an incredible – inordinate – number of attacks and that success rate is 30-50 percent,” said Aziz (pictured).

What could happen is that during a successful attack, the data may not only be stolen but also disrupted rendering the encryption impossible to untangle. With unencrypted data there would be a chance to piece things back together and there is also the probability of a back-up restoration. But what happens if the keys are stolen and erased?

It is time that companies took action to protect their intellectual property because this appears to be the main target for cyber criminals. But it needs to be part of a well-planned  architecture that takes into consideration all of the “what ifs” that can be devised – even to the point of taking key documents offline to control access manually.