Reader ROI
- Why online IP theft is a growing global threat
- Strategies for protecting crucial corporate data
- How to craft an incident response plan
The call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network.
Bailey (not his real name), deputy CIO in charge of IT operations, was thrown. He spent the next several hours reviewing logs and profiling systems. He discovered that someone had taken over one of the company's servers and was using it to launch attacks against other companies in the valley.
After conducting a forensic review of the drives, Bailey learned that intruders had been lurking on two of his company's servers for almost a year. These hackers, who were traced to a university in Beijing, had entered the company's extranet through an unpatched vulnerability in the Solaris operating system. As far as Bailey could tell, they hadn't accessed any classified information. But they were able to view mountains of intellectual property, including design information and product specifications related to transportation and communications systems, along with information belonging to the company's customers and partners.
[[LeftQuote:Most IT organizations approach the risk to IP the way they approach all IT security: focusing on the corporate perimeter and developing security tactics and policies from the system level up]]
"It was such a sobering experience," Bailey says, not least because three years earlier he had conducted a network security audit and patched every hole. But he hadn't done the same with the extranet.
Bailey will never know who hacked his servers. China's poorly defended servers are often used to launch attacks. He likes to believe that the culprits were a couple of students who launched the DoS attacks out of boredom, grew bored with that and went on their ways. But he knows that comforting scenario may be wrong. It's just as possible that the intruders were after his company's IP. And they easily may have got it.
(CIO agreed to Bailey's request for anonymity in order to protect the identities of his company's business partners.)